If you’re into pushing tech boundaries from home, this one’s for you. Redditor [mi_kotalik] has crafted ‘Zero’, a custom pair of DIY augmented reality (AR) glasses using a Raspberry Pi Zero. Designed as an affordable, self-contained device for displaying simple AR functions, Zero allows him to experiment without breaking the bank. With features like video playback, Bluetooth audio, a teleprompter, and an image viewer, Zero is a testament to what can be done with determination and creativity on a budget. The original Reddit thread includes videos, a build log, and links to documentation on X, giving you an in-depth look into [mi_kotalik]’s journey. Take a sneak peek through the lens here.

Creating Zero wasn’t simple. From designing the frame in Tinkercad to experimenting with transparent PETG to print lenses (ultimately switching to resin-cast lenses), [mi_kotalik] faced plenty of challenges. By customizing SPI displays and optimizing them to 60 FPS, he achieved an impressive level of real-time responsiveness, allowing him to explore AR interactions like never before. While the Raspberry Pi Zero’s power is limited, [mi_kotalik] is already planning a V2 with a Compute Module 4 to enable 3D rendering, GPS, and spatial tracking.

Zero is an inspiring example for tinkerers hoping to make AR tech more accessible, especially after the fresh news of both Meta and Apple cancelling their attempts to venture in the world of AR. If you are into AR and eager to learn from an original project like this one, check out the full Reddit thread and explore Hackaday’s past coverage on augmented reality experiments.

As things get smaller, we can fit more processing power into devices like robots to allow them to do more things or interact with their environment in new ways. If not, we can at least build them for less cost. But the design process can get exponentially more complicated when miniaturizing things. [Carl] wanted to build the smallest 9-axis robotic microcontroller with as many features as possible, and went through a number of design iterations to finally get to this extremely small robotics platform.

Although there are smaller wireless-enabled microcontrollers, [Carl] based this project around the popular ESP32 platform to allow it to be usable by a wider range of people. With that module taking up most of the top side of the PCB, he turned to the bottom to add the rest of the components for the platform. The first thing to add was a power management circuit, and after one iteration he settled on a circuit which can provide the board power from a battery or a USB cable, while also managing the battery’s charge. As for sensors, it has a light sensor and an optional 9-axis motion sensor, allowing for gesture sensing, proximity detection, and motion tracking.

Of course there were some compromises in this design to minimize the footprint, like placing the antenna near the USB-C charger and sacrificing some processing power compared to other development boards like the STM-32. But for the size and cost of components it’s hard to get so many features in such a small package. [Carl] is using it to build some pretty tiny robots so it suits his needs perfectly. In fact, it’s hard to find anything smaller that isn’t a bristlebot.

Self-balancing devices present a unique blend of challenge and innovation. That’s how [mircemk]’s project caught our eye. While balancing cubes isn’t a new concept — Hackaday has published several over the years — [mircemk] didn’t fail to impress. This design features a 3D-printed cube that balances using reaction wheels. Utilizing gyroscopic sensors and accelerometers, the device adapts to shifts in weight, enabling it to maintain stability.

At its core, the project employs an Arduino Nano microcontroller and an MPU6050 gyroscope/accelerometer to ensure precise control. Adding nuts and bolts to the reaction wheels increases their weight, enhancing their impact on the cube’s balance. They don’t hold anything. They simply add weight. The construction involves multiple 3D printed components, each requiring several hours to produce, including the reaction wheels and various mount plates. After assembly, users can fine-tune the device via Bluetooth, allowing for a straightforward calibration process to set the balancing points.

If you want to see some earlier incarnations of this sort of thing, we covered other designs in 2010, 2013, and 2016. These always remind us of Stewart platforms, which are almost the same thing turned inside out.

While the death of Apple’s Lightning Connector can’t come soon enough, swapping the ports on their products as “category-defining innovations” seems a bit of a stretch. [Ken Pillonel] has designed a set of streamlined, repairable, USB-C adapters for the AirPods, AirPods Pro, and AirPods Max that show Apple what innovation really means.

If you’ve followed [Pillonel]’s work in the past, you’ll know he’s as a big a fan of repairability as we are here, so this isn’t just a cheap knockoff dongle that’ll be in the trash as fast as your counterfeit wireless earbuds. In the video below, he walks us through his quest start-to-finish to design something compact that gives you all the joys of USB-C without the pain of buying a whole new set of headphones.

