A smartphone with a robot vacuum in the background

Hacking A Robot Vacuum To Write A Replacement App

While internet-connected devices can be very useful around the house, and it is pretty cool to be able to monitor your dishwasher from half a world away, it’s important to be mindful of privacy and security issues. For instance, the Cecotec Conga 1490 robot vacuum [Rastersoft] bought came with an Android app, which upon installation asked for near-total access to the user’s phone. Not content with such an invasion of privacy, let alone the potential security implications, [Rastersoft] set to work trying to reverse engineer the robot’s communications (translated) to find out what exactly it was doing when online. He did this by configuring a Raspberry Pi as an access point, letting the vacuum connect to it, and logging all the data flowing through.

As it turned out, the robot phoned home to its manufacturer, reporting its serial number and some configuration settings. The server then passed control to the mobile app, but not without routing all subsequent commands through the remote server. Not only is this creepy, it also means that if the manufacturer were to shut down the server, the app would stop working entirely. [Rastersoft] therefore got the idea to write custom software to control the robot. He began by reconfiguring the Pi’s network setup to fool the vacuum into thinking it was connecting to its manufacturer’s server, and then wrote some Python code to emulate the server’s response. He was now in control of all data flowing back and forth.

After a lot of experimentation and data analysis, [Rastersoft] managed to decipher the commands sent by the app, enabling him to write a complete replacement app seen in the video after the break that includes control of all the vacuum’s standard actions, but also a new feature to manually control the vacuum’s movement. All code is available on GitHub for those who would like to hack their Congas too.

We think this is a great example of software hacking to future-proof devices that you own, while also mitigating many of the dangers to your security and privacy posed by the default software. The fact that the commands you send from your phone to your vacuum go all the way around the world, potentially being stored and read by others, is rather ridiculous in the first place. After all, we’ve already seen how robot vacuums could spy on you.

Continue reading “Hacking A Robot Vacuum To Write A Replacement App”

Pulling the Google logo off of a smartphone

Pining For A De-Googled Smartphone

Last summer in the first swings of the global pandemic, sitting at home finally able to tackle some of my electronics projects now that I wasn’t wasting three hours a day commuting to a cubicle farm, I found myself ordering a new smartphone. Not the latest Samsung or Apple offering with their boring, predictable UIs, though. This was the Linux-only PinePhone, which lacks the standard Android interface plastered over an otherwise deeply hidden Linux kernel.

As a bit of a digital privacy nut, the lack of Google software on this phone seemed intriguing as well, and although there were plenty of warnings that this was a phone still in its development stages it seemed like I might be able to overcome any obstacles and actually use the device for daily use. What followed, though, was a challenging year of poking, prodding, and tinkering before it got to the point where it can finally replace an average Android smartphone and its Google-based spyware with something that suits my privacy-centered requirements, even if I do admittedly have to sacrifice some functionality.

Continue reading “Pining For A De-Googled Smartphone”

Voice-Controlled Smart Home From The Foundation Up

Smart homes are becoming an increasingly popular way to automate one’s home, whether it’s turning on lights, closing blinds, or even feeding pets. But the commercial offerings often rely on an internet connection to reach servers in order to work, which invites a lot of privacy concerns for a large percentage of us as well as being inconvenient when the internet is down. Essentially the only way to have a privacy-respecting, self-sufficient smart home is to build one on your own from the ground up, which is exactly what [Xasin] has done with this project.

This build is based on ESP32 modules with a Raspberry Pi as a hub, but it’s not as simple as a MQTT implementation. Not only does the self-contained home automation setup not rely on any outside services, but a failure of the central Pi server will not impact the nodes either as they are configured to continue operating independently even without central control. This allows for a robust home automation implementation without a single point of failure, and also includes some other features that are helpful as well including voice control, all while retaining a core design philosophy that makes it relatively easy to build.

Not only is the build technologically impressive for its standalone capabilities and its elimination of privacy concerns, but [Xasin] also did an excellent job with the physical design as well, adding plenty of RGB and a hexagonal enclosure that gives it a unique look wherever its is placed. If you’re renting right now or otherwise unable to interface any automation with your current home, be sure to take a look at some projects that do home automation without making any permanent changes.

