Hackaday Links Column Banner

Hackaday Links: June 27, 2021

When asked why he robbed banks, career criminal Willie Sutton is reported to have said, “Because that’s where the money is.” It turns out that a reporter made up the quote, but it’s a truism that offers by extension insight into why ATMs and point-of-sale terminals are such a fat target for criminals today. There’s something far more valuable to be taken from ATMs than cash, though — data, in the form of credit and debit card numbers. And taking a look at some of the hardware used by criminals to get this information reveals some pretty sophisticated engineering. We’d heard of ATM “skimmers” before, but never the related “shimmers” that are now popping up, at least according to this interesting article on Krebs.

While skimmers target the magnetic stripe on the back of a card, simmers are aimed at reading the data from card chips instead. Shimmers are usually built on flex PCBs and are inserted into the card slot, where traces on the device make contact with the chip reader contacts. The article describes a sophisticated version of shimmer that steals power from the ATM itself, rather than requiring a separate battery. The shimmer sits inside the card slot, completely invisible to external inspection (sorry, Tom), and performs what amounts to man-in-the-middle attacks. Card numbers are either stored on the flash and read after the device is retrieved, or are read over a Bluetooth connection; PINs are stolen with the traditional hidden camera method. While we certainly don’t condone criminal behavior, sometimes you just can’t help but admire the ingenuity thieves apply to their craft.

In a bit of foreshadowing into how weird 2020 was going to be, back in January of that year we mentioned reports of swarms of mysterious UAVs moving in formation at night across the midwest United States. We never heard much else about this — attention shifted to other matters shortly thereafter — but now there are reports out of Arizona of a “super-drone” that can outrun law enforcement helicopters. The incidents allegedly occurred early this year, when a Border Patrol helicopter pilot reported almost colliding with a large unmanned aerial system (UAS) over Tucson, and then engaged them in a 70-mile chase at speeds over 100 knots. The chase was joined by a Tucson police helicopter, with the UAS reaching altitudes of 14,000 feet at one point. The pilots didn’t manage to get a good look at it, describing it only as having a single green light on its underside. The range on the drone was notable; the helicopter pilots hoped to exhaust its batteries and force it to land or return to base, but they themselves ran out of fuel long before the drone quit. We have to admit that we find it a little fishy that there’s apparently no photographic evidence to back this up, especially since law enforcement helicopters are fairly bristling with sensors, camera, and spotlights.

When is a backup not a backup? Apparently, when it’s an iCloud backup. At least that’s the experience of one iCloud user, who uses a long Twitter thread to vent about the loss of many years of drawings, sketches, and assorted files. The user, Erin Sparling, admits their situation is an edge case — he had been using an iPad to make sketches for years, backing everything up to an iCloud account. When he erased the iPad to loan it to a family member for use during the pandemic, he thought he’s be able to restore the drawings from his backups, but alas, more than six months had passed before he purchased a new iPad. Apparently iCloud just up and deletes everythign if you haven’t used the account in six months — ouch! We imagine that important little detail was somehere in the EULA fine print, but while that’s not going to help Erin, it may help you.

And less the Apple pitchfork crowd think that this is something only Cupertino could think up, know that some Western Digital external hard drive users are crying into their beer too, after a mass wiping of an unknown number of drives. The problem impacts users of the WD My Book Live storage devices, which as basically network attached storage (NAS) devices with a cloud-based interface. The data on these external drives is stored locally, but the cloud interface lets you configure the device and access the data from anywhere. You and apparently some random “threat actors”, as WD is calling them, who seem to have gotten into some devices and performed a factory reset. While we feel for the affected users, it is worth noting that WD dropped support for these devices in 2015; six years without patching makes a mighty stable codebase for attackers to work on. WD is recommending that users disconnect these devices from the internet ASAP, and while that seems like solid advice, we can think of like half a dozen other things that need to get done to secure the files that have accumulated on these things.