We like the iteration on the connector, showing that flexible circuits can do some amazing things, but are still subject to failure at extreme angles. Using a combination of 3D printing, a cool robot sandblasting machine, a pick-and-place, and some old fashioned hand soldering, [Pillonel] treats us to a polished final product that’s put together with actual screws and not adhesive. His designs are all open source, so you can DIY, or he sells finished copies in his shop if you want to give one to your less-than-techy relatives.

[Pillonel] may seem familiar as he’s the guy who added USB-C to the iPhone before Apple and redesigned the AirPods Pro case for repairability. Apple is getting better about repair in some of its devices, for sure, but unsurprisingly, hackers do it better.

A disclaimer: Not a single cable tie was harmed in the making of this backpack cyberdeck, and considering that we lost count of the number of USB cables [Bag-Builds] used to connect everything in it, that’s a minor miracle.

The onboard hardware is substantial, starting with a Lattepanda Sigma SBC, a small WiFi travel router, a Samsung SSD, a pair of seven-port USB hubs, and a quartet of Anker USB battery banks. The software defined radio (SDR) gear includes a HackRF One, an Airspy Mini, a USRP B205mini, and a Nooelec NESDR with an active antenna. There are also three USB WiFi adapters, an AX210 WiFi/Bluetooth combo adapter, a uBlox GPS receiver, and a GPS-disciplined oscillator, both with QFH antennas. There’s also a CatSniffer multi-protocol IoT dongle and a Flipper Zero for good measure, and probably a bunch of other stuff we missed. Phew!

As for mounting all this stuff, [Bag-Builds] went the distance with a nicely designed internal frame system. Much of it is 3D printed, but the basic frame and a few rails are made from aluminum. The real hack here, though, is getting the proper USB cables for each connection. The cable lengths are just right so that nothing needs to get bundled up and cable-tied. The correct selection of adapters is a thing of beauty, too, with very little interference between the cables despite some pretty tightly packed gear.

What exactly you’d do with this cyberpack, other than stay the hell away from airports, police stations, and government buildings, isn’t exactly clear. But it sure seems like you’ve got plenty of options. And yes, we’re aware that this is a commercial product for which no build files are provided, but if you’re sufficiently inspired, we’re sure you could roll your own.

Thanks to [KC] for the tip on this one.

The Bluetooth SIG recently released the core specification for version 6.0 of Bluetooth. Compared to 5.x, it contains a number of changes and some new features, the most interesting probably being Channel Sounding. This builds upon existing features found in Bluetooth 5.x to determine the angle to, and direction of another device using Angle of Arrival (AoA) and Angle of Departure (AoD), but uses a new approach to much more precisely determine these parameters. as defined in the Technical Overview document for this feature.

In addition to this feature, there are also new ways to filter advertising packets, to reduce the number of packets to sift through (Decision-Based Advertising Filtering) and to filter out duplicate packets (Monitoring Advertisers). On a fundamental level, the Isochronous Adaptation Layer (ISOAL) received a new framing mode to reduce latency and increase reliability, alongside frame spacing now being negotiable and additional ways to exchange link layer information between devices.

As with any Bluetooth update, it will take a while before chipsets supporting it become widely available, and for the new features to be supported, but it gives a glimpse of what we can likely expect from Bluetooth-enabled devices in the future.

There have been some hilarious issues on mobile devices over the years. The HTC Dream had a hidden shell that was discovered when a phone rebooted after sending a text containing just the word “reboot”. iOS has gotten in on the fun from time to time, and this time it’s ""::. Type the double quotes, a colon, and any other character, and Apple’s Springboard service crashes.

Another hacker dug in a bit, and realized that Springboard is trying to jump execution to a null pointer, leading to a crash. It’s very odd that user input breaks the query parser badly enough to jump to null like that. There are a couple interesting questions that we have to ask. Given that the crash trigger is quite flexible, "anything goes":x, is it possible to manipulate that function pointer to be something other than null? And perhaps more importantly, why is the code crashing, instead of an invalid address error as one would expect from a Pointer Authentication Code (PAC) violation? Regardless, the bug seems to be fixed in the latest iOS 18 builds.

