I'm strangely comforted by the fact that OP had to work so hard to get in.
I was expecting that the pin software would be IoT-standard terrible, so it was a pleasant surprise to see that the Humane team did their best to use SELinux and lock it down.
No knock on them for not getting it 100% right here, and besides, it's always been the case that once an attacker has physical access they will eventually get in.
philipwhiuk 1 days ago [-]
Using a vulnerability not found until after the software stopped being maintained feels a bit like cheating :)
agg23 1 days ago [-]
It would, but the vulnerability was found and patched in mainline Android a few months after the device came out, but with over half a year until support was dropped. We obviously can't expect them to have kept the OS up to date, especially given the pressure they were under, but applying security patches seems very reasonable.
agg23 1 days ago [-]
I definitely agree. Humane cared about physical device security a lot and it really shows with how they built out the firmware.
jkestner 1 days ago [-]
Best of all, their security through obscurity.
vayup 1 days ago [-]
Me too. Kudos to the team.
dreadnip 1 days ago [-]
This part confused me:
“ Suddenly one day about a week in I got a random anonymous message on Signal containing a single file of 1,704 bytes. I cautiously examine this rogue file in a hex editor and find that it looks like a real private key.”
I’m very unfamiliar with Android development so I’m not sure what the author is implying here. Is this some random Humane owner sending his key to him, or maybe a former Humane employee?
msephton 1 days ago [-]
Right. I think it's just a way of saying that he got the key through unorthadox means. But I'd say it's quite likely via a former employee.
vessenes 1 days ago [-]
Ooh, this is cool. The Humane was a cool form factor, and I always thought that hand laser projection thing looked awesome. Upshot is the author is a ninja and is building an open assistant platform on the pin, which first requires that the old pins be jailbroken. Significant (successful) effort ensues.
1 days ago [-]
torginus 1 days ago [-]
It makes me think of those laser projection keyboards that were widely sold as novelty items about 15ish years ago. It was futuristic even back then but considered mostly impractical
didip 1 days ago [-]
Seeing that it's a super flawed idea, surprising that Humane put in so much effort in this product. I thought it was just a quick cash grab attempt.
krzat 1 days ago [-]
Reminds me of juicero, apperently it's engineering was also pretty solid.
0_____0 1 days ago [-]
The juicero wasn't well-engineered, it was overbuilt, and comically so. Apparently BOM cost did not feature in the product requirements.
There's a saying - anyone can design a building that stands, but only an engineer can design a building that just barely stands.
lnenad 19 hours ago [-]
> There's a saying - anyone can design a building that stands, but only an engineer can design a building that just barely stands.
Haven't heard that one but it makes a lot of sense lol
chrischen 1 days ago [-]
Is it that flawed? Maybe a bit early and not enough cash behind them as say a company like Meta or Apple (planning to pivot the VR headset into AR glasses).
Closi 23 hours ago [-]
While I agree it was ultimately flawed, I think it's likely that the core team at Humane genuinely thought this was the future of computing, and clearly put in a lot of effort.
... And maybe something like this is, it was probably just too early.
aftbit 1 days ago [-]
Wow this is such a cool hack. It seemed like a simple "known vuln" situation but there was so much more that had to be figured out! I wish I had one of these just to play with the open stack.
buildbot 1 days ago [-]
Wow, there’s so many levels of investigation and depth to getting this device opened. The short section on the eSIM seems like a story in of itself!
Somewhat incredible people have this much dedicated focus.
kotaKat 16 hours ago [-]
The eSIM stuff is amusing, given the limitations Humane had in production. IIRC, they had issues removing the T-Mobile account from Pins for reuse, among other things, and it was likely because of this crazy LPA implementation. I assume they were hoping to stay alive long enough to fix the LPA issues and be able to re-issue Pins… :(
elysianPanel2 1 days ago [-]
When it takes a ninja-level hacker to break in, at least they tried harder than most IoT companies.
busssard 19 hours ago [-]
i dont understand why hardware companies when shutting down release the info necessary to hack ther devices.
This would at least let them be remembered in style, when people can still use the hardware.
This way they will just be forgotten.
bko 1 days ago [-]
A bit off topic perhaps but what's difficult about making this a product? Please forgive my ignorance. Its just a microphone, speaker, could be a Bluetooth controller and a battery, and have it go through your phone. Maybe a small local neural net to monitor for keyword locally.
I guess it's a few more parts if you don't want it to go through your phone, but is that all that's happening here? What am I missing?
