I'm strangely comforted by the fact that OP had to work so hard to get in.
I was expecting that the pin software would be IoT-standard terrible, so it was a pleasant surprise to see that the Humane team did their best to use SELinux and lock it down.
No knock on them for not getting it 100% right here, and besides, it's always been the case that once an attacker has physical access they will eventually get in.
It would, but the vulnerability was found and patched in mainline Android a few months after the device came out, but with over half a year until support was dropped. We obviously can't expect them to have kept the OS up to date, especially given the pressure they were under, but applying security patches seems very reasonable.
“ Suddenly one day about a week in I got a random anonymous message on Signal containing a single file of 1,704 bytes. I cautiously examine this rogue file in a hex editor and find that it looks like a real private key.”
I’m very unfamiliar with Android development so I’m not sure what the author is implying here. Is this some random Humane owner sending his key to him, or maybe a former Humane employee?
Ooh, this is cool. The Humane was a cool form factor, and I always thought that hand laser projection thing looked awesome. Upshot is the author is a ninja and is building an open assistant platform on the pin, which first requires that the old pins be jailbroken. Significant (successful) effort ensues.
It makes me think of those laser projection keyboards that were widely sold as novelty items about 15ish years ago. It was futuristic even back then but considered mostly impractical
Is it that flawed? Maybe a bit early and not enough cash behind them as say a company like Meta or Apple (planning to pivot the VR headset into AR glasses).
While I agree it was ultimately flawed, I think it's likely that the core team at Humane genuinely thought this was the future of computing, and clearly put in a lot of effort.
... And maybe something like this is, it was probably just too early.
Wow this is such a cool hack. It seemed like a simple "known vuln" situation but there was so much more that had to be figured out! I wish I had one of these just to play with the open stack.
i dont understand why hardware companies when shutting down release the info necessary to hack ther devices.
This would at least let them be remembered in style, when people can still use the hardware.
A bit off topic perhaps but what's difficult about making this a product? Please forgive my ignorance. Its just a microphone, speaker, could be a Bluetooth controller and a battery, and have it go through your phone. Maybe a small local neural net to monitor for keyword locally.
I guess it's a few more parts if you don't want it to go through your phone, but is that all that's happening here? What am I missing?
Is the hard part just the size? Or battery efficiency? Seems like all stuff i have in my drawer from messing around w raspberry pis over the last ten years
The hard part is convincing investors that it's a good idea, so that they can drown you in gold. Or maybe that's the easy bit. I don't know.
The reason for failure here is lack of a killer app. Everyone is excited, then when they get it it's a glorified todo list and maybe it can read your texts. This failure mode is quite common and we've seen it with other devices like smart glasses, the Rabbit R1 pin, I suspect openAI's pin is going to be similar, and so on. Your average non-tech-enthusiast consumer will need a real good reason to carry around a front-facing camera full time.
This is something you can accomplish very easily in a ESP32 form factor, streaming audio over wifi/bluetooth. However, it doesn't fully deliver the same experience; the goal was for it to replace your phone, so it needs to support a lot more functionality such as data persistence, offline support, notifications, cellular, maybe some form of visual IO (the laser projector), etc.
From my perspective I was just interested in the excellent industrial design, which is something that is virtually impossible for a DIY setup to attain.
> From my perspective I was just interested in the excellent industrial design
Debatable. The pin ran hot and had a short battery life, often less than a day even with the extended battery. The magnetic attachment was fiddly to use, and some users had trouble with it not staying put. The laser projector had serious usability problems - it wasn't very bright or clear, and interacting with the projected image (which was required to unlock the device, among other features) was extremely awkward.
One can argue that some of these are implementation issues, but working within the limitations of available technology is an inextricable part of industrial design. Dreaming up a perfect fantasy device is easy; designing one which can actually be implemented is much harder.
When you need to produce thousands of them, and you've got market/product/engineering requirements, V&V, component sourcing, production tooling to set up, and, importantly, a budget, things get hard (or at least time consuming) quickly.
They are cool but both Humane pin and the Rabbit R1 products were largely flops and failures. I do hope in the next 10-20 years this same tech will advance and actually work and be cool.
The actual idea itself seems flawed rather than just the implementation. Ordering an uber on your phone and seeing where it is on the map is always going to be easier than trying to do it through voice and a hand projector.
And the rabbit was just an android app bundled with a low end phone.
I agree. It looked like a solution in search of a problem.
Which is very common when everyone has big hires screens and oodles of compute power in their pocket. What can a new entrant offer which couldn't be an app?
> I’m not sure what is next, but it’s coming, eventually.
Getting computers smaller and smaller gets impractical in terms of user interface. A possibility is neural implants. But the other direction we’re already facing is just smarter everything with microprocessors everywhere. Each device does not need to run Android to be useful (or annoying, because not everything needs to get smart and adding processing is also adding new and exciting failure modes). But each device still integrates a computer.
