Not a day goes by without another IoT security hack. If you’re wondering why you don’t want your front doorbell connected to the Internet, this hack should convince you.
The hack is unfathomably stupid. You press the button on the back of the unit that pairs the doorbell with your home WiFi network, and it transmits the password in the clear. Sigh. It’s since been fixed, and we suppose that’s a good thing, but we can’t resist thinking for a moment about an alternative implementation.
Imagine, like all previous non-IoT wireless doorbells, that the doorbell transmitted a not-very coded signal over an open frequency like 433 MHz to a receiver inside your home. Do the same with the video stream. Now the receiver can be connected to the Internet, and can be significantly more secure because it’s behind your locked front door. The attack surface presented to the outside world by the doorbell itself is small, and limited to faking a doorbell press or showing you pictures you don’t want to see. Yawn.
But because the outside doorbell unit could be connected to a network, it was. Now the attack surface extends into your home’s network, and if you’re like most people, the WiFi router was your only real defense.
Now we love the IoT, in principle. There are tons of interesting applications that need the sort of bandwidth or remote availability that the Internet provides. We’re just not convinced yet that a doorbell, or a fridge for that matter, meet the criteria. But it does add a hundred bucks to the price tag, so that’s good, right? What do you think? When does the risk of IoT justify the reward?
Thanks [Dielectric] for the tip!
Forgot your apartment keys? If you’ve got a ritzy building with a doorman, no problem. If your digs are a little more modest, you might only have an intercom panel that calls up to your apartment so someone can buzz you in. But if nobody is home, you’re out of luck. That’s why [Paweł] spent an hour whipping up an intercom connected automation system pack full of goodies.
The design is pretty simple – an ATMega328P to snoop on the analog phone ringer in the apartment when the intercom call button is pushed, and a relay wired in parallel with the door switch to buzz him in. For added security, the microcontroller detects the pattern of button presses and prevents unwanted guests from accessing the lobby. Things got really fun when [Paweł] added a PCM audio module to play random audio clips through the intercom. As you can see in the video below, an incorrect code might result in a barking dog or a verbal put-down. But [Paweł] earns extra points for including the Super Mario Bros sound clip and for the mashup of the “Imperial March” with “The Girl from Ipanema”.
True, we’ve seen a slightly more polished but less [Mario] version of this project before, but the presentation of this particular hack has us grinning from ear to ear.
Continue reading “Hacked Apartment Intercom Barks at You or Buzzes You In”
One day, [Samy]’s best friend [Matt] mentioned he had a wireless doorbell. Astonishing. Even more amazing is the fact that anyone can buy a software defined radio for $20, a small radio module from eBay for $4, and a GSM breakout board for $40. Connect these pieces together, and you have a device that can ring [Matt]’s doorbell from anywhere on the planet. Yes, it’s the ultimate over-engineered ding dong ditch, and a great example of how far you can take practical jokes if you know which end of a soldering iron to pick up.
Simply knowing [Matt] has a wireless doorbell is not enough; [Samy] needed to know the frequency, the modulation scheme, and what the doorbell was sending. Some of this information can be found by looking up the FCC ID, but [Samy] found a better way. When [Matt] was out of his house, [Samy] simply rang the doorbell a bunch of times while looking at the waterfall plot with an RTL-SDR TV tuner. There are a few common frequencies tiny, cheap remote controls will commonly use – 315 MHz, 433 MHz, and 900 MHz. Eventually, [Samy] found the frequency the doorbell was transmitting at – 433.8 MHz.
After capturing the radio signal from the doorbell, [Samy] looked at the audio waveform in Audacity. It looked like this doorbell used On-Off Keying, or just turning the radio on for a binary ‘1’ and off for a binary ‘0’. In Audacity, everything the doorbell transmits becomes crystal clear, and with a $4 434 MHz transmitter from SparkFun, [Samy] can replicate the output of the doorbell.
For the rest of the build, [Samy] is using a mini GSM cellular breakout board from Adafruit. This module listens for any text message containing the word ‘doorbell’ and sends a signal to an Arduino. The Arduino then sends out the doorbell code with the transmitter. It’s evil, and extraordinarily over-engineered.
Right now, the ding dong ditch project is set up somewhere across the street from [Matt]’s house. The device reportedly works great, and hopefully hasn’t been abused too much. Video below.
Continue reading “Over-engineering Ding Dong Ditch”
When you move into an old house, you are bound to have some home repairs in your future. [Ben] discovered this after moving into his home, built in 1929. The house had a mail slot that was in pretty bad shape. The slot was rusted and stuck open, it was covered in old nasty caulk, and it had a built-in doorbell that was no longer functional. [Ben] took it upon himself to fix it up.
The first thing on the agenda was to fix the doorbell. After removing the old one, [Ben] was able to expose the original cloth-insulated wiring. He managed to trace the wires back to his basement and, to his surprise, they seemed to be functional. He replaced the old doorbell button with a new momentary button and then hooked up a DIY doorbell using an XBee radio. [Ben] already had an XBee base station for his Raspberry Pi, so he was wrote a script that could send a notification to his phone whenever the doorbell was pushed.
Unfortunately, the old wiring just didn’t hold up. The push button only worked sporadically. [Ben] ended up purchasing an off the shelf wireless doorbell. He didn’t want to have to stick the included ugly plastic button onto the front of his house though, so [Ben] had to figure out how to trigger the new doorbell using the nice metallic button. He used the macro lens on his iPhone to follow the traces on the PCB until he was able to locate the correct points to trigger the doorbell. Then it was just a matter of a quick soldering job and he had a functional doorbell.
Once the electronics upgrades were complete, he moved on to fixing up the look of the mail slot. He had to remove the rust using a wire brush and sandpaper. Then he gave it a few coats of paint. He replaced the original natural insulation with some spray foam, and removed all the old nasty caulk. The final product looks as good as new and now includes a functional wireless doorbell.
We’re big fans of salvaging old-school home hardware. Another example that comes to mind is this set of door chimes with modernized driver.
One of [Sander]’s first projects with a Raspberry Pi was to get it to send messages to his iPhone. From there he decided to take it a step further and wire the tiny computer up to his doorbell, creating a system that can send push messages to his phone whenever someone is at the front door.
[Sander]’s doorbell is wireless, and he decided to keep all of its original functionality. All it took to signal the Pi was a simple circuit tied to the doorbell’s status LED which turns off whenever the doorbell is pushed.
The Raspberry Pi runs a python program that handles the GPIO pin which is wired to the doorbell. When the doorbell is pushed, the program processes and sends the push notification while taking pictures of the visitor with an attached webcam. The pictures are included in the message so [Sander] can see who is at the front door. The code for the project is included on his project page.
This project rang a bell for us since we’ve seen projects using a Raspberry Pi and push notifications. None of them so far have included a webcam or utilized an existing wireless doorbell though, and this is a great step forward!