Hackaday Links: March 3, 2024

March 3, 2024 by Dan Maloney 26 Comments

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available through the usual outfits and finding glaring security gaps which are totally not intentional in any way.

All these cameras appear to be the same basic hardware inside different enclosures, most supporting the same mobile app. Our favorite “exploit” for these cameras is the ability to put them into a pairing mode with the app, sometimes by pressing a public-facing button. Slightly more technically challenging would be accessing images from the app using the camera’s serial number, or finding file names being passed in plain text while sniffing network traffic. And that’s just the problems CR identified; who knows what else lurks under the covers? Some retailers have stopped offering these things, others have yet to, so buyer beware.

Speaking of our techno-dystopian surveillance state, if you’ve had it with the frustrations and expense of printers, has Hewlett-Packard got a deal for you. They want you to never own a printer again, preferring that you rent it from them instead. Their “All-In Plan” launched this week, which for $6.99 a month will set up up with an HP Envy inkjet printer, ink deliveries, and 24/7 tech support. It doesn’t appear that paper is included in the deal, so you’re on your own for that, but fear not — you won’t go through much since the entry-level plan only allows 20 prints per month. Plans scale up to 700 prints per month from an OfficeJet Pro for the low, low price of $36. The kicker, of course, is that ~~your~~ their printer has to be connected to the Internet, and HP can pretty much brick the thing anytime they want to. The terms of service also explicitly state that they’ll be sending your information to advertising partners, so that’ll be fun. This scheme hearkens back to the old pre-breakup days of AT&T, where you rented your phone from the phone company. That model made a lot more sense when the phone (probably) wasn’t listening in on everything you do. This just seems like asking for trouble.

“Enhance, enhance…” Credit: NASA/JPL-Caltech/LANL/CNES/IRAP/Simeon Schmauß

It’s been a while since Ingenuity‘s final rough landing on Mars permanently grounded the overachieving helicopter, long enough that it’s time for the post-mortem analyses to begin. The first photographic evidence we had was a shadowgram from one of the helicopter’s navigational cameras, showing damage to at least one of the rotor tips, presumably from contact with the ground. Then we were treated to a long-distance shot from Ingenuity‘s rover buddy Perseverance, which trained its MASTCAM instruments on the crash zone and gave us a wide view of its lonely resting place.

Now, geovisual design student [Simeon Schmauβ] has taken long shots made with the rover’s SuperCam instrument and processed them into amazingly detailed closeups, which show just how extensive the damage really is. One rotor blade sheared clean off on contact, flying 15 meters before gouging a hole in the regolith. Another blade looks to be about half gone, while the remaining two blades show the damaged tips we’ve already seen. That the helicopter is still on its feet given the obvious violence of the crash is amazing, as well as an incredible piece of luck, since it means the craft’s solar panel is pointing in roughly the right direction to keep it powered up.

Continue reading “Hackaday Links: March 3, 2024” →

A black PCB with a cellular modem board piggy backed on top. It has a micro-USB and DB-type connector on the end facing the camera.

Open Vehicle Monitoring System Is The Window To Your EV’s Soul

January 25, 2024 by Navarre Bartz 14 Comments

Electric cars have more widgets than ever, but manufacturers would rather you don’t have direct access to them. The Open Vehicle Monitoring System intends to change that for the user. [via Transport Evolved]

As car manufacturers hoover up user data and require subscriptions for basic features, it can be a frustrating time to make such a big purchase. Begun in 2011, OVMS now interfaces with over a dozen different EVs and gives you access to (or helps you reverse engineer) all the data you could want from your vehicle. Depending on the vehicle, any number of functions can be accessed including remote climate start or cell-level battery statistics.

The hardware connects to your car’s OBDII port and uses an ESP32 microcontroller connected to a SIMCOM SIM7600G modem (including GPS) to provide support for 3 CAN buses as well as Wi-Fi and Bluetooth connections. This can be particularly useful for remote access to data for vehicles that can no longer phone home via their originally included cellular modems as older networks shut down.

