GSM bug hack – get a cheap phone controlled switch

For more than a couple of years, I have been growing a great interest in the Chinese gadgets scene. It all started with some key chain spy cameras and evolved into mini PCs, tablets, smartphones and electronics. Now, I decided to revive the old times and tangle myself again with ingenious spy gadgets. For quite a while, I have been aware of GSM surveillance bugs (they come under many different names and shapes, I’ve got this one) which essentially are some tiny boxes with a SIM card socket, also equipped with a microphone. You call them, they answer automatically and you can hear whatever is in proximity. Pretty sneaky, especially when these low profile boxes are only a few centimeters big! Another interesting fact is that they are based on a Mediatek processor, namely the MT6223DA which is intended for ultra low cost phones. What intrigued or rather inspired me to buy one of those gadgets and hack it, was the high cost of the GSM shields for the Arduino microcontroller. In some home automation projects that I have under development, I just needed a GSM module to initiate or stop a sequence of events for my microcontroller to take […]

Peculiarities, oddities and interesting people at Rome’s Innovation Week

Last week I had the luck to participate in Rome’s Innovation Week, which included numerous conferences, speeches and closed with a crowded and inspiring Maker Faire. On Tuesday, the Open Source Hardware Association’s conference opened its gates. Very interesting topics by most of the speakers, with little technical knowledge required to follow their topic. Here I would like to give extra attention to some specific speakers: Becky Stern from Adafruit was a great source of motivation for engaging into the wearables’ scene. Albertas Mickenas from wemakethings.net illustrated the correlation between the DIY culture in the Soviet era with the contemporary open source movement. Also I would like to quote him (loosely) on this: “If we are to deploy an Internet of things, we should first make sure that these things are ours”, implying that if we have machines and sensors monitoring on our daily life, then we have the obligation to make sure we know how they are made, how they work and who do they report to. Eric Pan from seeedstudio.com was one of my favorites. Blame my addiction to Chinese gadgets and tech. He stated some examples of open source projects, that were adopted by chinese manufacturers and […]

Gamebuino: An über-cool open source gaming console

Some months ago, I contributed in a crowd funding campaign, to build the “Gamebuino” a gaming console based on Arduino. The guy behind Gamebuino, Aurélien Rodot had initially built it for himself while also publishing out schematics and code. When he noticed a growing interest in it, he started a crowd funding campaign to see if he can mass-produce it. And indeed he did, by collecting 1000% more funds, than his minimum goal! Gamebuino, is a prime example of how something can go from the prototyping lab to mass production within a couple of months. Aurelien proved to be very reliable, frequently publishing updates, staying well within the deadlines and promptly responding to funders’ inquiries. In Gamebuino’s case, open sourcing the software and hardware components was not an obstacle in monetizing (I really hope Aurelien made some money out of this, because he deserves it) while the community built around it, boosted the development process as well as increased the usability of the final product. You see, many games created by third parties are already available at launch. Anyway, as a contributor in the crowd funding campaign, my Gamebuino arrived today and was very excited about it. It looks professionally […]

Tenvis JPT3815W camera gets firmware update to 1.1.0.8, still a threat to your privacy

It has been more than two weeks since my findings regarding the vulnerabilities of the Tenvis JPT3815W network camera. Since then, these findings were re-posted and verified by other individuals like Craig Russel and thus far it was discovered that this vulnerability exists only in the 1.1.0.5. firmware. Thankfully, Tenvis took this more seriously, especially after Craig twitted them about this issue and they promised a fix. And indeed they did issue a fix, or at least they tried to. On 4th of July, I emailed them again, inquiring about a firmware update. Here’s their answer: Dear Customer, Greetings from TENVIS! This is Bruce from TENVIS custom service. We are very pleased to assist you to solve the problem. Here is new firmware you need to upgrade. Please download both of them. Please use the small file to upgrade first. After smal file upgrading succeed, please use big file to upgrade. After upgrading both, please refresh camera’s web page to check camera’s firmware version which should be new ervsion 1.1.0.8 small file http://apps.tenvis.com/download/small.update big file http://apps.tenvis.com/download/big.update This update, adds user authentication prompts in the /snapshot.cgi so it’s not so easy anymore to watch a live frame from the camera or…. is it? […]

Tenvis JPT3815W: A cheap network camera, if you can afford the huge security issues

I recently purchased a cheap, Chinese network PTZ camera which comes under the branding “Tenvis”. It set my wallet back by 50€, including shipping from the UK. I decided to get this one, after reading some positive reviews which labeled it as a great value for money option. Additionally, I saw that “Tenvis” had a real website and an English forum, so I thought “why not”. Generally, it’s a satisfactory camera for its price, setup is really fast, just finding the camera’s IP and you are ready to go. Also, they provide a unique link to it, through their dynamic dns service, so you can access it remotely without having to worry about the various local IP changes. You just need to enter your username and your password (you can also create new users with various permissions) to gain access. I also need to mention that my camera came with “Hardware Version 1.10” and “Firmware Version 1.1.0.5”. However, there’s a darker side to all this. As with many Chinese products, documentation and support is really poor. First, I realized, that their web client for non-IE browsers (who uses IE these days anyway?!), does not support audio in and audio out […]

Serial.println(“Hello World”);

Hi everyone! This is my new blog that i’ll be writing on from now. It will be mainly focused in technology news and reviews, as well other topics that could be inspiring and interesting. Tutorials, how-to’s are also on the way. Enjoy! :)