A White Hat Virus For The Internet Of Things

October 2, 2015 by 51 Comments

The Internet of Things is going gangbusters, despite no one knowing exactly what it will be used for. There’s more marketing money being thrown at IoT paraphernalia than a new soda from Pepsi. It’s a new technology, and with that comes a few problems: these devices are incredibly insecure, and you only need to look at a few CCTV camera streams available online for proof of that.

The obvious solution to vulnerable Internet of Things things would be to get people to change the login credentials on their devices, but that has proven to be too difficult for most of the population. A better solution, if questionable in its intentions, would be a virus that would close all those open ports on routers, killing Telnet, and reminding users to change their passwords. Symantec has found such a virus. It’s called Wifatch, and it bends the concept of malware into a force for good.

Wifatch is a bit of code that slips through the back door of routers and other IoT devices, closes off Telnet to prevent further infection, and leaves a message telling the owner to change the password and update the device firmware. Wifatch isn’t keeping any secrets, either: most of the code is written in unobfuscated Perl, and there are debug messages that enable easy analysis of the code. This is code that’s meant to be taken apart, and code that includes a comment directed at NSA and FBI agents:

To any NSA and FBI agents reading this: please consider whether defending
the US Constitution against all enemies, foreign or domestic, requires you
to follow Snowden's example.

Although the designer of Wifatch left all the code out in the open, and is arguably doing good, there is a possible dark side to this white hat virus. Wifatch connects to a peer-to-peer network that is used to distribute threat updates. With backdoors in the code, the author of Wifatch could conceivably turn the entire network of Wifatch-infected devices into a personal botnet.

While Wifatch is easily removed from a router with a simple restart, and re-infection can be prevented by changing the default passwords, this is an interesting case of virtual vigilantism. It may not be the best way to tell people they need to change the password on their router, but it’s hard to argue with results.

[Image source: header, thumb]

Fight Frost With An Internet Of Things Fridge Alarm

August 23, 2015 by 12 Comments

It has been incredibly humid around these parts over the last week, and there seems to be something about these dog days that makes you leave the fridge or freezer door open by mistake. [pnjensen] found this happening all too often to the family chill chest, with the predictable accretion of frost on the coils as the water vapor condensed out of the entrained humid air and froze. The WiFi-enabled fridge alarm he built to fight this is a pretty neat hack with lots of potential for expansion.

Based on a Sparkfun ESP8266 Thing and home-brew door sensors built from copper tape, the alarm is rigged to sound after 120 seconds of the door being open. From the description it seems like the on-board buzzer provides a periodic reminder pip while the door is open before going into constant alarm and sending an SMS message or email; that’s a nice touch, and having the local alarm in addition to the text or email is good practice. As a bonus, [pjensen] also gets a log of each opening and closing of the fridge and freezer. As for expansion, the I2C header is just waiting for more sensors to be added, and the built-in LiPo charger would provide redundancy in a power failure.

If frost buildup is less a problem for you than midnight snack runs causing another kind of buildup, you might want to check out this willpower-enhancing IoT fridge alarm.

Send In The Drones: Putting Wheels And Wings On The Internet Of Things

July 17, 2015 by 17 Comments

Imagine you’re a farmer trying to grow a crop under drought conditions. Up-to-the-minute data on soil moisture can help you to decide where and when to irrigate, which directly affects your crop yield and your bottom line. More sensors would mean more data and a better spatial picture of conditions, but the cost of wired soil sensors would be crippling. Wireless sensors that tap into GSM or some sort of mesh network would be better, but each sensor would still need power, and maintenance costs would quickly mount. But what if you could deploy a vast number of cheap RFID-linked sensors in your fields? And what if an autonomous vehicle could be tasked with the job of polling the sensors and reporting the data? That’s one scenario imagined in a recent scholarly paper about a mobile Internet of Things (PDF link).

both

In the paper, authors [Jennifer Wang], [Erik Schluntz], [Brian Otis], and [Travis Deyle] put a commercially available quadcopter and RC car to the hack. Both platforms were fitted with telemetry radios, GPS, and an off-the-shelf RFID tag reader and antenna. For their sensor array, they selected passive UHF RFID tags coupled to a number of different sensors, including a resistance sensor used to measure soil moisture. A ground-control system was developed that allowed both the quad and the car to maneuver to waypoints under GPS guidance to poll sensors and report back.