Do you wish EVs weren’t so complicated? Read our Minimal Motoring Manifesto.

Jailbreaking Tesla Infotainment Systems

August 5, 2023 by Navarre Bartz 22 Comments

With newer cars being computers on wheels, some manufacturers are using software to put features behind a paywall or thwarting DIY repairs. Industrious ~~hackers~~ security researchers have taken it upon themselves to set these features free by hacking a Tesla infotainment system. (via Electrek)

The researchers from TU Berlin found that by using a voltage fault injection attack against the AMD Secure Processor (ASP) at the heart of current Tesla models, they could run arbitrary code on the infotainment system. The hack opens up the double-edged sword of an attacker gaining access to encrypted PII or a shadetree mechanic “extracting a TPM-protected attestation key Tesla uses to authenticate the car. This enables migrating a car’s identity to another car computer without Tesla’s help whatsoever, easing certain repairing efforts.” We can see this being handy for certain other unsanctioned hacks as well.

The attack is purported as being “unpatchable” and giving root access that survives reboots and updates of the system. Since AMD is a vendor to multiple vehicle companies, the question arises as to how widely applicable this hack is to other vehicles suffering from AaaS (Automotive as a Service).

Longing for a modern drivetrain with the simplicity of yesteryear? Read our Minimal Motoring Manifesto.

New Cars Will Nickel-and-Dime You – It’s Automotive As A Service

December 30, 2021 by Lewin Day 229 Comments

Every few years, someone pushing a startup to investors comes up with an acronym or buzzword which rapidly becomes the new hotness in those circles. One of the most pernicious is “as a Service,” which takes regular things and finds a way to charge you a regular fee to use them.

Automotive companies just absolutely loved the sound of this, and the industry is rapidly moving to implement subscription services across the board. Even if there’s hardware in your car for a given feature, you might find you now need to pay a monthly fee to use it. Let’s explore how this came about, and talk about which cars are affected. You might be surprised to find yours already on the list.
Continue reading “New Cars Will Nickel-and-Dime You – It’s Automotive As A Service” →

Firmware Find Hints At Subscription Plan For ReMarkable Tablet

September 22, 2021 by Tom Nardi 68 Comments

We’ve been keeping a close eye on the development of electronic paper tablets such as the reMarkable for a while now. These large-format devices would be a great way to view schematics and datasheets, and with the right software, could easily become an invaluable digital sidekick. Unfortunately, a troubling discovery made in a beta version of the reMarkable firmware is a strong indication the $400 USD device may be heading down a path that many in this community wouldn’t feel comfortable with.

While trying to get a reMarkable tablet running firmware version 2.10.0.295 synced up to self-hosted server using rmfakecloud, Reddit user [dobum] was presented with a very unusual prompt. The tablet displayed several subscription levels, as well as brief description of what each one unlocked. It explained that standard users would get “basic functions only”, while the highest tier subscription would unlock an “expanding universe of powerful tools” for the e-paper tablet. In addition, only recently used documents would be synced with the cloud unless you had a paid subscription.

Continue reading “Firmware Find Hints At Subscription Plan For ReMarkable Tablet” →

Cricut Decides To Charge Rent For People To Fully Use The Cutting Machines They Already Own

March 15, 2021 by Jenny List 272 Comments

UPDATE: Hackaday was contacted by a PR company claiming to represent Cricut. They clarified that machines are not deactivated upon resale, but the new owner will need to set up their own online account.

UPDATE #2 (3/21/21): In the wake of this controversy, Cricut have announced that they will not move forward with the upload limit for customers who are not paying subscribers.

In our community we like to think of ourselves as pioneers in the field of domestic CNC machinery, with our cheap 3D printers. But there’s another set of people who were way ahead of us, and they’re a rather unexpected one, too. Crafters were using CNC cutting machines well before we were, and while some may deride them when used for sparkly greeting cards sold on Etsy, they can be an extremely useful tool for much more than that. Probably the best known brand of cutter comes from Cricut, and that company has dropped a bombshell in the form of an update to the web-based design software that leaves their now very annoyed users with a monthly upload limit of 20 new designs unless they sign up for a Cricut Access Plan that costs $9.99 on monthly payments. Worse still, a screenshot is circulating online purporting to be from a communication with a Cricut employee attempting to clarify matters, in which it is suggested that machines sold as second-hand will be bricked by the company.

