You private data is leaking in to criminal hands. Do you care?

A staggering list of data breaches is available from the attrition.org Data Loss Archive and Database. Read it and be amazed at how many banks, schools, and credit card companies lose control of personal data every month.

This should also serve as a reminder of how many organizations collect your personal data. When taken together, this data becomes a powerful indicator of who you are. These indicators can be used to more precisely manipulate you through your passions and desires.

I got back the boards for my first project/product. It soldered up easily, the microcontroller code ran fine, and it keeps time beautifully. Behold, my Meter Clock prototype:

So what time does the clock read?

And here’s the back side. All the parts are regular through-hole parts, which make it easy to solder.

Now I need to make a few minor tweaks, work up a set of instructions, create a nice case/housing, figure out a method of kitting the project, and design some hip-looking meter faces. And maybe find a cheaper source for those spendy meters…

I managed to hand-solder one of my transceiver boards — the one that includes many 0402 components and one CSP (chip-scale package). Here’s my handiwork:

I used some ancient 0.030″ rosin-core solder and equally-ancient Xytronic Auto-Temp soldering iron. Both were purchased about 20years ago. The tip on the iron is much larger than the components I’m soldering, and the rosin-core solder is probably killing me a little bit with every breath I take. Maybe I should consider upgrading my equipment. A little defluxer wouldn’t hurt either.

First, I tackled the CC2500 chip. I figured if I couldn’t get that to stick correctly, I shouldn’t waste my time soldering the other parts on the board. I did the customary thing of putting a slight blob of solder on one pad and then reheating that blob as I rested the part on the blob, in the correct location. I had to adjust the position a little bit by reheating that pin and nudging the part until the pins were aligned with the pads along all four sides. Once the part was in place, I’d clean the tip of the iron and put a fresh bit of solder on the end. Then I’d touch that bit to one or more unsoldered pins (”one or more” because my soldering iron tip is way larger than a single pin on this IC). I’d give the solder a couple of seconds to flow, and then pull the tip directly away from the part. Moving the iron directly away from the part lowers the chance of creating a solder bridge between parts, as the solder surface tension will be mostly between the pin(s) and the iron tip. What’s nice about the CC2500 chip-scale package is that the pins are difficult to damage, unlike a PQFP package with spindly leads several millimeters long. I did not put any solder on the center pad under the chip. I’m hoping I can get away with this, as I’m not sure how I’ll flow solder in from the other side — the via holes through the board are likely too narrow.

Next, the 0402 components. Again, I used the common practice of blobbing one of the pads a bit. Then I’d place the part on top of the blob and melt the blob. Sometimes the part would still be a bit crooked, or maybe it wasn’t sitting flat on the board. So I’d use the tweezers or my fingernail to push the part into place while I reheated the pad. Then I’d put a big blob down on the opposite pin — sometimes that’s what it took to get good flow with the very small exposed portion of the pad. If the resulting blob was disgustingly big, I’d shrink it a bit with solder wick.

The only other tricky part was flat-pack microcontroller. This was perhaps the trickiest part. I pinned down two pins on opposite sides of the package. Then I soldered each pin, but went too heavy on the solder. In cleaning it up with solder wick, I pushed some solder blobs behind the pins. My only option was to re-wet the area with solder and clean it up with solder wick. (Surface tension is so handy sometimes!) I tried again, using a technique more like the one I used with the CC2500 (described earlier).

I checked for conduction between pins on all the packages using my multimeter. It has very fine probes, and with patience and a steady hand, you can tell if you’re going to let the smoke out when you hook up your project. Of course, you should also check for continuity and resistance between power and ground.

My shopping list: First, I should get smaller-diameter solder — perhaps 0.020 or finer. A finer soldering iron tip would be nice (maybe I can grind down the one I have). I should also get some solder flux I can apply before or after. I need a means to clean up the flux — sensitive and high-frequency projects can misbehave and suffer from the contamination. I’ve heard that rubbing alcohol can deflux, so I’m going to give that a try before I buy something special. I should also improvise some means of venting all the fumes.

One of my projects involves soldering electronic components in 0402 (a.k.a. 1005) packages. 0402 components are 0.040″ x 0.020″ square (1.0mm x 0.5mm). Here’s a few of those components, photographed next to a U.S. penny:

I practiced soldering one piece between the pads on a 0.100″ breadboard, with my 20-year-old cheap soldering iron. With a good set of tweezers and some care, it wasn’t so hard. We’ll see how I do with a whole board full of them. Plus, I need to somehow solder these:

I’ll update with what I’ve learned from the process. I’m going to use my prior experience soldering PQFP and slightly larger caps. I’m also going to try some of the techniques used by Spark Fun Electronics.

With radio-frequency technologies becoming so inexpensive and commonplace, I thought I’d frighten myself by jotting down all of the ways I might transmit my presence and identity into the air. As time goes on, I’ll flesh out this post with more details about what each device actually transmits.

• Cell phones: GSM and CDMA. I’m sure they actively transmit identifying information, but it may be encrypted. Hopefully it’s done with some sort of stream cypher or key renegotiation, so that there aren’t recognizable recurring patters for each device.
• Wi-Fi: 802.11a/b/g/n. I’m reasonably sure the older technologies (i.e. 802.11b) transmit MAC addresses in the clear. The newer technologies? I’m not sure… And unless they’re associated with an access point, they’re probably passively sniffing, and therefore undetectable.
• Bluetooth: I’m not sure how much beacon data is actively transmitted or how it’s transmitted. But there’s probably a MAC address of some sort…
• Nike+iPod: Transmits a serial number in the 2.45GHz range, using a Nordic 2401 device. [more info]
• RFID credit cards: Some companies are issuing credit cards capable of making transactions over a short-range wireless link. My understanding is they’re using an ISO standard for this. People have demonstrated relay attacks on these cards, and first generation cards apparently had unencrypted customer data on them.
• Access cards: Often carried in wallets and purses, these are used to open doors, enter buses or subways, etc. These are passive devices that must be activated by energy from a strong electromagnetic field at a certain frequency. Some devices are demonstrated to be vulnerable to relay attacks. Can they be interrogated to transmit some sort of identifying information?
• RFID passports: Governments around the world are issuing passports with encrypted personal data, based on an ISO standard. While the data itself is protected by encryption, it may possible to interrogate the encrypted signature and use it as an identifying cookie. These devices are demonstrably vulnerable to relay attacks. [more info]
• RFID-tagged products: Retailers (Wal-Mart, Gap) are selling products with RFID tags acting as a sort of UPC code, serial number, and security device all rolled into one. If these devices are not deactivated (killed) during the checkout process, they could be interrogated in the wild. If I’m wearing clothing with embedded tags, I’d have a cloud of RFID serial numbers swirling around me.
• RFID-tagged automobiles: I’ve seen photos of RFID tags embedded behind the plastic bumpers of new vehicles. The intent, I believe, is to create a difficult-to-forge VIN mechanism. Of course, it can also be scanned by proximity…
• RFID luggage: Airports are using RFID tags to track baggage through their handling systems. I know from first-hand experience that the Hong Kong airport is doing this [PDF link]. If I neglect to remove the tags from my luggage, my luggage can serve to identify me as I travel.
• Spurious emissions: Devices that aren’t designed for radio may still give away information about you. For instance, a company is marketing billboards that can detect which radio station you’re listening to as you drive by [link]. This is done by detecting, from a distance of hundreds of feet, low-level signals radiating from your car radio receiver. Hearing aids, pacemakers, and PDAs can all emit identifiable signals.

Want to add something to the list? Leave me a comment.