Continue reading “Voice-Controlled Smart Home From The Foundation Up”

Building An Army Of Faux Cameras In The Name Of Art

After taking mental note of the number of surveillance cameras pointed at him while standing in line at the local Home Depot, [Mac Pierce] was inspired to create A Scanner Darkly. The art installation uses beams of light projected by mock security cameras to create a dot-matrix character display on the opposing wall, which slowly blinks out US surveillance laws and regulations.

[Mac] has put together an extensive behind the scenes look at how he created A Scanner Darkly, which among other things covers the incredible time and effort that went into producing the fifteen identical cameras used to project the 3×5 grid. Early on he decided on 3D printing each one, as it would give him complete control over the final result. But given their considerable size, it ended up taking 230 hours and 12 kilograms of PLA filament to print out all the parts. It took a further 55 hours to sand and paint the camera housings, to make sure they didn’t actually look like they’d been 3D printed.

Internally, each camera has an off-the-shelf LED flashlight that’s had its power button rigged up to an ESP8266. Once they’ve been manually pointed to the appropriate spot on the wall, [Mac] can turn each camera’s spotlight on and off over WiFi. Rather than rely on the gallery’s infrastructure, all of the cameras connect to the ESP32 M5Stack that serves as the central controller via ESP-Now.

From there, it was just a matter of writing some code that would load a text document from the SD card, convert the current character into a 3×5 array, and then command the appropriate cameras to turn their lights on or off. [Mac] has not only provided the STL files for the 3D printed camera, but the client and server Arduino code to control the lights. Combined with his excellent documentation, this makes A Scanner Darkly something of a viral art piece; as anyone with the time and appropriate tools can either duplicate the installation or use it as a base for something new.

While some will no doubt argue that [Mac] could have completed this project far faster had he just modified some commercial dummy cameras, it’s important to remember that as an artist, he had a very specific look in mind for A Scanner Darkly. This project is a perfect example of how a creator’s passion can take an idea to new heights, and we think the end result proves it’s worth the time and sweat to put in the extra effort.

Continue reading “Building An Army Of Faux Cameras In The Name Of Art”

New Privacy Policy Gets Audacity Back On Track

Regular readers will likely be aware of the considerable debate over changes being made to the free and open source audio editor Audacity by the project’s new owners, Muse Group. The company says their goal is to modernize the 20 year old GPLv2 program and bring it to a larger audience, but many in the community have questioned whether the new managers really understand the free software ethos. An already precarious situation has only been made worse by a series of PR blunders Muse Group has made over the last several months.

But for a change, it seems things might be moving in the right direction. In a recent post to Audacity’s GitHub repository, Muse Group unveiled the revised version of their much maligned Privacy Policy. The announcement also came with an admission that many of the key elements from the draft version of the Privacy Policy were poorly worded and confusing. It seems much of the problem can be attributed to an over-analysis of the situation; with the company inserting provocative boilerplate protections (such as a clause saying users must be over the age of 13) that simply weren’t necessary.

Ultimately, the new Privacy Policy bears little resemblance to the earlier draft. Which objectively, is a good thing. But it’s still difficult to understand why Muse Group publicly posted such a poorly constructed version of the document in the first place. Project lead Martin Keary, better known online as Tantacrul, says the team had to consult with various legal teams before they could release the revised policy. That sounds reasonable enough, but why where these same teams not consulted before releasing such a spectacularly ill-conceived draft?

The new Privacy Policy makes it clear that Audacity won’t be collecting any user data, and what little personally identifiable information Muse Group gets from the application when it automatically checks for an update (namely, the client’s IP address) isn’t being stored. It’s further explained in the GitHub post that the automatic update feature only applies to official binary builds of Audacity, meaning it will be disabled for Linux users who install it through their distribution’s package repository. The clause about working with unnamed law enforcement agencies has been deleted, as has the particularly troubling age requirement.