Also, soon we will be making changes that affect members who use the free Design Space app without a Cricut Access plan. Every calendar month, these members will be allowed to upload up to 20 personal images and/or patterns. Members with a paid Cricut Access plan will have unlimited uploads.

We’d like to think that given the reaction from their online community the subscription plan will backfire, but unlike the world of 3D printing their market is not necessarily an online-savvy one. A crafter who buys a Cricut from a bricks-and-mortar warehouse store and uses it with Cricut cartridges may not balk at being required to pay rent to use hardware that’s already paid for in the same way a member of our community with a 3D printer would. After all, Cricut have always tried to make their software a walled garden. ~~However if the stories about second-hand models being bricked turn out to bear fruit that might be a different matter.~~

There are of course plenty of alternative CNC cutting machines (The favourite in ones that have made it here seems to be the Silhouette Cameo) that don’t come with this type of baggage, and the online Cricut community are busily raising their profile in the wake of this news. Probably because of their restricted functionality there have been very few hacks here using a Cricut machine, but all of this leaves us wondering whether the machines themselves could be exploited to take less restrictive firmware.

Header image: Factorof2 (CC BY-SA 2.0)

Autodesk Moves EAGLE To Subscription Only Pricing

January 19, 2017 by Eric Evenchick 410 Comments

EAGLE user? We hope you like subscription fees.

Autodesk has announced that EAGLE is now only available for purchase as a subscription. Previous, users purchased EAGLE once, and used the software indefinitely (often for years) before deciding to move to a new version with another one-time purchase. Now, they’ll be paying Autodesk on a monthly or yearly basis.

Lets break down the costs. Before Autodesk purchased EAGLE from CadSoft, a Standard license would run you $69, paid once. The next level up was Premium, at $820, paid once. The new pricing tiers from Autodesk are a bit different. Standard will cost $15/month or $100/year, and gives similar functionality to the old Premium level, but with only 2 signal layers. If you need more layers, or more than 160 cm^2 of board space, you’ll need the new Premium level, at $65/month or $500/year.

New Subscription Pricing Table for Eagle — New Pricing Table for EAGLE

This is a bad deal for the pocket book of many users. If you could have made do with the old Standard option, you’re now paying $100/year instead of the one-time $69 payment. If you need more space or layers, you’ll likely be up to $500/year. Autodesk also killed the lower cost options for non-commercial use, what used to be a $169 version that was positioned for hobbyists.

The free version still exists, but for anyone using Eagle for commercial purposes (from Tindie sellers to engineering firms) this is a big change. Even if you agree with the new pricing, a subscription model means you never actually own the software. This model will require licensing software that needs to phone home periodically and can be killed remotely. If you need to look back at a design a few years from now, you better hope that your subscription is valid, that Autodesk is still running the license server, and that you have an active internet connection.

On the flip side of the coin, we can assume that Eagle was sold partly because the existing pricing model wasn’t doing all it should. Autodesk is justifying these changes with a promise of more frequent updates and features which will be included in all subscriptions. But sadly, Autodesk couldn’t admit that the new pricing has downsides for users:

“We know it’s not easy paying a lump sum for software updates every few years. It can be hard on your budget, and you never know when you need to have funds ready for the next upgrade.”

In their press release, they claim the move is only good for customers. Their marketing speak even makes the cliche comparison to the price of a coffee every day. Seriously.

[Garrett Mace] summarized his view on this nicely on Twitter: “previously paid $1591.21 for 88 months == $18.08/mo. Moving to $65/mo? KICAD looks better.”

We agree [Garrett]. KiCad has been improving steadily in the past years, and now is definitely a good time for EAGLE users to consider it before signing on to the Autodesk Subscription Plan™.