Beyond agriculture, the possibilities for an IoT based on cheap sensors and autonomous vehicles to poll them are limitless. The authors rightly point out the challenges of building out a commercial system based on these principles, but by starting with COTS components and striving to keep installed costs to a minimum, we think they’ve done a great proof of concept here.

Bread Online

Bread Online Is A Bread Maker For The Internet Of Things

July 7, 2015 by 17 Comments

An engineering student at the University of Western Macedonia has just added another appliance to the ever-growing list of Internet enabled things. [Panagiotis] decided to modify an off-the-shelf bread maker to enable remote control via the Internet.

[Panagiotis] had to remove pretty much all of the original control circuitry for this device. The original controller was replaced with an Arduino Uno R3 and an Ethernet shield. The temperature sensor also needed to be replaced, since [Panagiotis] could not find any official documentation describing the specifications of the original. Luckily, the heating element and mixer motor were able to be re-used.

A few holes were drilled into the case to make room for the Ethernet connector as well as a USB connector. Two relays were used to allow the Arduino to switch the heating element and mixer motor on and off. The front panel of the bread maker came with a simple LCD screen and a few control buttons. Rather than let those go to waste, they were also wired into the Arduino.

The Arduino bread maker can be controlled via a web site that runs on a separate server. The website is coded with PHP and runs on Apache. It has a simple interface that allows the user to specify several settings including how much bread is being cooked as well as the desired darkness of the bread. The user can then schedule the bread maker to start. Bread Online also comes with an “offline” mode so that it can be used locally without the need for a computer or web browser. Be sure to check out the video demonstration below. Continue reading “Bread Online Is A Bread Maker For The Internet Of Things”

globe

Ask Hackaday: The Internet Of Things And The Coming Age Of Big Data

May 18, 2015 by 67 Comments

Samsung has thrown its hat into the Internet of Things ring with its ARTIK platform. Consisting of three boards, each possesses a capability proportional to their size. The smallest comes in at just 12x12mm, but still packs a dual core processor running at 250MHz on top of 5 MB flash with bluetooth.  The largest is 29x39mm and sports a 1.3GHz ARM, 18 gigs of memory and an array of connectivity. The ARTIK platform is advertised to be completely compatible with the Arduino platform.

Each of these little IoT boards is also equipped with Samsung’s Secure Element. Worthy of an article on its own, this crypto hardware appears to be built into the processor, and supports several standards. If you dig deep enough, you’ll find the preliminary datasheet (PDF) to each of these boards. It is this Secure Element thing that separates the ARTIK platform from the numerous other IoT devices that have crossed our memory banks, and brings forth an interesting question. With the age of the Internet of Things upon us, how do we manage all of that data while keeping it secure and private?

What is The Internet of Things?

These kind of terms get thrown around too much. It was just the other day I was watching television and heard someone talk about ‘hacking’ their dinner. Really? Wiki defines the IoT as –

“a network of physical objects or “things” embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices.”

Let’s paint a realistic picture of this. Imagine your toaster, shower head, car and TV were equipped with little IoT boards, each of which connects to your personal network. You walk downstairs, put the toast in the toaster, and turn on the TV to catch the morning traffic. A little window pops up and tells you the temperature outside, and asks if you want it to start your car and turn on the air conditioning. You select “yes”, but not before you get a text message saying your toast is ready. Meanwhile, your daughter is complaining the shower stopped working, making you remind her that you’ve programmed it to use only so much water per shower, and that there is a current clean water crisis in the country.

