Hasta La Gadget!

As we store and transport more and more information online, we’ve gradually come to realize how easy it is for others to access that information without our permission. From Facebook’s privacy policies to the ongoing NSA leaks, it seems like the ordinary online user has enough reason to log out. Well, I’ve got more bad news for you: anyone can build a powerful spying tool using off the shelf parts, and for under $60 (USD).

Brendan O’Connor is the founder of security and software consultancy company Malice Afterthought. Last week he made headlines when he shared how he built F-BOMB, a small device that runs a software that he calls CreepyDOL . The DOL stands for Distributed Object Locator and “Creepy” with a capital ‘C’ is the perfect word to describe it. O’Connor built the F-BOMB using the popular Raspberry Pi microcomputer and added a Wi-Fi sensor to the device. The cost? $57 (USD). He built 10 F-BOMBs and hooked them up to Reticle, a “command & control system” that he made. Finally he hooked it up to a “data visualization system,” which you can see in the image above and in O’Connor’s video below:

In case the video wasn’t clear enough, the F-BOMB can gather a disturbing amount of wireless data. As New York Times reported – and as the video above proves – with the F-BOMB you can find out not only information on a wireless device but what the user is currently using or accessing through the device: geolocation, websites, email addresses, programs and more.

In my brief chat with O’Connor, he revealed that the device can snoop on wireless devices within about 160ft. He can add other sensors to the F-BOMB as well as adapt it to snoop on wired connections. Further, O’Connor said the F-BOMB is a passive device, so you have no way of knowing if it’s snooping on you. Finally, I asked O’Connor if the situation really is as hopeless for consumers as the New York Times article seemed to indicate. Here’s what he said:

Yes, it really is that hopeless. There are vulnerabilities in all the relevant layers of the stack. The application developers need to stop leaking so much data outside encryption envelopes (e.g., why does iMessage send hardware make and model, and iOS version, unencrypted?). iOS (I’m picking on it here because I use it, but the same problem is larger) should have OS-level support for blocking all non-VPN traffic until a VPN connection is established (once it’s up, the connection is opaque, but while it’s going up, I’ve usually got all the data I need). And the low-level protocol needs to stop encouraging devices to *beacon out all their known networks constantly*. So since there needs to be culture-level shifts at all the layers of the stack, yes, for end-users, the situation is hopeless at the moment.”

In other words, not only is it possible to make a surveillance tool that is small and cheap, the devices that we use are practically inviting prying eyes to take a look at our data. It falls upon us as end users to nag Apple, Microsoft, Google and other companies who create the hardware and software that we use to step their security game up. It would be foolish to believe that they know nothing about the disaster that they’re courting (with our privacy and security at stake). But for some reason they’re not doing anything about it, nor are they telling us how much danger we’re in.

O’Connor intends to sell F-BOMBs soon. Fellow black hats and tinkerers can sign up at Malice Afterthought’s website to find out more about the F-BOMB and when it will go on sale. Ars Technica also has a thorough technical report on the F-BOMB. As for the rest of us? I guess we’d better start learning how to communicate telepathically.

[via Brendan O’Connor & The New York Times via Infoneer Pulse]

Raspberry Pi has unsurprisingly been a smash hit with the maker community. But here’s an enterprise startup that is using the $35/$25 microcomputer — or rather hundreds of them at a time — as a network monitoring tool for corporate networks that bypasses the need for humans to report network outages to a help-desk.

U.S. startup NetBeez, which was founded in April and recently graduated from the Pittsburgh-based AlphaLab accelerator, is developing a tool that uses multiple Raspberry Pis to monitor network connectivity and notify administrators when a problem is detected. NetBeez received $25,000 from AlphaLab and is also backed by $100,000 in convertible notes. It’s currently raising a seed round.

The basic idea is that the Pis simulate user activity on a network, enabling the system to pick up problems that affect end users without having to wait for actual humans to be annoyed by a sudden lack of connectivity. Being as each Pi is so (relatively) low cost, it’s possible for NetBeez to install hundreds per company to monitor uptime across an entire enterprise network footprint — such as every bank branch outlet, for instance — without the overall cost becoming prohibitively expensive to the customer.

“NetBeez is a tool to validate network changes and catches outages before they affect the end user,” explains co-founder, Panagiotis Vouzis. “A large percentage of network outages are caused after engineers make changes to their network. Current monitoring tools give a detailed view of the routers and switches, but they miss the information about the connectivity of the end user. So, when an engineer makes a change at 2:00 am (they work off hours to affect the least number of users in case something goes wrong) they don’t know if the end user has been affected or not.

“Often, the outages they cause are detected at 8:00 am when the first employees come in to work, and they can’t work until the problem gets resolved. Only on critical configuration changes people are sent office to office at 2:00 am to check if everything is up and running. This is cumbersome, costly, doesn’t scale, and cannot be applied to every change.”

This is where NetBeez steps in and installs Pis running its monitoring software (aka Beez) behind the switch — aka “exactly where the end-user connects” — thereby giving the network engineer visibility on whether configuration changes done in the middle of the night are going to affect all the local office workers in the morning.

“There are many types of outages that are detected by the end user only. They have to call the help desk, that then informs the IT department about the problem. The Beez acts as a proactive and distributed network monitoring tool that catches problems that remain undetected by the current state of the art. It bypasses the help-desk process,” adds Vouzis.

Vouzis says it intends to target the tool at large and medium companies that have complex networks and a need to minimise network outages and downtime. It’s been running a beta program since May, with three demo customers on board who have “a strong presence in Pennsylvania and West Virginia”.

Both Vouzis and his fellow co-founder, Stefano Gridelli, have a background in network engineering. The business model for NetBeez will either be an upfront cost or a monthly or yearly fee per Bee and for use of  NetBeez’s server system, adds Vouzis.

The microwave is the lazy hungry man’s best friend. Developer Nathan Broadbent went and modified his oven to become even more lazy user-friendly. His Picrowave oven is voice-activated, reads bar codes, can be taught how to cook a particular item and more.

Broadbent used a Raspberry Pi to smarten up his oven. He even rewired its touch panel and made a new interface for it. The thing is, he doesn’t need to use the new panel, because he made the oven understand voice commands.

He also made an online database containing instructions for cooking. The instructions are tied to bar codes, which are read by a scanner that Broadbent connected it to his oven. In short, all he has to do is scan an item and the microwave will find out how to zap it from the database using Wi-Fi. If it’s not there, Nathan can just add an entry. He also made an online interface so that he can control the oven from a website, even from a mobile device. Finally, the oven can also tweet when its done cooking.

If only 3D printers were that easy to use. Head to Broadbent’s website to see how he made the Picrowave.

[via TechCrunch via DVICE]

A Raspberry Pi owner used it to unlock a door simply by hearing his dog bark.

Like It , +1 , Tweet It , Pin It Original content from Ubergizmo.

We’ve seen a small arcade machine that can be powered by a Raspberry Pi. Master modder Ben Heck decided to make an even tinier version of the tiny computer and put it in a custom case with buttons, turning it into a portable gaming device.

Aside from a Raspberry Pi, Ben Heck also used a 3.5″ LCD screen, a Teensy board, a couple of Li-ion batteries and some buttons from a Logitech gamepad.

Then he 3D printed a case, wired everything together and installed MAME on the Pi. You can skip to around 15:10 in the video below to see it working:

Can we just sit back for a minute and process what we saw? He made a freakin’ gaming device. On his own. This guy. This Ben Heck guy. He is quite the guy. If you have the same godly capabilities, head to Thingiverse to get the files you need to 3D print the case.

[via I Heart Chaos]