How to hack Amazon’s $5 WiFi button to track baby data

Dash button + 55 gallon barrel of lube = double meme hilarity!

4 Likes

Doable, I’d say. Use a standard network hack to intercept the communication and redirect it to own server (not sure if it requires iptables tampering on the router, or just fake a DNS response on a local resolver), and you can use an unmodified button.

2 Likes

To find it I had to (shudder) look in the comments section of the video.

Are marketing people still giving away flash drives like candies? They used to, and there’s about 100 uses for free little memory sticks.

If these things work, marketing-wise, I can imagine them becoming free in a hurry. Want to sell more Tide? Hand out free Tide-buttons. And if they can easily be reprogrammed… how many original uses can you find?

1 Like

Not anymore. I used to get a ton every time a rep would try to push a new line, as they would fill them with manuals, troubleshooting guides, and brochures. Now they just give out the website’s address. I had a ton of low capacity drives that i reused because people always asked me for stuff off my computer, so I would copy it and give them the drive. It sure beats burning a disk, and better for the enviroment. Now a days I just put it in my DropBox and send them the link.

On that note my son recently went to his High School prom, and in the goody bag was a small 2200mah battery pack with the high school name. I thought that was a great idea.

2 Likes

If we push it to an extreme, people could rent their toilets. USHIT.
Start an app, check what door you can ring at when you must go.

Too late.

3 Likes

The “continue this discussion” link on this post is fucked up

I wouldn’t trust any thumb-drive given to me by a stranger.

Beer lauching fridge from Boingboing a few years ago.

1 Like

They’ve got a good domain name.

Oh, of course - good point! Just answer DNS queries for Amazon that originate from the Dash button’s IP with your own IP, and use netcat to pick up the traffic. Hadn’t even thought of that, but now it seems totally obvious (as all really good ideas do).

If it’s using hard-coded addresses that’s an iptables NAT rule to get the same result. No need to tamper with the button hardware at all.

1 Like

Just wait 'til you see what Boston Dynamics is doing with the IP of that thing…

No need for netcat, except for the testing. You can put a PHP script on the server and use it for triggering the desired action. Unless there’s an issue with the HTTPS handshake. Then I’d go via triggering the action via opening the connection to a script hanging on e.g. xinetd. The issue with shared port 80 or 443 (assuming the device uses standard ports and already running HTTP server on the machine) can be solved via assigning another IP address to the server machine.

Random thought. What about a dedicated IP range on the LAN, assigning the hardcoded IP to the server and handing the nearby IPs within some small netmask to the devices? Static DHCP assignment could work for that. Uses a public IP range on a private network, and violates standards, but that should not matter that much.

1 Like

Break in, replace all victim’s Dash buttons w/hacked 55gal Lube ones.

3 Likes

Another thought. The only thing the device does is to wake up, do DHCP, make a HTTP request, sleep again. Simple state machine, no branches, just a step by step process.

We can detect any of that, not just the HTTP request.

The device is identified by its MAC address. We can listen with a daemon (e.g. tcpdump, limited to DHCP request broadcasts with a given originating MAC address) piped to a script that triggers the action.

The broadcasts can be received by any machine on the network segment, which adds to the usefulness.

Same, after the device gets the IP address, goes for ARP. When it tries to connect out, it broadcasts an ARP request from its assigned IP address to the gateway IP. This can also be listened for.

1 Like

If it requests a DHCP address each time you press it, that’s enough to work with right there!

I’d guess so because it is sleeping for most of its life. Staying connected would be waste of power.

Of course it is just a hypothesis that requires checking.

1 Like

redirect it to own server (not sure if it requires iptables tampering on the router, or just fake a DNS response on a local resolver), and you can use an unmodified button.

I think you’re overthinking it. Just trigger the event as per the article and, instead of writing to a spreadsheet send emails or text messages to the list of recipients. If you want that script to also play a sound so people in the vicinity of the door but not on the distro are notified, easily done as well.

1 Like

Got mine today. Thanks for the info.

1 Like