Review: IoT Data Logging Services with MQTT

For the last few months, I had been using Sparkfun’s Phant server as a data logger for a small science project. Unfortunately, they’ve had some serious technical issues and have discontinued the service. Phant was good while it lasted: it was easy to use, free, and allowed me to download the data in a CSV format. It shared data with analog.io, which at the time was a good solution for data visualization.

While I could continue using Phant since it is an open-source project and Sparkfun kindly releases the source code for the server on Github, I thought it might be better to do some research, see what’s out there. I decided to write a minimal implementation for each platform as an interesting way to get a feel for each. To that end, I connected a DHT11 temperature/humidity sensor to a NodeMCU board to act as a simple data source.

Continue reading “Review: IoT Data Logging Services with MQTT”

Hackaday’s Open Hardware Summit Experience

Last week was the Open Hardware Summit in Denver Colorado. This yearly gathering brings together the people and businesses that hold Open Hardware as an ideal to encourage, grow, and live by. There was a night-before party, the summit itself which is a day full of talks, and this year a tour of a couple very familiar open hardware companies in the area.

I thought this year’s conference was quite delightful and am happy to share with you some of the highlights.

Continue reading “Hackaday’s Open Hardware Summit Experience”

Hackaday Links: October 8, 2017

On the top of the popcorn pile for this weekend is an ambiguous tweet from Adafruit that was offered without comment or commentary. [Lady Ada] is holding some sort of fancy incorporation papers for Radio Shack. The smart money is that Adafruit just bought these at the Radio Shack auction a month or so ago. The speculation is that Adafruit just bought Radio Shack, or at least the trademarks and other legal ephemera. Either one is cool, but holy crap please bring back the retro 80s branding.

A Rubik’s Cube is a fantastic mechanical puzzle, and if you’ve never taken one apart, oh boy are you in for a treat. Here’s an RGB LED Rubick’s Cube with not enough detail as to how each square is getting powered. Here’s an open challenge for anyone: build an RGB LED Rubick’s Cube, and Open Source the design.

Last weekend, the front fell off the engine of an Air France A380 flying over Greenland. As with all aircraft incidents, someone has to find the missing bits. It only took a week to find a mangled cowling on an ice sheet. This is incredibly impressive; if you want a comparison to another accident, it took three months to find the fan disk for UA 232 in an Iowa cornfield.

Poorly thought out Kickstarters don’t grab our attention like they used to, but this is an exception. The Aire is a mashup of one of those voice-activated home assistants (Alexa, whatever the Google one is named…) and a drone. The drone half of the build is marginally interesting as a ducted fan coaxial thingy, and building your own home assistant isn’t that hard with the right mics and a Raspberry Pi. The idea is actually solid — manufacturing is another story, though. It appears no one thought about how annoying it would be to have a helicopter following them around their house, or if the mics would actually be able to hear anyone over beating props. Here’s the kicker: this project was successfully funded. People want to buy this. A fool and his or her money…

Processing is cool, although we’re old skool and still reppin’ Max/MSP. It looks like the first annual Processing Community Day is coming up soon. The Processing Community Day will be at the MIT Media Lab on October 21st, with talks from the headliners of the Processing community.

Maker Faire NYC was two weekends ago, the TCT show in Birmingham was last week, and Open Hardware Summit was in Denver this weekend. Poor [Prusa] was at all of them, racking up the miles. He did, however, get to ride [James from XRobots.co.uk]’s electric longboard. There’s some great videos from [James] right here and here.

Speaking of Open Hardware Summit, there was a field trip to Sparkfun and Lulzbot this Friday. The highlight? The biggest botfarm in the states, and probably the second largest in the world. That’s 155 printers, all in their own enclosures, in a room that’s kept at 80° F. They’re printing ABS. Control of the printers is through a BeagleBone running Octoprint. These ‘Bones and Octoprint only control one printer each, and there is no software layer ‘above’ the Octoprint instances for managing multiple printers simultaneously. That probably means the software to manage a botfarm doesn’t exist. There have been attempts, though, but nothing in production. A glove thrown down?

Seek Out Scammers With Skimmer Scanner

Last week we reported on some work that Sparkfun had done in reverse engineering a type of hardware card skimmer found installed in gasoline pumps incorporating card payment hardware. The device in question was a man-in-the-middle attack, a PIC microcontroller programmed to listen to the serial communications between card reader and pump computer, and then store the result in an EEPROM.

The devices featured a Bluetooth module through which the crooks could harvest the card details remotely, and this in turn provides a handy way to identify them in the wild. If you find a Bluetooth connection at the pump bearing the right identification and with the right password, it can then be fingered as a skimmer by a simple response test. And to make that extra-easy they had written an app, which when we reported on it was available from a GitHub repository.

