Avoid Awkward Video Conference Situations With PIR And Arduino

July 24, 2021 by Danie Conradie 10 Comments

Working from home with regular video meetings has its challenges, especially if you add kids to the mix. To help avoid embarrassing situations, [Charitha Jayaweera] created Present!, a USB device to automatically turn of your camera and microphone if you suddenly need to leave your computer to maintain domestic order.

Present consists of just a PIR sensor and Arduino in a 3D printed enclosure to snap onto your monitor. When the PIR sensor no longer detects someone in range, it sends a notification over serial to a python script running on the PC to switch off the camera and microphone on Zoom (or another app). It can optionally turn these back on when you are seated again. The cheap HC-SR501 PIR module’s range can also be adjusted with a trimpot for your specific scenario. It should also be possible to shrink the device to the size of the PIR module, with a small custom PCB or one of the many tiny Arduino compatible dev boards.

For quick manual muting, check out the giant 3D printed mute button. Present was an entry into the Work from Home Challenge, part of the 2021 Hackaday Prize.

Project Starline Realizes Asimov’s 3D Vision

May 20, 2021 by Al Williams 36 Comments

Issac Asimov wrote Caves of Steel in 1953. In it, he mentions something called trimensional personification. In an age before WebEx and Zoom, imagining that people would have remote meetings replete with 3D holograms was pretty far-sighted. We don’t know if any Google engineers read the book, but they are trying to create a very similar experience with project Starline.

The system is one of those that seems simple on the face of it, but we are sure the implementation isn’t easy. You sit facing something that looks like a window. The other person shows up in 3D as though they were on the other side of the window. Think prison visitation without the phone handset. The camera is mounted such that you look naturally at the other person through your virtual window.

Continue reading “Project Starline Realizes Asimov’s 3D Vision” →

This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree

April 16, 2021 by Jonathan Bennett 11 Comments

Our first story this week comes courtesy of the Pwn2own contest. For anyone not familiar with it, this event is held twice a year, and features live demonstrations of exploits against up-to-date software. The one exception to this is when a researcher does a coordinated release with the vendor, and the update containing the fix drops just before the event. This time, the event was held virtually, and the attempts are all available on Youtube. There were 23 attacks attempted, and only two were outright failures. There were 5 partial successes and 16 full successes.

One of the interesting demonstrations was a zero-click RCE against Zoom. This was a trio of vulnerabilities chained into a single attack. The only caveat is that the attack must come from an accepted contact. Pwn2Own gives each exploit attempt twenty minutes total, and up to three attempts, each of which can last up to five minutes. Most complex exploits have an element of randomness, and exploits known to work sometimes don’t work every time. The Zoom demonstration didn’t work the first time, and the demonstration team took enough time to reset, they only had enough time for one more try.

BleedingTooth

We first covered BleedingTooth almost exactly six months ago. The details were sparse then, but enough time has gone by to get the full report. BleedingTooth is actually a trio of vulnerabilities, discovered by [Andy Nguyen]. The first is BadVibes, CVE-2020-24490. It’s a lack of a length check in the handling of incoming Bluetooth advertisement packets. This leads to a buffer overflow. The catch here is that the vulnerability is only possible over Bluetooth 5. Continue reading “This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree” →

Zoom Out Of The Classroom With A Mushroom Button

February 4, 2021 by Kristina Panos 16 Comments

Considering the state of well, everything, we can’t tell you how glad we are to be out of school. That goes double for not being a teacher these days. [Elena] had some awesome light-up tactile buttons set aside for a killer Kerbal Space Program controller, but it’s funny how a pandemic will change your priorities. Instead, those buttons found a good home in this colorful and enticing Zoom control panel.

[Elena]’s ready pile of Arduinos yielded no Leonardos or Pro Micros, but that’s okay because there’s a handy bootloader out there that allows you to reprogram the USB interface chip of an Uno or a Mega and use it as a keyboard. After setting that up, it was mostly a matter of wiring all those latching and momentary buttons and LEDs to the Mega and making them look fantastic with a set of icons. (We all know the big red mushroom button is for aborting the call; so does it really need an icon?)