Some people think it is the eyeball (glasses), some people think it is the brain (NeuraLink). Some people think it is the wristwatch. The pins were an attempt at a pendant. I don't think anyone has tried the necklace, yet. A glove might also be interesting. If the peripheral keeps shrinking, it could be a ring, or set of rings, or an earring. Or a fairy that follows you around like in Ocarina of Time. We could write a theorem about convenience of use and capabilities at different scales for peripherals. It is worth noting that some sizes never really go obsolete, but rather enhance in power and capability.
Interaction on smaller devices is harder, so they focus more on consumption. The smart glasses will probably be annoying to interact with so you’ll just get a TikTok feed of endless content and maybe a single input to skip the current content and train the feed.
Smartphones exploded when devs were given a bunch of cool new I/O followed by rapid cost reduction. Shame that the startups doing the cool hardware don’t do that… can’t say it’s the funding. They sure had enough.
Smartphones exploded because they introduced a new, better form of input to the general market. Most use cases do NOT require fine precision of input, so buttons were unnecessary, and the market had already tried both few and many buttons. Smart on-screen keyboards and an UI entirely controllable with touch was a revolution people don't want to come back from until they DO need that precision, which is why gaming accessories like the bone exist, but are a niche.
A projector is none of that. A projector is a gimmick. The projector could cost $5 and it would still fail to capture an audience if it wasn't just a side-feature on a more conventional phone.
I guess I just don’t see the appeal over a smartphone. How often are your hands incapacitated where it warrants all the other advantages of that form factor? And the R1 form factor largely didn’t even have that advantage.
I'm strangely comforted by the fact that OP had to work so hard to get in.
I was expecting that the pin software would be IoT-standard terrible, so it was a pleasant surprise to see that the Humane team did their best to use SELinux and lock it down.
No knock on them for not getting it 100% right here, and besides, it's always been the case that once an attacker has physical access they will eventually get in.
Using a vulnerability not found until after the software stopped being maintained feels a bit like cheating :)
It would, but the vulnerability was found and patched in mainline Android a few months after the device came out, but with over half a year until support was dropped. We obviously can't expect them to have kept the OS up to date, especially given the pressure they were under, but applying security patches seems very reasonable.
I definitely agree. Humane cared about physical device security a lot and it really shows with how they built out the firmware.
Best of all, their security through obscurity.
Me too. Kudos to the team.
This part confused me:
“ Suddenly one day about a week in I got a random anonymous message on Signal containing a single file of 1,704 bytes. I cautiously examine this rogue file in a hex editor and find that it looks like a real private key.”
I’m very unfamiliar with Android development so I’m not sure what the author is implying here. Is this some random Humane owner sending his key to him, or maybe a former Humane employee?
Right. I think it's just a way of saying that he got the key through unorthadox means. But I'd say it's quite likely via a former employee.
Ooh, this is cool. The Humane was a cool form factor, and I always thought that hand laser projection thing looked awesome. Upshot is the author is a ninja and is building an open assistant platform on the pin, which first requires that the old pins be jailbroken. Significant (successful) effort ensues.
It makes me think of those laser projection keyboards that were widely sold as novelty items about 15ish years ago. It was futuristic even back then but considered mostly impractical
Seeing that it's a super flawed idea, surprising that Humane put in so much effort in this product. I thought it was just a quick cash grab attempt.
Reminds me of juicero, apperently it's engineering was also pretty solid.
The juicero wasn't well-engineered, it was overbuilt, and comically so. Apparently BOM cost did not feature in the product requirements.
There's a saying - anyone can design a building that stands, but only an engineer can design a building that just barely stands.
> There's a saying - anyone can design a building that stands, but only an engineer can design a building that just barely stands.
Haven't heard that one but it makes a lot of sense lol
Is it that flawed? Maybe a bit early and not enough cash behind them as say a company like Meta or Apple (planning to pivot the VR headset into AR glasses).
While I agree it was ultimately flawed, I think it's likely that the core team at Humane genuinely thought this was the future of computing, and clearly put in a lot of effort.
... And maybe something like this is, it was probably just too early.
Wow this is such a cool hack. It seemed like a simple "known vuln" situation but there was so much more that had to be figured out! I wish I had one of these just to play with the open stack.
i dont understand why hardware companies when shutting down release the info necessary to hack ther devices. This would at least let them be remembered in style, when people can still use the hardware.
This way they will just be forgotten.
Wow, there’s so many levels of investigation and depth to getting this device opened. The short section on the eSIM seems like a story in of itself!
Somewhat incredible people have this much dedicated focus.
When it takes a ninja-level hacker to break in, at least they tried harder than most IoT companies.
A bit off topic perhaps but what's difficult about making this a product? Please forgive my ignorance. Its just a microphone, speaker, could be a Bluetooth controller and a battery, and have it go through your phone. Maybe a small local neural net to monitor for keyword locally.
I guess it's a few more parts if you don't want it to go through your phone, but is that all that's happening here? What am I missing?
Is the hard part just the size? Or battery efficiency? Seems like all stuff i have in my drawer from messing around w raspberry pis over the last ten years
The hard part is convincing investors that it's a good idea, so that they can drown you in gold. Or maybe that's the easy bit. I don't know.
The reason for failure here is lack of a killer app. Everyone is excited, then when they get it it's a glorified todo list and maybe it can read your texts. This failure mode is quite common and we've seen it with other devices like smart glasses, the Rabbit R1 pin, I suspect openAI's pin is going to be similar, and so on. Your average non-tech-enthusiast consumer will need a real good reason to carry around a front-facing camera full time.
They engineered it properly, which costs a lot. Rabbit R1 was much like how you described; repurposed cheap Android phone with minimal gimmick.
This one looked a lot more lovely thanks to the amount of brain juice spent on it, but otherwise, the end result was ~same.
This is something you can accomplish very easily in a ESP32 form factor, streaming audio over wifi/bluetooth. However, it doesn't fully deliver the same experience; the goal was for it to replace your phone, so it needs to support a lot more functionality such as data persistence, offline support, notifications, cellular, maybe some form of visual IO (the laser projector), etc.
From my perspective I was just interested in the excellent industrial design, which is something that is virtually impossible for a DIY setup to attain.
> From my perspective I was just interested in the excellent industrial design
Debatable. The pin ran hot and had a short battery life, often less than a day even with the extended battery. The magnetic attachment was fiddly to use, and some users had trouble with it not staying put. The laser projector had serious usability problems - it wasn't very bright or clear, and interacting with the projected image (which was required to unlock the device, among other features) was extremely awkward.
One can argue that some of these are implementation issues, but working within the limitations of available technology is an inextricable part of industrial design. Dreaming up a perfect fantasy device is easy; designing one which can actually be implemented is much harder.
What do you mean by 'making this a product?'
Building proofs of concept isn't that hard.
When you need to produce thousands of them, and you've got market/product/engineering requirements, V&V, component sourcing, production tooling to set up, and, importantly, a budget, things get hard (or at least time consuming) quickly.
It's got a nifty laser projector, that's it. It could be a smartphone app.
They are cool but both Humane pin and the Rabbit R1 products were largely flops and failures. I do hope in the next 10-20 years this same tech will advance and actually work and be cool.
The actual idea itself seems flawed rather than just the implementation. Ordering an uber on your phone and seeing where it is on the map is always going to be easier than trying to do it through voice and a hand projector.
And the rabbit was just an android app bundled with a low end phone.
I agree. It looked like a solution in search of a problem.
Which is very common when everyone has big hires screens and oodles of compute power in their pocket. What can a new entrant offer which couldn't be an app?
Workstations put a computer on your desk.
Laptops put a computer in your backpack.
Smartphones put a computer in your pocket.
(I’m not sure what is next, but it’s coming, eventually.)
> I’m not sure what is next, but it’s coming, eventually.
Getting computers smaller and smaller gets impractical in terms of user interface. A possibility is neural implants. But the other direction we’re already facing is just smarter everything with microprocessors everywhere. Each device does not need to run Android to be useful (or annoying, because not everything needs to get smart and adding processing is also adding new and exciting failure modes). But each device still integrates a computer.
Some people think it is the eyeball (glasses), some people think it is the brain (NeuraLink). Some people think it is the wristwatch. The pins were an attempt at a pendant. I don't think anyone has tried the necklace, yet. A glove might also be interesting. If the peripheral keeps shrinking, it could be a ring, or set of rings, or an earring. Or a fairy that follows you around like in Ocarina of Time. We could write a theorem about convenience of use and capabilities at different scales for peripherals. It is worth noting that some sizes never really go obsolete, but rather enhance in power and capability.
Interaction on smaller devices is harder, so they focus more on consumption. The smart glasses will probably be annoying to interact with so you’ll just get a TikTok feed of endless content and maybe a single input to skip the current content and train the feed.
The answer is so clearly the glasses and always has been. Private audio output, visual information on a HUD.
Smartphones exploded when devs were given a bunch of cool new I/O followed by rapid cost reduction. Shame that the startups doing the cool hardware don’t do that… can’t say it’s the funding. They sure had enough.
Smartphones exploded because they introduced a new, better form of input to the general market. Most use cases do NOT require fine precision of input, so buttons were unnecessary, and the market had already tried both few and many buttons. Smart on-screen keyboards and an UI entirely controllable with touch was a revolution people don't want to come back from until they DO need that precision, which is why gaming accessories like the bone exist, but are a niche.
A projector is none of that. A projector is a gimmick. The projector could cost $5 and it would still fail to capture an audience if it wasn't just a side-feature on a more conventional phone.
I guess I just don’t see the appeal over a smartphone. How often are your hands incapacitated where it warrants all the other advantages of that form factor? And the R1 form factor largely didn’t even have that advantage.
> How often are your hands incapacitated where it warrants all the other advantages of that form factor?
Even then, that use case is covered by Bluetooth headphones connected to a phone that can be either in a pocket or stowed safely 10m away.
Sometimes the best treasures are found in failed products, it's like getting a $700 AI pin for $300 and a lot of weekend hacking fun