This is the future we all have to look forward to. A future that we will make. Why? Because we can. But this future with its technical advancements does not come without problems. We’ve already seen how malicious hackers can interfere with these IoT devices in not so friendly ways.

Is it possible for our neighbor’s teenage kid to hack into our shower head? Could she turn our toaster on when we’re not home? Or even start our car? Let’s take this even further – could the government monitor the amount of time you spend in the shower? The amount of energy your toaster uses? The amount of time you let your car idle?

Clearly, the coming age of the Internet of Things doesn’t look as nice when we lose the rose colored glasses. The question is how do we shape our future connected lives in a way that is secure and private? If closed source companies like Samsung get their IoT technology into our everyday household items, would you bet a pallet of Raspberry Pi’s that the government will mine them for data?

This, however, does not have to happen. This future is ours. We made it. We know how it works – down to the ones and zeros. There is no fate, except that which we make. Can we make the coming IoT revolution open source? Because if we can, our community will be able to help ensure safety and privacy and keep our personal data out of the government’s hands. If we cannot, and the closed source side of things wins, we’ll have no choice but to dig in and weed out the vulnerabilities the hard way. So keep your soldering irons sharp and your bus pirates calibrated. There’s a war brewing.

The Future Of The Internet Of Things

November 16, 2014 by 81 Comments

When buying anything, you’re going to have a choice: good, fast, or cheap. Pick any two. A plumber will fix a drain good and fast, but it won’t be cheap. The skeezy guy you can call will fix a drain fast and cheap, but it won’t be good.

Such it is with radios. You can have long-range (good), high bandwidth (fast), or a low price (cheap). Pick any two. The Internet of Things demands a cheap, long-range radio module, but until now this really hasn’t existed. At Electronica last week, Microchip demoed their IoT solution, the LoRa. This module has a 15km (rural) or ~3km (heavy urban) range, works for a year on two AAA batteries, and is very cheap. Bandwidth? That’s crap, but you’re not streaming videos to your shoe.

Continue reading “The Future Of The Internet Of Things”

Another Internet Of Things Board (But This One Has Lisp)

October 23, 2014 by 26 Comments

Using routers as dev boards has been a long and cherished tradition in the circles we frequent, and finally design houses in China are taking notice. There have been a few ‘Internet of Things’ boards in recent months that have taken the SoC found in low-end routers, packaged the on a board with USB, some GPIOs, and a fair bit of memory and called it a dev board. The ZERO Plus is not an exception to this trend, but it does include a very interesting feature when it comes to the development environment: this one uses Lisp as its native language.

The Zero Plus is pretty much what you would expect from a router SoC being transplanted to an Internet of Things board: it uses the Ralink RT5350 SoC, giving it 802.11b/g/n, has 32MB of RAM, 8 or 16 M of Flash, I2C, I2S, SPI, USB, two UARTs, and 14 GPIOs. There is support for a webcam, temperature and humidity sensor, displays, and Arduino via a breakout board that appears to contain a standard, DIP-sized ATMega328,

All of that could be found in dozens of other boards, though. What really sets this one apart is the Lisp development environment. Programming the Zero is exactly as elegant as you would expect, with a ‘toggle a LED according to what time it is’ program looking something like this:

(define LED_On (lambda ()(dev.gpio 11 "out" 1)))
 (define LED_Off (lambda ()(dev.gpio 11 "out" 0)))
 (define CurrentTime? (lambda ()
    (int (time.strftime "%H" (time.localtime (time.time))))))
       (define Night?
          (lambda ()
            (and
            (> ( CurrentTime? ) 16) (< ( CurrentTime? ) 23)
          )
       )
    )
 (if (Night?) (LED_On) (LED_Off)

Dev boards built around somewhat more esoteric programming language isn’t anything new; The Espruino brings Javascript to ARM microcontrollers, and the MicroPython project is an astonishing undertaking and successful Kickstarter that brings the BASIC for the 21st century to the embedded world. Lisp, though… I don’t think anyone expected that. It’s a great way to differentiate your product, though.