Ooh, this is cool. The Humane was a cool form factor, and I always thought that hand laser projection thing looked awesome. Upshot is the author is a ninja and is building an open assistant platform on the pin, which first requires that the old pins be jailbroken. Significant (successful) effort ensues.
Wow this is such a cool hack. It seemed like a simple "known vuln" situation but there was so much more that had to be figured out! I wish I had one of these just to play with the open stack.
I'm strangely comforted by the fact that OP had to work so hard to get in.
I was expecting that the pin software would be IoT-standard terrible, so it was a pleasant surprise to see that the Humane team did their best to use SELinux and lock it down.
No knock on them for not getting it 100% right here, and besides, it's always been the case that once an attacker has physical access they will eventually get in.
They are cool but both Humane pin and the Rabbit R1 products were largely flops and failures. I do hope in the next 10-20 years this same tech will advance and actually work and be cool.
A bit off topic perhaps but what's difficult about making this a product? Please forgive my ignorance. Its just a microphone, speaker, could be a Bluetooth controller and a battery, and have it go through your phone. Maybe a small local neural net to monitor for keyword locally.
I guess it's a few more parts if you don't want it to go through your phone, but is that all that's happening here? What am I missing?
Is the hard part just the size? Or battery efficiency? Seems like all stuff i have in my drawer from messing around w raspberry pis over the last ten years
The hard part is convincing investors that it's a good idea, so that they can drown you in gold. Or maybe that's the easy bit. I don't know.
The reason for failure here is lack of a killer app. Everyone is excited, then when they get it it's a glorified todo list and maybe it can read your texts. This failure mode is quite common and we've seen it with other devices like smart glasses, the Rabbit R1 pin, I suspect openAI's pin is going to be similar, and so on. Your average non-tech-enthusiast consumer will need a real good reason to carry around a front-facing camera full time.
The eSIM stuff is amusing, given the limitations Humane had in production. IIRC, they had issues removing the T-Mobile account from Pins for reuse, among other things, and it was likely because of this crazy LPA implementation. I assume they were hoping to stay alive long enough to fix the LPA issues and be able to re-issue Pins… :(
“ Suddenly one day about a week in I got a random anonymous message on Signal containing a single file of 1,704 bytes. I cautiously examine this rogue file in a hex editor and find that it looks like a real private key.”
I’m very unfamiliar with Android development so I’m not sure what the author is implying here. Is this some random Humane owner sending his key to him, or maybe a former Humane employee?
i dont understand why hardware companies when shutting down release the info necessary to hack ther devices.
This would at least let them be remembered in style, when people can still use the hardware.
14 comments
[ 6.6 ms ] story [ 33.0 ms ] threadI was expecting that the pin software would be IoT-standard terrible, so it was a pleasant surprise to see that the Humane team did their best to use SELinux and lock it down.
No knock on them for not getting it 100% right here, and besides, it's always been the case that once an attacker has physical access they will eventually get in.
I guess it's a few more parts if you don't want it to go through your phone, but is that all that's happening here? What am I missing?
Is the hard part just the size? Or battery efficiency? Seems like all stuff i have in my drawer from messing around w raspberry pis over the last ten years
This one looked a lot more lovely thanks to the amount of brain juice spent on it, but otherwise, the end result was ~same.
The reason for failure here is lack of a killer app. Everyone is excited, then when they get it it's a glorified todo list and maybe it can read your texts. This failure mode is quite common and we've seen it with other devices like smart glasses, the Rabbit R1 pin, I suspect openAI's pin is going to be similar, and so on. Your average non-tech-enthusiast consumer will need a real good reason to carry around a front-facing camera full time.
Somewhat incredible people have this much dedicated focus.
“ Suddenly one day about a week in I got a random anonymous message on Signal containing a single file of 1,704 bytes. I cautiously examine this rogue file in a hex editor and find that it looks like a real private key.”
I’m very unfamiliar with Android development so I’m not sure what the author is implying here. Is this some random Humane owner sending his key to him, or maybe a former Humane employee?
This way they will just be forgotten.