Is the hard part just the size? Or battery efficiency? Seems like all stuff i have in my drawer from messing around w raspberry pis over the last ten years
agg23 1 days ago [-]
This is something you can accomplish very easily in a ESP32 form factor, streaming audio over wifi/bluetooth. However, it doesn't fully deliver the same experience; the goal was for it to replace your phone, so it needs to support a lot more functionality such as data persistence, offline support, notifications, cellular, maybe some form of visual IO (the laser projector), etc.
From my perspective I was just interested in the excellent industrial design, which is something that is virtually impossible for a DIY setup to attain.
duskwuff 1 days ago [-]
> From my perspective I was just interested in the excellent industrial design
Debatable. The pin ran hot and had a short battery life, often less than a day even with the extended battery. The magnetic attachment was fiddly to use, and some users had trouble with it not staying put. The laser projector had serious usability problems - it wasn't very bright or clear, and interacting with the projected image (which was required to unlock the device, among other features) was extremely awkward.
One can argue that some of these are implementation issues, but working within the limitations of available technology is an inextricable part of industrial design. Dreaming up a perfect fantasy device is easy; designing one which can actually be implemented is much harder.
numpad0 20 hours ago [-]
They engineered it properly, which costs a lot. Rabbit R1 was much like how you described; repurposed cheap Android phone with minimal gimmick.
This one looked a lot more lovely thanks to the amount of brain juice spent on it, but otherwise, the end result was ~same.
beAbU 19 hours ago [-]
The hard part is convincing investors that it's a good idea, so that they can drown you in gold. Or maybe that's the easy bit. I don't know.
The reason for failure here is lack of a killer app. Everyone is excited, then when they get it it's a glorified todo list and maybe it can read your texts. This failure mode is quite common and we've seen it with other devices like smart glasses, the Rabbit R1 pin, I suspect openAI's pin is going to be similar, and so on. Your average non-tech-enthusiast consumer will need a real good reason to carry around a front-facing camera full time.
0_____0 1 days ago [-]
What do you mean by 'making this a product?'
Building proofs of concept isn't that hard.
When you need to produce thousands of them, and you've got market/product/engineering requirements, V&V, component sourcing, production tooling to set up, and, importantly, a budget, things get hard (or at least time consuming) quickly.
bobsmooth 1 days ago [-]
It's got a nifty laser projector, that's it. It could be a smartphone app.
edm0nd 1 days ago [-]
They are cool but both Humane pin and the Rabbit R1 products were largely flops and failures. I do hope in the next 10-20 years this same tech will advance and actually work and be cool.
Gigachad 1 days ago [-]
The actual idea itself seems flawed rather than just the implementation. Ordering an uber on your phone and seeing where it is on the map is always going to be easier than trying to do it through voice and a hand projector.
And the rabbit was just an android app bundled with a low end phone.
SpecialistK 1 days ago [-]
I agree. It looked like a solution in search of a problem.
Which is very common when everyone has big hires screens and oodles of compute power in their pocket. What can a new entrant offer which couldn't be an app?
brightbeige 1 days ago [-]
Workstations put a computer on your desk.
Laptops put a computer in your backpack.
Smartphones put a computer in your pocket.
(I’m not sure what is next, but it’s coming, eventually.)
shomp 1 days ago [-]
Some people think it is the eyeball (glasses), some people think it is the brain (NeuraLink). Some people think it is the wristwatch. The pins were an attempt at a pendant. I don't think anyone has tried the necklace, yet. A glove might also be interesting. If the peripheral keeps shrinking, it could be a ring, or set of rings, or an earring. Or a fairy that follows you around like in Ocarina of Time. We could write a theorem about convenience of use and capabilities at different scales for peripherals. It is worth noting that some sizes never really go obsolete, but rather enhance in power and capability.
Gigachad 1 days ago [-]
Interaction on smaller devices is harder, so they focus more on consumption. The smart glasses will probably be annoying to interact with so you’ll just get a TikTok feed of endless content and maybe a single input to skip the current content and train the feed.
kergonath 19 hours ago [-]
> I’m not sure what is next, but it’s coming, eventually.
Getting computers smaller and smaller gets impractical in terms of user interface. A possibility is neural implants. But the other direction we’re already facing is just smarter everything with microprocessors everywhere. Each device does not need to run Android to be useful (or annoying, because not everything needs to get smart and adding processing is also adding new and exciting failure modes). But each device still integrates a computer.
dbbk 21 hours ago [-]
The answer is so clearly the glasses and always has been. Private audio output, visual information on a HUD.