And finally, because we feel like we need a little palate cleanser after all that, we present this 3D-printed goat helmet for your approval. For whatever reason, the wee goat pictured was born with a hole in its skull, and some helpful humans decided to help the critter out with TPU headgear. Yes, the first picture looks like the helmet was poorly Photoshopped onto the goat, but scroll through the pics and you’ll see it’s really there. The goat looks resplendent in its new chapeau, and seems to be getting along fine in life so far. Here’s hoping that the hole in its skull fills in, but if it doesn’t, at least they can quickly print a new one as it grows.


Sensor-Laden Pigeons Gather Data For Urban Weather Modeling

When it comes to gathering environmental data in real-world settings, urban environments have to be the most challenging. Every city has nooks and crannies that create their own microenvironments, and placing enough sensors to get a decent picture of what’s going on in all of them is a tough job. But if these sensor-laden pigeons have anything to say about it, the job might get a bit easier.

The idea for using pigeons as biotelemetry platforms comes to us from the School of Geography, Earth, and Environmental Sciences at the University of Birmingham in the UK. [Rick Thomas], lead investigator on the “CityFlocks” project, explains that meteorological models are hampered by a lack of data about the air in the urban canyons formed by tall buildings. Placing a lot of fixed sensors has a prohibitive cost, and using drones to do the job would probably cause regulatory problems, especially given recent events. But pigeons are perfect for the job once they’re outfitted with an “Avian-Meteorology Instrumentation Package (AvMIP)”. From the photographs we’re guessing the AvMIP is a pretty simple data logger with GPS and inputs for the usual sensors, all powered by a small LiPo pack. Luckily, the pigeons used are all domesticated racing birds that return to the nest, so no radio transmitter is needed, but if other urban avians such as peregrine falcons and seagulls are used then a future AvMIPS might leverage pervasive WiFi networks to upload data.

It’s not the first time we’ve seen mobile platforms used to fill in gaps in weather data, of course. And if this at all puts you in mind of that time pigeons were used to guide bombs, relax – no pigeons were harmed in the making of this research project.

Thanks to [Itay Ramot] for the tip [via Gizmodo].

Will Drones And Planes Be Treated As Equals By FAA?

Soon, perhaps even by the time you read this, the rules for flying remote-controlled aircraft in the United States will be very different. The Federal Aviation Authority (FAA) is pushing hard to repeal Section 336, which states that small remote-controlled aircraft as used for hobby and educational purposes aren’t under FAA jurisdiction. Despite assurances that the FAA will work towards implementing waivers for hobbyists, critics worry that in the worst case the repeal of Section 336 might mean that remote control pilots and their craft may be held to the same standards as their human-carrying counterparts.

Section 336 has already been used to shoot down the FAA’s ill-conceived attempt to get RC pilots to register themselves and their craft, so it’s little surprise they’re eager to get rid of it. But they aren’t alone. The Commercial Drone Alliance, a non-profit association dedicated to supporting enterprise use of Unmanned Aerial Systems (UAS), expressed their support for repealing Section 336 in a June press release:

Basic ‘rules of the road’ are needed to manage all this new air traffic. That is why the Commercial Drone Alliance is today calling on Congress to repeal Section 336 of the FAA Modernization and Reform Act of 2012, and include new language in the 2018 FAA Reauthorization Act to enable the FAA to regulate UAS and the National Airspace in a common sense way.

With both the industry and the FAA both pushing lawmakers to revamp the rules governing small remote-controlled aircraft, things aren’t looking good for the hobbyists who operate them. It seems likely those among us with a penchant for airborne hacking will be forced to fall in line. But what happens then?

Continue reading “Will Drones And Planes Be Treated As Equals By FAA?”

FAA Finalizes Rules For Drones, UAS, And Model Aircraft

The FAA and DOT have finalized their rules for small Unmanned Aircraft Systems (UAS, or drones), and clarified rules for model aircraft. This is the end of a long process the FAA undertook last year that has included a registry system for model aircraft, and input from members of UAS and model aircraft industry including the Academy of Model Aeronautics and 3D Robotics.

Model Aircraft

Since the FAA began drafting the rules for unmanned aircraft systems, it has been necessary to point out the distinction between a UAS and a model aircraft. Thanks to the amazing advances in battery, brushless motor, and flight controller technology over the past decade, the line between a drone and a model aircraft has been fuzzed, and onboard video systems and FPV flying have only blurred the distinction.

