Asking the Security Question of Home Automation

“Security” is the proverbial dead horse we all like to beat when it comes to technology. This is of course not unjust — we live in a technological society built with a mindset of “security last”. There’s always one reason or another proffered for this: companies need to fail fast and will handle security once a product proves viable, end users will have a harder time with setup and use if systems are secured or encrypted, and governments/law enforcement don’t want criminals hiding behind strongly secured systems.

This is an argument I don’t want to get bogged down in. For this discussion let’s all agree on this starting point for the conversation: any system that manages something of value needs some type of security and the question becomes how much security makes sense? As the title suggests, the technology du jour is home automation. When you do manage to connect your thermostat to your door locks, lights, window shades, refrigerator, and toilet, what type of security needs to be part of the plan?

Join me after the break for an overview of a few Home Automation security concerns. This article is the third in our series — the first asked What is Home Automation and the second discussed the Software Hangups we face.

These have all been inspired by the Automation challenge round of the Hackaday Prize. Document your own Automation project by Monday morning to enter. Twenty projects will win $1000 each, becoming finalists with a chance at the grand prize of $150,000. We’re also giving away Hackaday T-shirts to people who leave comments that help carry this discussion forward, so let us know what you think below.

Continue reading “Asking the Security Question of Home Automation”

Hackaday Prize Entry: Solar WiFi Rover Roves At Night

[TK] has a stretch goal for his RC car project — enabling it to recharge on solar power during the day and roam around under remote Internet control at night. It’s like a miniature, backyard version of NASA’s Curiosity rover.

Right now, he’s gotten a Raspberry Pi Zero and a camera on board, and has them controlling the robot over WiFi. He looks like he’s having a great time piloting it around his house. Check out the video down below for (crashy) remote-controlled operation.

We can’t wait to see if solar power is remotely possible (tee-hee!) as an option for this vehicle. The eventual plan to connect it via 3G cellular modem is still off in the future, and will probably demand more of the smarts of the Raspberry Pi than at present. But we love the idea of a long-running autonomous vehicle, so we’re pulling for you, [TK]!

Continue reading “Hackaday Prize Entry: Solar WiFi Rover Roves At Night”

Hackaday Prize Entry: A WiFi Swiss Army Knife

WiFi is all around us, but if you want to work with this ubiquitous networking protocol, you’ll need to pull out a laptop or smartphone like a caveman. [Daniel] has a better idea. It’ s a simple, compact tool for cracking WiFi passwords or sending deauth packets to everyone at the local Starbucks. It’s an ESP Swiss Army Knife, and a great entry for the Hackaday Prize.

As you would expect, this WiFI Swiss Army Knife is powered by the ESP8266 and features a tiny OLED display and a bunch of buttons for the UI. With this, [Daniel] is able to perform a deauth attack on a network, kicking anyone off the network, provided this device already has the MAC address of the victim.

This tiny wireless tool also has an SD card, making it possible to collect authentication frames for later decryption on a device that actually has the power to crack a network. With a LiPo charge controller and a sufficiently large battery, this tiny device could be left in the corner of an office collecting authentication packets for days until it’s later retrieved, opening up the network to anyone with a sufficiently fast computer. It’s a great build and very useful, making this a great entry for The Hackaday Prize.

DNS Tunneling: Getting The Data Out Over Other Peoples’ WiFi

[KC Budd] wanted to make a car-tracking GPS unit, and he wanted it to be able to phone home. Adding in a GSM phone with a data plan would be too easy (and more expensive), so he opted for the hacker’s way: tunneling the data over DNS queries every time the device found an open WiFi hotspot. The result is a device that sends very little data, and sends it sporadically, but gets the messages out.

This system isn’t going to be reliable — you’re at the mercy of the open WiFi spots that are in the area. This certainly falls into an ethical grey zone, but there’s very little harm done. He’s sending a 16-byte payload, plus the DNS call overhead. It’s not like he’s downloading animated GIFs of cats playing keyboards or something. We’d be stoked to provide this service to even hundreds of devices per hour, for instance.

If you’re new here, the idea of tunneling data over DNS requests is as old as the hills, or older, and we’ve even covered this hack before in different clothes. But what [KC] adds to the mix is a one-stop code shop on his GitHub and a GPS application.

