The modern web has become difficult to navigate without ad blocking software. Ford now has a patent application that would bring the ads we hate to your vehicle’s infotainment system. [via PCMag]
Ford has already replied to criticism with the usual corporate spiel of patents not necessarily being the direction the company will go with future products, but it’s hard to imagine that other automakers aren’t planning similar systems since they’re already charging extra for heated seats, EV range, and performance. Bringing ads to the captive audience of your personal vehicle and targeting them based on listening to the occupants’ conversations would be a new low. Maybe you’ll be able to pay an extra $100/month for the “ad-free experience.”
Why is it always a helium leak? It seems whenever there’s a scrubbed launch or a narrowly averted disaster, space exploration just can’t get past the problems of helium plumbing. We’ve had a bunch of helium problems lately, most famously with the leaks in Starliner’s thruster system that have prevented astronauts Butch Wilmore and Suni Williams from returning to Earth in the spacecraft, leaving them on an extended mission to the ISS. Ironically, the launch itself was troubled by a helium leak before the rocket ever left the ground. More recently, the Polaris Dawn mission, which is supposed to feature the first spacewalk by a private crew, was scrubbed by SpaceX due to a helium leak on the launch tower. And to round out the helium woes, we now have news that the Peregrine mission, which was supposed to carry the first commercial lander to the lunar surface but instead ended up burning up in the atmosphere and crashing into the Pacific, failed due to — you guessed it — a helium leak. Continue reading “Hackaday Links: September 1, 2024”→
Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available through the usual outfits and finding glaring security gaps which are totally not intentional in any way.
All these cameras appear to be the same basic hardware inside different enclosures, most supporting the same mobile app. Our favorite “exploit” for these cameras is the ability to put them into a pairing mode with the app, sometimes by pressing a public-facing button. Slightly more technically challenging would be accessing images from the app using the camera’s serial number, or finding file names being passed in plain text while sniffing network traffic. And that’s just the problems CR identified; who knows what else lurks under the covers? Some retailers have stopped offering these things, others have yet to, so buyer beware.
Speaking of our techno-dystopian surveillance state, if you’ve had it with the frustrations and expense of printers, has Hewlett-Packard got a deal for you. They want you to never own a printer again, preferring that you rent it from them instead. Their “All-In Plan” launched this week, which for $6.99 a month will set up up with an HP Envy inkjet printer, ink deliveries, and 24/7 tech support. It doesn’t appear that paper is included in the deal, so you’re on your own for that, but fear not — you won’t go through much since the entry-level plan only allows 20 prints per month. Plans scale up to 700 prints per month from an OfficeJet Pro for the low, low price of $36. The kicker, of course, is that your their printer has to be connected to the Internet, and HP can pretty much brick the thing anytime they want to. The terms of service also explicitly state that they’ll be sending your information to advertising partners, so that’ll be fun. This scheme hearkens back to the old pre-breakup days of AT&T, where you rented your phone from the phone company. That model made a lot more sense when the phone (probably) wasn’t listening in on everything you do. This just seems like asking for trouble.
It’s been a while since Ingenuity‘s final rough landing on Mars permanently grounded the overachieving helicopter, long enough that it’s time for the post-mortem analyses to begin. The first photographic evidence we had was a shadowgram from one of the helicopter’s navigational cameras, showing damage to at least one of the rotor tips, presumably from contact with the ground. Then we were treated to a long-distance shot from Ingenuity‘s rover buddy Perseverance, which trained its MASTCAM instruments on the crash zone and gave us a wide view of its lonely resting place.
Now, geovisual design student [Simeon Schmauβ] has taken long shots made with the rover’s SuperCam instrument and processed them into amazingly detailed closeups, which show just how extensive the damage really is. One rotor blade sheared clean off on contact, flying 15 meters before gouging a hole in the regolith. Another blade looks to be about half gone, while the remaining two blades show the damaged tips we’ve already seen. That the helicopter is still on its feet given the obvious violence of the crash is amazing, as well as an incredible piece of luck, since it means the craft’s solar panel is pointing in roughly the right direction to keep it powered up.
Electric cars have more widgets than ever, but manufacturers would rather you don’t have direct access to them. The Open Vehicle Monitoring System intends to change that for the user. [via Transport Evolved]
As car manufacturers hoover up user data and require subscriptions for basic features, it can be a frustrating time to make such a big purchase. Begun in 2011, OVMS now interfaces with over a dozen different EVs and gives you access to (or helps you reverse engineer) all the data you could want from your vehicle. Depending on the vehicle, any number of functions can be accessed including remote climate start or cell-level battery statistics.
The hardware connects to your car’s OBDII port and uses an ESP32 microcontroller connected to a SIMCOM SIM7600G modem (including GPS) to provide support for 3 CAN buses as well as Wi-Fi and Bluetooth connections. This can be particularly useful for remote access to data for vehicles that can no longer phone home via their originally included cellular modems as older networks shut down.
With newer cars being computers on wheels, some manufacturers are using software to put features behind a paywall or thwarting DIY repairs. Industrious hackers security researchers have taken it upon themselves to set these features free by hacking a Tesla infotainment system. (via Electrek)
The researchers from TU Berlin found that by using a voltage fault injection attack against the AMD Secure Processor (ASP) at the heart of current Tesla models, they could run arbitrary code on the infotainment system. The hack opens up the double-edged sword of an attacker gaining access to encrypted PII or a shadetree mechanic “extracting a TPM-protected attestation key Tesla uses to authenticate the car. This enables migrating a car’s identity to another car computer without Tesla’s help whatsoever, easing certain repairing efforts.” We can see this being handy for certain other unsanctioned hacks as well.
The attack is purported as being “unpatchable” and giving root access that survives reboots and updates of the system. Since AMD is a vendor to multiple vehicle companies, the question arises as to how widely applicable this hack is to other vehicles suffering from AaaS (Automotive as a Service).
Every few years, someone pushing a startup to investors comes up with an acronym or buzzword which rapidly becomes the new hotness in those circles. One of the most pernicious is “as a Service,” which takes regular things and finds a way to charge you a regular fee to use them.
Automotive companies just absolutely loved the sound of this, and the industry is rapidly moving to implement subscription services across the board. Even if there’s hardware in your car for a given feature, you might find you now need to pay a monthly fee to use it. Let’s explore how this came about, and talk about which cars are affected. You might be surprised to find yours already on the list. Continue reading “New Cars Will Nickel-and-Dime You – It’s Automotive As A Service”→
We’ve been keeping a close eye on the development of electronic paper tablets such as the reMarkable for a while now. These large-format devices would be a great way to view schematics and datasheets, and with the right software, could easily become an invaluable digital sidekick. Unfortunately, a troubling discovery made in a beta version of the reMarkable firmware is a strong indication the $400 USD device may be heading down a path that many in this community wouldn’t feel comfortable with.
While trying to get a reMarkable tablet running firmware version 2.10.0.295 synced up to self-hosted server using rmfakecloud, Reddit user [dobum] was presented with a very unusual prompt. The tablet displayed several subscription levels, as well as brief description of what each one unlocked. It explained that standard users would get “basic functions only”, while the highest tier subscription would unlock an “expanding universe of powerful tools” for the e-paper tablet. In addition, only recently used documents would be synced with the cloud unless you had a paid subscription.