Another Day, Another Air Gap Breached

What high-tech, ultra-secure data center would be complete without dozens of video cameras directed both inward and outward? After all, the best informatic security means nothing without physical security. But those eyes in the sky can actually serve as a vector for attack, if this air-gap bridging exploit using networked security cameras is any indication.

It seems like the Cyber Security Lab at Ben-Gurion University is the place where air gaps go to die. They’ve knocked off an impressive array of air gap bridging hacks, like modulating power supply fans and hard drive activity indicators. The current work centers on the IR LED arrays commonly seen encircling the lenses of security cameras for night vision illumination. When a networked camera is compromised with their “aIR-Jumper” malware package, data can be exfiltrated from an otherwise secure facility. Using the camera’s API, aIR-Jumper modulates the IR array for low bit-rate data transfer. The receiver can be as simple as a smartphone, which can see the IR light that remains invisible to the naked eye. A compromised camera can even be used to infiltrate data into an air-gapped network, using cameras to watch for modulated signals. They also demonstrated how arrays of cameras can be federated to provide higher data rates and multiple covert channels with ranges of up to several kilometers.

True, the exploit requires physical access to the cameras to install the malware, but given the abysmal state of web camera security, a little social engineering may be the only thing standing between a secure system and a compromised one.

Continue reading “Another Day, Another Air Gap Breached”

Hackaday Prize Entry: Remote Control by Head Gestures

Some people may think they’re having a bad day when they can’t find the TV remote. Yet there are some people who can’t even hold a remote, let alone root around in the couch cushions where the remote inevitably winds up. This entry in the Assistive Technologies phase of the 2017 Hackaday Prize seeks to help such folks, with a universal remote triggered by head gestures.

Mobility impairments can range from fine motor control issues to quadriplegia, and people who suffer from them are often cut off from technology by the inability to operate devices. [Cassio Batista] concentrated on controlling a TV for his project, but it’s easy to see how his method could interface with other IR remotes to achieve control over everything from alarm systems to windows and drapes. His open-source project uses a web cam to watch a user’s head gestures, and OpenCV running on a CHIP SBC looks for motion in the pitch, yaw, and roll axes to control volume, channel, and power. An Arduino takes care the IR commands to the TV. The prototype works well in the video below; with the power of OpenCV we can imagine mouth gestures and even eye blinks adding to the controller’s repertoire.

The Assistive Tech phase wraps up tomorrow, so be sure to get your entries in. You’ll have some stiff competition, like this robotic exoskeleton. But don’t let that discourage you.

Continue reading “Hackaday Prize Entry: Remote Control by Head Gestures”

Heat Duct Rover Explores Stink, Rescues Flashlight

It all started with a bad smell coming from the heat register. [CuddleBurrito] recalled a time when something stinky ended up in the ductwork of his folks’ house which ended up costing them big bucks to explore. The hacker mindset shies away from those expenditures and toward literally rolling your own solution to investigating the funk. In the process [CuddleBurrito] takes us on a journey into the bowels of his house.

Continue reading “Heat Duct Rover Explores Stink, Rescues Flashlight”

d-touch tangible drum interface

yes, drums are tangible. We know. What this is, however, is a tangible interface that is a drum machine. The software is freely available for download, after registration. For hardware, all you need is a webcam, a computer, and a way to print out the pieces. D-Touch is cross platform which is very nice. Please note that the software will not run until you activate it by putting in your user account from their site. If you like this project, you might also get a kick out of the Go Sequencer.

Face tracking in Opera

Inspired by this year’s april fools day joke from Opera, [Jason] has made facial gesture recognition actually work. While this may seem like a silly project, it could seriously help some people out. This could be a great accessibility tool for people with motor control limitations.He states that it has some problems right now, most notably a performance issue with extended use, so he’s hoping to get some input from some bright minds.

[thanks, Jordan]

Controlling spykee via web cam using your fingers

spykee

[epokh] sent in this cool project where he wrote some custom code to control the Spykee robot using gestures. He filters out everything but green through his web cam, then wraps his fingers in green tape. He then runs a series of filters to clean it up a little bit. The resulting “blobs” are tracked and converted to motor commands. You can see the setup in action in the video after the break. This guy might look familiar, as we posted a super quick head tracking rig he did with legos recently. Some of you mentioned, in the comments, that the legos were a waste, you’ll find that he thought so too, and ended up fabbing a simple rig to take the place of the legos.

Continue reading “Controlling spykee via web cam using your fingers”