Why don’t we see this being applied more in your projects? Or are you all tunneling data over DNS and just won’t admit it in public? You can post anonymously in the comments!

Hackaday Prize Entry: Smart USB Hub And IoT Power Meter

[Aleksejs Mirnijs] needed a tool to accurately measure the power consumption of his Raspberry Pi and Arduino projects, which is an important parameter for dimensioning adequate power supplies and battery packs. Since most SBC projects require a USB hub anyway, he designed a smart, WiFi-enabled 4-port USB hub that is also a power meter – his entry for this year’s Hackaday Prize.

[Aleksejs’s] design is based on the FE1.1s 4-port USB 2.0 hub controller, with two additional ports for charging. Each port features an LT6106 current sensor and a power MOSFET to individually switch devices on and off as required. An Atmega32L monitors the bus voltage and current draw, switches the ports and talks to an ESP8266 module for WiFi connectivity. The supercharged hub also features a display, which lets you read the measured current and power consumption at a glance.

Unlike most cheap hubs out there, [Aleksejs’s] hub has a properly designed power path. If an external power supply is present, an onboard buck converter actively regulates the bus voltage while a power path controller safely disconnects the host’s power line. Although the first prototype is are already up and running, this project is still under heavy development. We’re curious to see the announced updates, which include a 2.2″ touchscreen and a 3D-printable enclosure.

New Chip Alert: RTL8710, A Cheaper ESP8266 Competitor

Almost exactly two years ago, shocking news thundered across the electronics blogosphere. There was a new WiFi module on the block. It was called the ESP8266, a simple serial device capable of taking care of an 802.11 network and a WiFi stack, giving any project with a microcontroller access to the Internet. Earlier modules to connect microcontrollers were sufficient for the task, but nothing could beat the ESP8266 on price.

The RTL8710 dev kit
The RTL8710 dev kit

Now, there’s a new module that’s even cheaper and more powerful than the ESP8266, and just like all of our favorite parts from China, it inexplicably shows up on eBay and AliExpress before anywhere else. It’s the Realtek RTL8710, available on eBay, on AliExpress, and elsewhere around the web for about $1.50 per device. There’s also a dev kit for the device featuring breakouts, an additional microcontroller, and a few switches and buttons for about $15.

As you would expect, there is zero English-language data available about the RTL8710, everything is in Chinese. There is a forum of sorts going over this new chip, and the Google Translatrix is good enough to glean a little bit of info about the new chip.

The RTL8710 features an ARM processor clocked at 166MHz. Stock, this module is running FreeRTOS. There’s 1MB of Flash, 48k of RAM available to the user, up to 21 GPIOs, 3 I2C, 4 PWM pins, and 2 PCM. This module also comes with an FCC logo, but I can’t find anything on the FCC website about this module.

If anything, the Realtek RTL8710 isn’t meant to be a competitor to the ESP8266. While extremely popular and still very useful, the ‘next gen’ ESP32 is due to be released in a month or so, and with the exception of Bluetooth on the ESP32, this Realtek module should match its capabilities quite well. Whether anyone can get an English datasheet is another matter, but if history is any indication a few English language RTL8710 forums will pop up a few hours after this is posted.

Thanks [sabas] for sending this in

Two Great Radios Taste Great Together

[Johan Kanflo] sent us his latest recipe: a blend of one part RFM69 sub-gigahertz radio transceiver with one part ESP8266 module. The resulting dish looks absolutely delicious!

We’re all charmed with the ease of use that the ESP8266 brings to the table — plug it in and you’re talking to your existing WiFi network — but we hate the power consumption for battery-powered applications. WiFi is a power hog. And although ISM-band radio modules make point-to-point communications cheap and power-saving, getting them to talk with your computer takes an adapter.

So [Johan] combined the two radios and made a sweet ISM-radio-to-WiFi bridge. His demo application takes whatever data is sent over the ISM band and pushes it to an MQTT broker on his WiFi network. Hardware and firmware are up on GitHub.

We’ve been wanting a device like this for our home network for a while now. Kudos, [Johan] for making it so easy!