1 days ago [-]
jkestner 1 days ago [-]
Smartphones exploded when devs were given a bunch of cool new I/O followed by rapid cost reduction. Shame that the startups doing the cool hardware don’t do that… can’t say it’s the funding. They sure had enough.
touchscreenstho 1 days ago [-]
Smartphones exploded because they introduced a new, better form of input to the general market. Most use cases do NOT require fine precision of input, so buttons were unnecessary, and the market had already tried both few and many buttons. Smart on-screen keyboards and an UI entirely controllable with touch was a revolution people don't want to come back from until they DO need that precision, which is why gaming accessories like the bone exist, but are a niche.
A projector is none of that. A projector is a gimmick. The projector could cost $5 and it would still fail to capture an audience if it wasn't just a side-feature on a more conventional phone.
mattnewton 1 days ago [-]
I guess I just don’t see the appeal over a smartphone. How often are your hands incapacitated where it warrants all the other advantages of that form factor? And the R1 form factor largely didn’t even have that advantage.
kergonath 19 hours ago [-]
> How often are your hands incapacitated where it warrants all the other advantages of that form factor?
Even then, that use case is covered by Bluetooth headphones connected to a phone that can be either in a pocket or stowed safely 10m away.
bobxmax 1 days ago [-]
[dead]
quantumVale33 1 days ago [-]
Sometimes the best treasures are found in failed products, it's like getting a $700 AI pin for $300 and a lot of weekend hacking fun
I was expecting that the pin software would be IoT-standard terrible, so it was a pleasant surprise to see that the Humane team did their best to use SELinux and lock it down.
No knock on them for not getting it 100% right here, and besides, it's always been the case that once an attacker has physical access they will eventually get in.
“ Suddenly one day about a week in I got a random anonymous message on Signal containing a single file of 1,704 bytes. I cautiously examine this rogue file in a hex editor and find that it looks like a real private key.”
I’m very unfamiliar with Android development so I’m not sure what the author is implying here. Is this some random Humane owner sending his key to him, or maybe a former Humane employee?
There's a saying - anyone can design a building that stands, but only an engineer can design a building that just barely stands.
Haven't heard that one but it makes a lot of sense lol
... And maybe something like this is, it was probably just too early.
Somewhat incredible people have this much dedicated focus.
This way they will just be forgotten.
I guess it's a few more parts if you don't want it to go through your phone, but is that all that's happening here? What am I missing?
Is the hard part just the size? Or battery efficiency? Seems like all stuff i have in my drawer from messing around w raspberry pis over the last ten years
From my perspective I was just interested in the excellent industrial design, which is something that is virtually impossible for a DIY setup to attain.
Debatable. The pin ran hot and had a short battery life, often less than a day even with the extended battery. The magnetic attachment was fiddly to use, and some users had trouble with it not staying put. The laser projector had serious usability problems - it wasn't very bright or clear, and interacting with the projected image (which was required to unlock the device, among other features) was extremely awkward.
One can argue that some of these are implementation issues, but working within the limitations of available technology is an inextricable part of industrial design. Dreaming up a perfect fantasy device is easy; designing one which can actually be implemented is much harder.
This one looked a lot more lovely thanks to the amount of brain juice spent on it, but otherwise, the end result was ~same.
The reason for failure here is lack of a killer app. Everyone is excited, then when they get it it's a glorified todo list and maybe it can read your texts. This failure mode is quite common and we've seen it with other devices like smart glasses, the Rabbit R1 pin, I suspect openAI's pin is going to be similar, and so on. Your average non-tech-enthusiast consumer will need a real good reason to carry around a front-facing camera full time.
Building proofs of concept isn't that hard.
When you need to produce thousands of them, and you've got market/product/engineering requirements, V&V, component sourcing, production tooling to set up, and, importantly, a budget, things get hard (or at least time consuming) quickly.
And the rabbit was just an android app bundled with a low end phone.
Which is very common when everyone has big hires screens and oodles of compute power in their pocket. What can a new entrant offer which couldn't be an app?
Laptops put a computer in your backpack.
Smartphones put a computer in your pocket.
(I’m not sure what is next, but it’s coming, eventually.)
Getting computers smaller and smaller gets impractical in terms of user interface. A possibility is neural implants. But the other direction we’re already facing is just smarter everything with microprocessors everywhere. Each device does not need to run Android to be useful (or annoying, because not everything needs to get smart and adding processing is also adding new and exciting failure modes). But each device still integrates a computer.
A projector is none of that. A projector is a gimmick. The projector could cost $5 and it would still fail to capture an audience if it wasn't just a side-feature on a more conventional phone.
Even then, that use case is covered by Bluetooth headphones connected to a phone that can be either in a pocket or stowed safely 10m away.