The distinction between a UAS and model aircraft  is an important one. Thanks to the FAA Reauthorization Act of 2012, the FAA, “may not promulgate any rule or regulation regarding a model aircraft” under certain conditions. These conditions include aircraft flown strictly for hobby or recreational use, operated in accordance with a community-based set of safety guidelines (read: the safety guidelines set by the Academy of Model Aeronautics), weighs less than 55 pounds, gives way to manned aircraft, and notifies the operator of an airport when flown within five miles of a control tower.

Despite laws enacted by congress, the FAA saw it necessary to create rules and regulations for model aircraft weighing less than 55 pounds, and operated in accordance with a community-based set of safety guidelines. The FAA’s drone registration system doesn’t make sense, and there is at least one pending court case objecting to these rules.

The FAA’s final rules for UAS, drones, and model airplanes change nothing from the regulations made over the past year. If your drone weighs more than 250 grams, you must register it. For model aircraft, and unmanned aircraft systems conducting ‘hobbyist operations’, nothing has changed.

Unmanned Aerial Systems

The finalized rule introduced today concerns only unmanned aircraft systems weighing less than 55 pounds conducting non-hobbyist operations. The person flying the drone must be at least 16 years old and hold a remote pilot certificate with a small UAS rating. This remote pilot certificate may be obtained by passing an aeronautical knowledge test, or by holding a non-student Part 61 pilot certificate (the kind you would get if you’d like to fly a Cessna on the weekends)

What this means

Under the new regulations, nothing for model aircraft has changed. The guys flying foam board planes will still have to deal with a registration system of questionable legality.

For professional drone pilots – those taking aerial pictures, farmers, or pilots contracting their services out to real estate agents – the situation has vastly improved. A pilot’s license is no longer needed for these operations, and these aircraft may be operated in class G airspace without restriction. Drone use for commercial purposes is now possible without a pilot’s license. This is huge for many industries.

These rules do not cover autonomous flight. This is, by far, the greatest shortcoming of the new regulations. The most interesting applications of drones and unmanned aircraft is autonomous flight. With autonomous drones, farmers could monitor their fields. Amazon could deliver beer to your backyard. There are no regulations regarding autonomous flight from the FAA, and any business plans that hinge on pilot-less aircraft will be unrealized in the near term.

DJI Phantoms are now ‘drones’

This is a quick aside, but I must point out the FAA press release was written by someone with one of two possible attributes. Either the author of this press release paid zero attention to detail, or the FAA has a desire to call all unmanned aircraft systems ‘drones’.

The use of the word ‘drone’ in the model aircraft community has been contentious, with quadcopter enthusiasts making a plain distinction between a DJI Phantom and a Predator drone. Drones, some say, have the negative connotation of firing hellfire missiles into wedding parties and killing American citizens in foreign lands without due process, violating the 5th amendment. Others have classified ‘drones’ as having autonomous capability.

This linguistic puzzle has now been solved by the FAA. In several places in this press release, the FAA equates ‘unmanned aircraft systems’ with drones, and even invents the phrase, ‘unmanned aircraft drone’. Language is not defined by commenters on fringe tech blogs, it is defined by common parlance. Now the definition of ‘drone’ is settled: it is an unmanned, non-autonomous, remote-controlled flying machine not flown for hobby or recreational use.

Hackaday Links: December 27th, 2015

PCBs can be art – we’ve known this for a while, but we’re still constantly impressed with what people can do with layers of copper, fiberglass, soldermask, and silkscreen. [Sandy Noble] is taking this idea one step further. He took C64, Spectrum, and Sinclair PCBs and turned them into art. The results are incredible. These PCBs were reverse engineered, traced, and eventually turned into massive screen prints. They look awesome, and they’re available on Etsy.

$100k to bring down drones. That’s the tagline of the MITRE Challenge, although it’s really being sold as, “safe interdiction of small UAS that pose a safety or security threat in urban areas”. You can buy a slingshot for $20…

[styropyro] mas made a name for himself on Youtube for playing with very dangerous lasers and not burning his parent’s house down. Star Wars is out, and that means it’s time to build a handheld 7W laser. It’s powered by two 18650 cells, and is responsible for more than a few scorch marks on the walls of [styropyro]’s garage.