[Elena] was inspired by the Zoom call-terminating pull chain we saw a month or so ago as well as the pink control box that launched a thousand or so macro keyboards. Have you made your own sanity-saving solution for our times? Let us know!

Master Video Call Control Panel Is Made Of PCBs

January 30, 2021 by Kristina Panos 6 Comments

[memestra] is a teacher whose life has become a series of videoconferences over the last year or so. With all the classes and meetings, they spend the whole day switching between either Zoom, Teams, or Meet. If anyone needs a single piece of hardware to control them all, it’s [memestra]. Well, and every other teacher out there.

The hardware — an Arduino Pro Micro and some buttons — should come as no surprise, except for maybe [memstra]’s use of a resistor network for the LEDs. Still, there’s a lot to like about this little box, starting with the enclosure. That’s not milled or laser-cut metal — each side is a PCB, and they’re all soldered together into a box.

We especially like the top panel, which fits down over the PCB that all the components are soldered to. Each of the non-volume buttons has multiple functions that are accessed by pressing, long pressing, or double pressing. But even the volume buttons do double duty: press them together to mute and un-mute. If [memestra] ever forgets which button does what and how, there’s a handy reference table silkscreened on the bottom panel.

In true teacher fashion, [memestra] has written comprehensive instructions for anyone looking to build a similar device. The heavily-commented code should make it a cinch to drop in keyboard shortcuts for Discord or anything else you might be using, though it’s worth noting that this box is optimized for the desktop apps and not the browser-based versions.

Just looking for a fun way to end video calls? Pull chains are pretty fun.

This Week In Security: OpenWRT, Favicons, And Steganographia

January 22, 2021 by Jonathan Bennett 29 Comments

OpenWRT is one of my absolute favorite projects, but it’s had a rough week. First off, the official OpenWRT forums is carrying a notice that one of the administrator accounts was accessed, and the userlist was downloaded by an unknown malicious actor. That list is known to include email addresses and usernames. It does not appear that password hashes were exposed, but just to be sure, a password expiration has been triggered for all users.

The second OpenWRT problem is a set of recently discovered vulnerabilities in Dnsmasq, a package installed by default in OpenWRT images. Of those vulnerabilities, four are buffer overflows, and three are weaknesses in how DNS responses are checked — potentially allowing cache poisoning. These seven vulnerabilities are collectively known as DNSpooq (Whitepaper PDF). Continue reading “This Week In Security: OpenWRT, Favicons, And Steganographia” →

A Pull Chain To End Your Zoom Pain

December 28, 2020 by Kristina Panos 14 Comments

Yay! Another videoconference call is in the books, so that must mean that it’s time to fumble around awkwardly for the hang-up button with a fading smile. [lanewinfield] knew there had to be a better way, and looked to the pull chain switch for salvation. Sure, this could just as easily be a button, but what’s the fun in that? Besides, few buttons would be as satisfying as pulling a chain to a Zoom call.

The pull chain switch is connected to an Adafruit Feather nRF52840 Express that’s emulating a Bluetooth keyboard. Firmware-wise it sends command + F6, which triggers an AppleScript that manually exits and and all Zoom calls and kills Chrome tabs pointed to meet.google.com. He’s using Apple’s hotkey wizard Alfred, but this could be handled just as easily with something like AutoHotKey.

Pull chain switches are neat little mechanisms. The chain is connected to a cam that engages a wheel with copper contacts on half the outside. When you pull the chain, the wheel moves 90° and the wheel contacts connect up with the fixed contacts inside the housing to make a connection. Pulling the chain again moves the wheel which slides to the half without the contacts. Check it out in the video below.

Continue reading “A Pull Chain To End Your Zoom Pain” →