Typing “”:: in various search bars (e.g. in Settings .app) on iOS, will cause a crash! https://t.co/P4Ax0z9W9F (by: @lorenzofb)

….let's dig into why

— Patrick Wardle (@patrickwardle) August 21, 2024

OpenBMC

OpenBMC is something of a reference Baseboard Management Controller, and as such it’s the upstream for other implementations. And it has a fairly serious issue, in the slpd-lite service, which just happens to be installed and enabled by default. SLP is the Service Location Protocol, a service discovery protocol, which is something of a predecessor to Zeroconf. Slpd-lite has a pair of issues that result in trivial heap reads and writes, beyond the intended buffer.

The slpd-lite project patched the issues about a week after disclosure, back in May. In June, the patch and an advisory was applied to OpenBMC itself. Nice and speedy action. Now to get all the downstream vendors to apply it, too.

WordPress LightSpeed Falls to Weak Hash

The LightSpeed Cache plugin for WordPress does something really clever, but in a way that managed to allow admin authentication bypasses. To cache pages that a logged-in user would see, the plugin’s crawler simulates each user loading the site, and caches that. To protect that cache, a random string is generated. The problem is that this random generation is seeded using the current time, only the microsecond portion of the time. So one of only a million possible values. And while a million is a lot when talking about physical objects, it’s not nearly enough when talking about cryptography.

To log in as a user using this weak hash, an attacker only has to guess te proper user ID (usually 1 is an admin) and then hit the right hash value. Lightspeed hash released a fix, but this is a severe issue, and we should expect to see exploitation attempts — And that didn’t take long. This one could be nasty, as something like 3.5 million sites are still running the vulnerable version of the plugin. Wordfence has already blocked 48,500 in the first 24 hours of this attack being publicly known.

Insulin, Privacy, and Firewalls

[Remy] fron Greynoise Labs is on a bit of a crusade against insecure Bluetooth. And make no mistake, Bluetooth can be a problem. Case in point, the FDA has issued a recall on a particular insulin pump, because the iOS app could enter a crash loop, and the continual Bluetooth re-connections drained the device’s batteries. Battery drain may seem like a mild inconvenience, but apparently over 200 people have reported injuries as a result.

So in this push for more secure use of Bluetooth, [Remy] mined a collection of Android applications for Bluetooth UUIDs. Those are unique identifiers of what kind of device is advertising Bluetooth. With this new treasure trove of identifiers, it was only natural to write a Bluetooth UUID scanner. And this is where a bit of a bizarre coincidence took place. At the some moment [Remy] fired up this scanner, his local Internet access dropped. As a result, his Firewalla firewall started advertising a Bluetooth Low Energy interface. The database returned a hit, and [Remy] had the Android APK to look at.

The Firewalla scheme for authenticating that BLE interface was lacking, with a handful of possible issues, like only checking the first 8 characters of a UUID key. And once past that initial hurdle, further administration tasks are secured using a JSON Web Token. That token’s signing key was global for all Firewally devices, and trivially derived from either firmware or the Android APK. And that’s not even all, since there were also command injection issues over the same Bluetooth link. Firewalla has released version 1.979 to address these issues.

Moar Bluetooth

If that wasn’t enough Bluetooth, the Zero Day Initiative has us covered, with coverage of a pair of flaws in the Autel Maxicharger vehicle charging station. The first was a simple buffer overflow in the Bluetooth data handling, leading to possible Remote Code Execution (RCE). The second issue was the presence of “Backup credentials” in the firmware’s WiFi handling.

Bits and Bytes

“Insufficient sanitization” is not a feature you want in your microservices. Spring’s Cloud Dataflow is a tool to plug data flows in to various other applications. Before a recent patch fixed it, Dataflow was doing some basic checks on file uploads, like looking for nulls or empty files. The problem was some very simple path traversal attacks. Name a package name with ../../../poc, and while the service may throw an error, it still creates the files as requested. 2.11.3 has shipped with the fix, so time to update!

And speaking of bypasses, ingress-nginx has a validation bypass, allowing unauthorized access to Kubernetes clusters using that controller. Kubernetes supports annotations as a sort of metadata system, and ingress-nginx was failing to properly validate those annotations, which could then be used for command injection.

And finally, I think I’ve played this video game. Except this time, someone actually tried to hack himself out of existence. The FBI discovered that a criminal had not only used stolen social security numbers to commit fraud, he had gone so far as to register his own death in a Government system, using stolen credentials. It didn’t turn out so well, as he was discovered alive, and sentenced to jail time for the effort.