Everybody is trying to figure out how to put Ethernet and a USB hub on the Pi Zero. This means a lot of people will be launching crowdfunding campaigns for Pi Zero add-on boards that add Ethernet and USB. The first one we’ve seen is the Cube Infinity. Here’s the thing, though: they’re using through-hole parts for their board, which means this won’t connect directly to the D+ and D- USB signals on the Pi Zero. They do have a power/battery board that may be a little more useful, but I can’t figure out how they’re doing the USB.

[Keith O] found a fascinating video on YouTube and sent it into the tips line. It’s a machine that uses a water jet on pastries. These cakes start out frozen, and come out with puzzle piece and hexagon-shaped slices. Even the solution for moving cakes around is ingenious; it uses a circular platform that rotates and translates by two toothed belts. Who would have thought the latest advancements in cutting cakes and pies would be so fascinating?

It’s time to start a tradition. In the last links post of last year, we took a look at the number of views from North Korea in 2014. Fifty-four views, and we deeply appreciate all our readers in Best Korea. This year? For 2015, we’ve logged a total of thirty-six views from the Democratic People’s Republic of Korea. That’s a precipitous drop that deserves an investigation. Pyongyang meetup anyone?

Here’s The Reason The FAA’s Drone Registration System Doesn’t Make Sense

Last week, the US Department of Transportation and FAA released their rules governing drones, model aircraft, unmanned aerial systems, and quadcopters – a rose by any other name will be regulated as such. Now that the online registration system is up and running.

The requirements for registering yourself under the FAA’s UAS registration system are simple: if you fly a model aircraft, drone, control line model, or unmanned aerial system weighing more than 250g (0.55 lb), you are compelled under threat of civil and criminal penalties to register.

This is, by far, one of the simplest rules ever promulgated by the FAA, and looking at the full text shows how complicated this rule could have been. Representatives from the Academy of Model Aircraft, the Air Line Pilots Association, the Consumer Electronics Association weighed in on what types of aircraft should be registered, how they should be registered, and even how registration should be displayed.

Considerable attention was given to the weight limit; bird strikes are an issue in aviation, and unlike drones, bird strikes have actually brought down airliners. The FAA’s own wildlife strike report says, “species with body masses < 1 kilogram (2.2 lbs) are excluded from database,”. The Academy of Model Aircraft pushed to have the minimum weight requiring registration at two pounds, citing their Park Flyer program to define what a ‘toy’ is.

Rules considering the payload carrying ability of an unmanned aerial system were considered, the inherent difference between fixed wing and rotors or quadcopters was considered, and even the ability to drop toy bombs was used in the decision-making process that would eventually put all remotely piloted craft weighing over 250g under the FAA’s jurisdiction. We must at least give the FAA credit for doing what they said they would do: regulate drones in a way that anyone standing in line at a toy store could understand. While the FAA may have crafted one of the simplest rules in the history of the administration, this rule might not actually be legal.

Continue reading “Here’s The Reason The FAA’s Drone Registration System Doesn’t Make Sense”

The FAA Wants Your Input On Upcoming Drone Regs

Earlier this week, the US Department of Transportation announced registration would be required for unmanned aerial systems. Yes, drones will be regulated, and right now representatives from the Academy of Model Aircraft, the Air Line Pilots Association, the Consumer Electronics Association and others are deciding which quadcopters, planes, and other aircraft should be exempt from registration.

Now, the US DOT and FAA are looking for consumer’s input. The US DOT is asking the public such questions as:

  • Should registration happen at point-of-sale, or after the box is opened?
  • Should registration be dependant on serial numbers? If so, how will kits be registered?
  • Should certain drones/UAS be excluded from registration? Should weight, speed, maximum altitude, or flight times be taken into account?
  • Should registration require a fee?
  • Are there any additional ways of encouraging accountability of drone/UAS use?

Comments will be taken until November 6, with the task force assembled by the US DOT providing its regulations by November 20. The hope for all involved parties is that this system of regulation will be in place for the holiday season. One million UAS are expected to be sold by Christmas.