Botnet Recall of Things

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to 300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Internet Doorbell Gone Full-Hipster

There are things and there are Things. Hooking up an Internet-connected doorbell that “rings” a piezo buzzer or sends a text message is OK, but it’s not classy. In all of the Internet-of-Things hubbub, too much attention is paid to the “Internet”, which is actually the easy part, and too little attention is paid to the “Things”.

[Moris Metz] is a hacker in Berlin who has a bi-weekly national radio spot. (Only in Germany!) This week, he connected the ubiquitous ESP8266 to a nice old (physical) bell for his broadcast over the weekend. (i”Translated” here.) Check out the video teaser embedded below.

Continue reading “Internet Doorbell Gone Full-Hipster”

How to Run a Pagekite Server to Expose Your Raspberry Pi

Last time I showed you how to expose a web service on a Raspberry Pi (or, actually, any kind of device) by using a reverse proxy from Pagekite. On your Pi, you just need a simple Python script. However, it also depends on the Pagekite server, which isn’t always convenient. There are limits to the free service, and you don’t control the entire thing. The good news is twofold: the same Python script you use to set up the client-side can also set up a server. The other good news is the entire thing is open source.

In practical terms, then, if you have a computer that is always on and has an IP address that can be found on the public internet, you can run your own Pagekite server (they call it a front end) and service your own backends.

Continue reading “How to Run a Pagekite Server to Expose Your Raspberry Pi”

Expose your Raspberry Pi on Any Network

Everyone’s talking about the Internet of Things (IoT) these days. If you are a long-time Hackaday reader, I’d imagine you are like me and thinking: “so what?” We’ve been building network-connected embedded systems for years. Back in 2003, I wrote a book called Embedded Internet Design — save your money, it is way out of date now and the hardware it describes is all obsolete. But my point is, the Internet of Things isn’t a child of this decade. Only the name is.

The big news — if you can call it that — is that the network is virtually everywhere. That means you can connect things you never would have before. It also means you get a lot of data you have to find a reason to use. Back in 2003, it wasn’t always easy to get a board on the Internet. The TINI boards I used (later named MxTNI) had an Ethernet port. But your toaster or washing machine probably didn’t have a cable next to it in those days.

Today boards like the Raspberry Pi, the Beagle Bone, and their many imitators make it easy to get a small functioning computer on the network — wired or wireless. And wireless is everywhere. If it isn’t, you can do 3G or 4G. If you are out in the sticks, you can consider satellite. All of these options are cheaper than ever before.

The Problem

There’s still one problem. Sure, the network is everywhere. But that network is decidedly slanted at letting you get to the outside world. Want to read CNN or watch Netflix? Sure. But turning your computer into a server is a little different. Most low-cost network options are asymmetrical. They download faster than they upload. You can’t do much about that except throw more money at your network provider. But also, most inexpensive options expose one IP address to the world and then do Network Address Translation (NAT) to distribute service to local devices like PCs, phones, and tablets. What’s worse is, you share that public address with others, so your IP address is subject to change on a whim.

What do you do if you want to put a Raspberry Pi, for example, on a network and expose it? If you control the whole network, it isn’t that hard. You usually use some kind of dynamic DNS service that lets the Pi (or any computer) tell a well-known server its current IP address (see figure below).

Continue reading “Expose your Raspberry Pi on Any Network”

Hackaday Prize Entry: The Internet Of Garbage

The Internet of Things is garbage. While the most visible implementations of the Internet of Things are smart lights that stop working because the company responsible for them folded, or smart thermostats that stop working because providing lifetime support wasn’t profitable, IoT could actually be useful, albeit in devices less glamorous than a smart toaster. Smart meters are a great idea, and so is smart trash. That’s what [mikrotron] and company are entering into the Hackaday Prize – smart trash cans – and it’s not as dumb as spending $40 on a light bulb.

The idea behind the Internet of Trash is to collect data on how full a trashcan is, and publish that data to the Internet. This information will be used by a city’s trash collectors and recycling agencies to know when it’s time to collect the garbage.

The hardware for the Internet of Garbage needs to know how full a can is, and for that the team has turned to an ultrasonic sensor pointed down into the garbage. The amount of trash in a can is pinged once a day, and the information is sent over the Internet via a GSM network. Additionally, the GPS coordinates and a unique ID are delivered to the server, with everything ultimately powered by a solar panel.

The future of the Internet of Things isn’t putting Twitter in a coffee maker, it’s all about infrastructure, whether that’s power, solar freakin’ roadways, or the trash. We’re glad to see a useful application of a billion smart things, and the Internet of Trash makes for a great Hackaday Prize entry.

DEFCON Thermometer

Redditor [mulishadan] — a fan of the movie WarGames — has created a singular thermostat in the form of a Defcon alert meter.

Looking to learn some new skills while building, [mulishadan] tried their hand at MIG welding the 16g cold-rolled plate steel into the distinctive shape. A second attempt produced the desired result, adding a 1/4-inch foam core and painting the exterior. Individual LEDs were used at first for lighting, but were replaced with flexible LED strips which provided a more even glow behind the coloured acrylic. A Particle Photon board queries the Weather Underground API via Wi-Fi in five-minute intervals.

Weather Data BoardEach escalation in the Defcon alert signals an increase of 10 F, starting at Defcon 5 for 69 F and below, up to Defcon 1 for 100+ F. The final build looks like a true-to-life prop with some useful functionality that can be adapted to many different purposes — proof that a relatively simple project can still produce fantastic results for entry-level makers. So why not try making this thermostat scarf as well?

[via /r/DIY]

Hackaday Prize Entry: Smart USB Hub And IoT Power Meter

[Aleksejs Mirnijs] needed a tool to accurately measure the power consumption of his Raspberry Pi and Arduino projects, which is an important parameter for dimensioning adequate power supplies and battery packs. Since most SBC projects require a USB hub anyway, he designed a smart, WiFi-enabled 4-port USB hub that is also a power meter – his entry for this year’s Hackaday Prize.

[Aleksejs’s] design is based on the FE1.1s 4-port USB 2.0 hub controller, with two additional ports for charging. Each port features an LT6106 current sensor and a power MOSFET to individually switch devices on and off as required. An Atmega32L monitors the bus voltage and current draw, switches the ports and talks to an ESP8266 module for WiFi connectivity. The supercharged hub also features a display, which lets you read the measured current and power consumption at a glance.

Unlike most cheap hubs out there, [Aleksejs’s] hub has a properly designed power path. If an external power supply is present, an onboard buck converter actively regulates the bus voltage while a power path controller safely disconnects the host’s power line. Although the first prototype is are already up and running, this project is still under heavy development. We’re curious to see the announced updates, which include a 2.2″ touchscreen and a 3D-printable enclosure.