In a public-spirited move, they are now calling upon the hardware hacker and maker community to come together today, Monday, September 25th, and draw as much attention as possible to these devices in the wild, and with luck to get a few shut down. To that end, they have put a compiled version of the app in the Google Play Store to make it extra-easy to install on your phone, and they are asking for your help. They are asking for people to first read their tutorial linked above, then install the app and take it on the road. Then should any of you find a skimmer, please Tweet about it including your zip code and the #skimmerscanner hashtag. Perhaps someone with a bit of time on their hands might like to take such a feed of skimmer location data and map it.

It would be nice to think that this work might draw attention to the shocking lack of security in gas pumps that facilitates the skimmers, disrupt the finances of a few villains, and even result in some of them getting a free ride in a police car. We can hope, anyway.

Gasoline pump image: Michael Rivera [CC BY-SA 3.0].

Seriously, Is It That Easy To Skim Cards?

We’ve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didn’t rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturer’s standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

The Skimmer Scanner app may help keep you safe.
The Skimmer Scanner app may help keep you safe.

The device itself is quite simple and well-executed, though it appears that attachment of wires and connectors is a job left to the crook. Some boards boast excellent soldering, while others have joints that are, well, simply criminal. On the board is a PIC microcontroller, a serial Flash chip, and a commodity Bluetooth module. This last component provides the means for the miscreant to harvest their ill-gotten gains, and incidentally a handy means by which compromised pumps can be identified. The Sparkfun people have provided an Android app that interrogates any modules it encounters, and warns of any that return the signature of a skimmer.

It is sad to say that some level of crime is an inevitable feature of the human condition, and therefore it should not be an unreasonable expectation that any entity with which we trust our sensitive data such as a credit card number should take reasonable steps to ensure its security. If a bank transported customer cash through the streets as bundles of $10 bills in open handcarts it is likely that they would get into trouble very quickly, so that the pump manufacturers send card information in the clear over such a readily accessible medium should be a scandal of similar magnitude. That financial institutions prefer to cover up the problem and shift the loss onto the gas stations rather than mandate better device security from the pump manufacturers speaks volumes about their misplaced priorities.

If this topic interests you, we’ve shown you a teardown of a more traditional skimmer in the past.

Thanks [CYK] for the tip.

Sparkfun’s Alternate Reality Hardware

SparkFun has a new wing of hardware mischief. It’s SparkX, the brainchild of SparkFun’s founder [Nate Seidle]. Over the past few months, SparkX has released breakout boards for weird sensors, and built a safe cracking robot that got all the hacker cred at DEF CON. Now, SparkX is going off on an even weirder tangent: they have released The Prototype. That’s actually the name of the product. What is it? It’s a HARP, a hardware alternate reality game. It’s gaming, puzzlecraft, and crypto all wrapped up in a weird electronic board.

The product page for The Prototype is exactly as illuminating as you would expect for a piece of puzzle electronics. There is literally zero information on the product page, but from the one clear picture, we can see a few bits and bobs that might be relevant. The Prototype features a microSD card socket, an LED that might be a WS2812, a DIP-8 socket, a USB port, what could be a power switch, a PCB antenna, and a strange black cylinder. Mysteries abound. There is good news: the only thing you need to decrypt The Prototype is a computer and an open mind. We’re assuming that means a serial terminal.

The Prototype hasn’t been out for long, and very few people have one in hand. That said, the idea of a piece of hardware sold as a puzzle is something we haven’t seen outside of conference badges. The more relaxed distribution of The Prototype is rather appealing, and we’re looking forward to a few communities popping up around HARP games.

Reflective Sensor Becomes Kart Racing Lap Counter

Once you have a track and a kart to race on it, what’s missing? A lap counter that can give your lap times in hardcopy, obviously! That’s what led [the_anykey] to create the Arduino-based Lap Timer to help him and his kids trim those precious seconds off their runs, complete with thermal printer for the results.

The hardware uses an infrared break-beam sensor module (a Velleman PEM10D) to detect when a kart passes by. This module is similar to a scaled-up IR reflective object sensor; it combines an IR emitter and receiver on one end, and is pointed at a reflector placed across the track, up to 10 meters away. When a kart breaks the beam, the module reports the event to the rest of the hardware. Only needing electronics on one side allows the unit to be self-contained.

An obvious shortcoming of this system is the inability to differentiate between multiple karts, but for timing a single driver’s performance it does the trick. What’s great about this project is it showcases how accessible hardware is today; a device like this is possible to put together with what are essentially off-the-shelf components available to any hobbyist, using an Arduino as the glue to hold it together. We’d only comment that a red-tinted piece of plastic as an overlay for the red display (and a grey-tinted one for the green) would make the LED displays much easier to read. Still, this is a very clean and well-documented build. See it in action in the video embedded below.

Continue reading “Reflective Sensor Becomes Kart Racing Lap Counter”