Credit where credit is due. Muse Group promised to revise their plans for adding telemetry to Audacity, and judging by the new Privacy Policy, it seems they’ve done an admirable job of addressing all of the issues brought up by the community. Those worried their FOSS audio editor of choice would start spying on them can rest easy. Unfortunately the issue of Audacity’s inflammatory Contributor License Agreement (CLA) has yet to be resolved, meaning recently christened forks of the audio editor dedicated to preserving its GPLv2 lineage are unlikely to stand down anytime soon.

Friendly Webcam Robot Keeps An Eye On Privacy

Wouldn’t it be nice if every webcam had a hardware switch? Especially for those built-in webcams like the one in your laptop. Since they don’t have switches yet, we’re just stuck trying to remember to turn them off or re-apply the sticker after every meeting. [Becky Stern] was tired of trying to remember to blind the all-seeing eye, and decided to make a robot companion that would do it for her.

Essentially, a servo-driven, 3D-printed eyelid covers the eye’s iris and also the web cam directly underneath. At first, we though [Becky] had liberated the business parts of a cheap webcam and built it into the eyeball, but this is far less intrusive. The eyeball simply sits atop the monitor, and [Becky] can control the eyelid two ways: she can set a timer with the potentiometer to close it automatically after some number of minutes, or else do it on demand using the momentary button. We’d love to see it tied directly to Zoom and or whatever else [Becky] uses regularly. Be sure to check out the build and demo video after the break to see it in action.

We love this cute and friendly reminder that the camera could be watching us. It’s way less creepy than this realistic eyeball webcam that looks around and blinks.

Continue reading “Friendly Webcam Robot Keeps An Eye On Privacy”

Speech Recognition On An Arduino Nano?

Like most of us, [Peter] had a bit of extra time on his hands during quarantine and decided to take a look back at speech recognition technology in the 1970s. Quickly, he started thinking to himself, “Hmm…I wonder if I could do this with an Arduino Nano?” We’ve all probably had similar thoughts, but [Peter] really put his theory to the test.

The hardware itself is pretty straightforward. There is an Arduino Nano to run the speech recognition algorithm and a MAX9814 microphone amplifier to capture the voice commands. However, the beauty of [Peter’s] approach, lies in his software implementation. [Peter] has a bit of an interplay between a custom PC program he wrote and the Arduino Nano. The learning aspect of his algorithm is done on a PC, but the implementation is done in real-time on the Arduino Nano, a typical approach for really any machine learning algorithm deployed on a microcontroller. To capture sample audio commands, or utterances, [Peter] first had to optimize the Nano’s ADC so he could get sufficient sample rates for speech processing. Doing a bit of low-level programming, he achieved a sample rate of 9ksps, which is plenty fast for audio processing.

To analyze the utterances, he first divided each sample utterance into 50 ms segments. Think of dividing a single spoken word into its different syllables. Like analyzing the “se-” in “seven” separate from the “-ven.” 50 ms might be too long or too short to capture each syllable cleanly, but hopefully, that gives you a good mental picture of what [Peter’s] program is doing. He then calculated the energy of 5 different frequency bands, for every segment of every utterance. Normally that’s done using a Fourier transform, but the Nano doesn’t have enough processing power to compute the Fourier transform in real-time, so Peter tried a different approach. Instead, he implemented 5 sets of digital bandpass filters, allowing him to more easily compute the energy of the signal in each frequency band.

The energy of each frequency band for every segment is then sent to a PC where a custom-written program creates “templates” based on the sample utterances he generates. The crux of his algorithm is comparing how closely the energy of each frequency band for each utterance (and for each segment) is to the template. The PC program produces a .h file that can be compiled directly on the Nano. He uses the example of being able to recognize the numbers 0-9, but you could change those commands to “start” or “stop,” for example, if you would like to.

[Peter] admits that you can’t implement the type of speech recognition on an Arduino Nano that we’ve come to expect from those covert listening devices, but he mentions small, hands-free devices like a head-mounted multimeter could benefit from a single word or single phrase voice command. And maybe it could put your mind at ease knowing everything you say isn’t immediately getting beamed into the cloud and given to our AI overlords. Or maybe we’re all starting to get used to this. Whatever your position is on the current state of AI, hopefully, you’ve gained some inspiration for your next project.