“IoT Security” is an Empty Buzzword

As buzzwords go, the “Internet of Things” is pretty clever, and at the same time pretty loathsome, and both for the same reason. “IoT” can mean basically anything, so it’s a big-tent, inclusive trend. Every company, from Mattel to Fiat Chrysler, needs an IoT business strategy these days. But at the same time, “IoT” is vacuous — a name that applies to everything fails to clarify anything.

That’s a problem because “IoT Security” is everywhere in the news these days. Above and beyond the buzz, there are some truly good-hearted security professionals who are making valiant attempts to prevent what they see as a repeat of 1990s PC security fiascos. And I applaud them.

But I’m going to claim that a one-size-fits-all “IoT Security” policy is doomed to failure. OK, that’s a straw-man argument; any one-size-fits-all security policy is bound for the scrap heap. More seriously, I think that the term “IoT” is doing more harm than good by lumping entirely different devices and different connection modes together, and creating an implicit suggestion that they can all be treated similarly. “Internet of Things Security” is a thing, but the problem is that it’s everything, and that means that it’s useful for nothing.

What’s wrong with the phrase “Internet of Things” from a security perspective? Only two words: “Internet” and “Things”.

Continue reading ““IoT Security” is an Empty Buzzword”

Minimal MQTT: Power and Privacy

In this installment of Minimal MQTT, I’m going to cover two loose ends: one on the sensor node side, and one on the MQTT server side. Specifically, I’ll tackle the NodeMCU’s sleep mode to reduce power and step you through bridging MQTT servers to get your data securely out of your home server and into “the cloud”, which is really just other people’s servers.

If you’re just stepping into this series now, you should really check out the other three posts, where I set up a server, then build up some sensor nodes, and then flesh-out a few ways to control everything from your phone or the web. That’s the coolest material, anyway. This last installment just refines what we’ve built on. Let’s go!

Continue reading “Minimal MQTT: Power and Privacy”

When the Smart Hits the Fan

A fan used to be a simple device – motor rotates blades, air moves, and if you were feeling fancy, maybe the whole thing oscillates. Now fans have thermostats, timers, and IR remotes. So why not increase the complexity by making a smart fan with an IoT interface?

[Casper]’s project looks more like a proof of concept or learning platform than a serious attempt at home automation. His build log mentions an early iteration based on a Raspberry Pi. But an ESP8266 was a better choice and made it into the final build, which uses an IR LED to mimic the signals from the remote so that all the stock modes of the fan are supported. The whole thing is battery powered and sits on a breadboard on top of the fan, but we’ll bet that a little surgery could implant the interface and steal power internally. As for interfaces, take your pick – an iOS app via the SmartThings home automation platform, through their SmartTiles web client, or using an Amazon Echo. [Casper] mentions looking into MQTT as well but having some confusion; we’d suggest he check out [Elliot Williams]’ new tutorial on MQTT to get up to speed.

Continue reading “When the Smart Hits the Fan”

Minimal MQTT: Building a Broker

In this short series, we’re going to get you set up with a completely DIY home automation system using MQTT. Why? Because it’s just about the easiest thing under the sun, and it’s something that many of you out there will be able to do with material on-hand: a Raspberry Pi as a server and an ESP8266 node as a sensor client. Expanding out to something more complicated is left as an exercise to the motivated reader, or can be simply left to mission creep.

We’ll do this in four baby steps. Each one should take you only fifteen minutes and is completely self-contained. There’s a bunch more that you can learn and explore, but we’re going to get you a taste of the power with the absolute minimal hassle.

In this installment, we’re going to build a broker on a Raspberry Pi, which is the hub of your MQTT network. Next time, we’ll get an ESP8266 up and running and start logging some data. After that, we’ll do some back-end scripting in Python to make the data speak, and in the last installment, we’ll explore some of the useful frills and fancy bits. Let’s get started!

Continue reading “Minimal MQTT: Building a Broker”

Not Even Hamsters Are Safe From The Internet Of Things

The internet of things is this strange marketing buzzword that seems to escape from the aether and infect our toasters and refrigerators. Now even a hamster is not safe.

[Mifulapirus]’s hamster, Ham, was living a pleasant hamster life. Then his owner heard about another hamster named Sushi, whose running wheel stats were broadcasted to the internet. Not to be left behind, Ham’s wheel was soon upgraded. Now Ham is burdened by the same social pressures our exercise apps try to encourage us to use. No, we are most certainly not going to tell our friends about two fourteen minute miles with a twenty minute coffee break in the middle, MapMyRun, we are not.

The feat of techno enslavement for the little hamster was accomplished with a custom board, an esp8266, and an arduino as described in the instructable. The arduino can be left out of the project now that the libraries have been ported to the esp8266. A hall effect sensor detects when the 3D printed hamster wheel is spinning.

If you’d like to check in on Ham, the little guy is alive and well, and the twitter is here. It looks like it’s been upgraded since the original article was posted. Now it shows when Ham is awake and running around the cage doing hamster errands.

WISP Needs No Battery Or Cable

One of the problems with the Internet of Things, or any embedded device, is how to get power. Batteries are better than ever and circuits are low power. But you still have to eventually replace or recharge a battery. Not everything can plug into a wall, and fuel cells need consumables.

University of Washington researchers are turning to a harvesting approach. Their open source WISP board has a sensor and a CPU that draws power from an RFID reader. To save power during communication, the device backscatters incoming radio waves, which means it doesn’t consume a lot of its own power during transmissions.

The big  news is that TU Delft has contributed code to allow WISP to reprogram wirelessly. You can see a video about the innovation below. The source code is on GitHub. Previously, a WISP had to connect to a PC to receive a new software load.

Continue reading “WISP Needs No Battery Or Cable”

1btn – an Open Source Dash

The availability of cheap radios, omni-present WiFi and powerful web services means the IoT wave is here to stay. Amazon got into the act with its “do only one thing” Dash button. But a more interesting solution would be an IoT “do it all” button.

[Anand] has been working on his 1btn Open Source WiFi connected IoT button for a while. It connects to the Internet over WiFi to trigger whatever action you have assigned to it using a simple, online interface. It’s reconfigurable and open source. Which means it can be used in pretty imaginative ways, and if needed, can be re-flashed with your own custom firmware should you decide to really get under its hood.

The 1btn’s ESP8266 module is usually in sleep mode, waking up when the button is pressed, making the connection, performing the task and then going back to sleep once confirmation is received. A Red/Green LED indicates if the action was successful or not. You can set it up to send e-mails, messages, tweets or perform actions via a custom script, API or the IFTTT – maker channel. To make it hacker friendly, all of the ESP8266 GPIO pins are accessible via headers. This makes it convenient to add external sensors, for example. There’s also a (unpopulated) QFN footprint to allow adding an ATmega device (168P/328P) whose GPIO pins are also accessible via headers. This opens up a large number of additional applications for the device such as home automation.

On the software side, the 1btn connects to a web console, where you can set up an account, configure the device, register its MAC ID, assign it an alias and set up its actions. All of the source files for the 1btn – firmware, enclosure, schematic, BOM, PCB layout and example use cases – are posted on his Github repository.

The HackadayPrize2016 is Sponsored by: