Internet of Things Refrigerator Alarm

By Bryan Cockfield

fridge alarm

For anyone who gets a late-night craving for anything out of the refrigerator and needs some help in the willpower department, [Claudio] may have the project for you. He has just finished work on a project that sends out an alarm when the refrigerator door opens, alerting others that you’re on the prowl for munchies.

The device uses a light sensor connected to an OpenPicus IoT kit that contains a FlyportPRO Wi-Fi module. When the refrigerator door is opened, the device sends out an email message via a web server, which can be sent to whomever you choose. All of the project’s code and instructions are available on the project site as well.

The project is pretty clever in that no actual interfacing with the refrigerator is required, beyond running a power cable through the seal of the door (although [Claudio] notes that the device will run on a lithium battery as an option). The web server itself can be set up to send out alarms during any timeframe as well, allowing a user to customize his or her nighttime snacking window. If you’re looking for a less subtle approach, we’d recommend the

Via: Hack a Day

    

Mining Bitcoins with Pencil and Paper

By Brian Benchoff

mining

Right now there are thousands of computers connected to the Internet, dutifully calculating SHA-256 hashes and sending their results to other peers on the Bitcoin network. There’s a tremendous amount of computing power in this network, but [Ken] is doing it with a pencil and paper. Doing the math by hand isn’t exactly hard, but it does take an extraordinary amount of time; [Ken] can calculate about two-thirds of a hash per day.

The SHA-256 hash function used for Bitcoin isn’t really that hard to work out by hand. The problem, though, is that it takes a 64 byte value, sends it through an algorithm, and repeats that sixty-four times. There are a few 32-bit additions, but the rest of the work is just choosing the majority value in a set of three bits, rotating bits, and performing a mod 2.

Completing one round of a SHA-256 hash took [Ken] sixteen minutes and forty-five seconds. There are sixty-four steps in calculating the hash, this means a single hash would take about 18 hours to complete. Since Bitcoin uses a double SHA-256 algorithm, doing the calculations on a complete bitcoin block and submitting them to the network manually would take the better part of two days. If you’re only doing this as your daily 9-5, this is an entire weeks worth of work.

Just for fun, [Ken] tried to figure out how energy-efficient the bitcoin mining rig stored in his skull is. He can’t live on electricity, but donuts are a cheap source of calories, at about $0.23 per 200 kcalories. Assuming a metabolic rate of 1500 kcal/day, this means his energy cost is about 67 quadrillion times that of an ASIC miner.

Video below.

Filed under:

Via: Hack a Day

    

Very Dumb Security For a WiFi Thermostat

By Brian Benchoff

elliot

We have finally figured out what the Internet of Things actually is. It turns out, it’s just connecting a relay to the Internet. Not a bad idea if you’re building a smart, Internet-connected thermostat, but you have no idea how bad the security can be for some of these devices. The Heatmiser WiFi thermostat is probably the worst of the current round of smart home devices, allowing anyone with even a tiny amount of skill to control one of these thermostats over the Internet.

The Heatmiser is a fairly standard thermostat, able to connect to an 802.11b network and controllable through iOS, Android, and browser apps. Setting this up on your home network requires you to forward port 80 (for browser access) and port 8068 (for iOS/Android access). A username, password, and PIN is required to change the settings on the device, but the default credentials of user: admin, password: admin, and PIN: 1234 are allowed. If you’re on the same network as one of these devices, these credentials can be seen by looking at the source of the webpage hosted on the thermostat.

if you connect to this thermostat with a browser, you’re vulnerable to cross-site request forgery. If you use the Android or iOS apps to access the device with the custom protocol on port 8068, things are even worse: there is no rate limiting for the PIN, and with only four digits and no username required, it’s possible to unlock this thermostat by trying all 10,000 possible PINs in about an hour.

There are about a half-dozen more ways to bypass the security on the Heatmiser thermostat, but the most damning is the fact there is no way to update the firmware without renting a programmer from Heatmiser and taking the device apart. Combine this fact with the huge amount security holes, and you have tens of thousands of installed devices that will remain unpatched. Absolutely astonishing, but a great example of how not to build an Internet connected device.

Filed under:

Via: Hack a Day