The first talk at 2016 Shmoocon was a great one. Joseph Hall and Ben Ramsey presented their work hacking Z-Wave, a network that has been gaining a huge market share in both consumer and industrial connected devices. EZ-Wave uses commodity Software Defined Radio to exploit Z-Wave networks. This is not limited to sniffing, but also used for control with the potential for mayhem.
Continue reading “Shmoocon 2016: Z-Wave Protocol Hacked With SDR”
If you’re looking for the quickest way to go from zero to voice-controlled home automation system, you should spend five minutes checking out [Hari Wiguna]’s project on Hackaday.io where he connects up IoT gadgets and services into a functioning lightswitch. (Video below the break.)
[Hari] demonstrates how to set up a complex chain: Amazon Echo to IFTTT to Adafruit.io as a data broker, which is then polled by an ESP8266 unit in his home that controls his X10 setup. (Pshwew.) But each step along the way is designed to be nearly plug-and-play, so it’s really a lot like clicking Lego blocks together. [Hari]’s video is a nice overview.
There’s only one catch if you’re going to replicate this yourself: the X10 system that’s used for the last mile. Unless you have one of these setups already, you’re on your own for controlling the outlets that turn the lights on and off. For price and hackability, we suggest the common 433MHz wireless outlet switches and pairing them with cheap 433MHz transmitters, available at eBay for around $1. We’ve seen a lot of hacks of these systems — they’re quite common both in the US and Europe.
We’ve also covered [Hari]’s projects before: both his self-learning TV remote and a sweet Halloween hack. His video production skills are excellent. We’re in awe of how much info he crams into his YouTube videos.
It has been over 2 years since we last mentioned the Weightless SIG and their claims of an IoT open standard chip with a 10 year battery life and 10km wireless range, all at a jaw dropping price of $2 per chip. There was a planned production run of the 3rd gen chips which I would suspect went to beta testers or didn’t make it into production since we didn’t hear anything else, for years.
Recently, a company called nwave began producing dev-kits using the Weightless Technology which you can see in the banner image up top. Although the hardware exists it is a very small run and only available to members of the development team. If you happen to have been on the Weightless mailing list when the Weightless-N SDK was announced there was an offer to get a “free” development board to the first 100 development members. I use bunny ears on free because in order to become a member of the developer team you have to pay a yearly fee of £900. Don’t abrasively “pffffft” just yet, if you happened to be one first 100 there was an offer for developers that came up with a product and submitted it back for certification to get their £900 refunded to them. It’s not the best deal going, but the incentive to follow through with a product is an interesting take.
Continue reading “Weightless IoT Hardware Virtually Unavailable”
The 900-pound gorilla in the corner of the Internet of Things (IoT) hype that everyone is trying to ignore is interoperability. In the Internet of Internets (IoI) everything works on a few standards that are widely accepted: IP and HTML. The discrepancies are in the details and the standards wars are in the past. Websites are largely interoperable. Not so in the wild-west ethos of the IoT.
Philips makes a line of ZigBee-enabled RGB lightbulbs that took the enthusiast community by storm. And initially, Philips was very friendly to other devices — it makes a ZigBee-to-WiFi bridge that would let you control all of your ZigBee-based lights, regardless of their manufacturer, from your phone. Until now.
Philips has just rolled out a “Friends of Hue” certification process, and has since pushed out a firmware update where their Hue bridges stop interoperating with non-certified devices. You can read Philips’ version of the story here.
The short version is that, ZigBee standards be damned, your future non-Philips lights won’t be allowed to associate with the Philips bridge. Your GE and Osram bulbs aren’t Friends of Hue. DIY RGB strips in your lighting mix? Not Friends of Hue. In fact, you won’t be surprised to know who the “Friends of Hue” are: other Philips products, and Apple. That’s it. If you were used to running a mixed lighting system, those days are over. If you’re not on the friends list, you are an Enemy of Hue.
Their claim is that third party products may display buggy behavior on a Philips network, and that this loads up their customer-response hotlines and makes people think that Philips is responsible. Of course, they could simply tell people to disable the “other” devices and see how it works, putting the blame where it belongs. Or they could open up a “developer mode” that made it clear that the user was doing something “innovative”. But neither of these strategies prevent consumers from buying other firms’ bulbs, which cost only 30-50% of Philips’ Hue line.
While Philips is very careful to not couch it as such, the Friends of Hue program really looks like an attempt to shut out their competitors; Philips got an early lead in the RGB LED game and has a large share of the market. As they say themselves in their own press release “Today these 3rd party bulbs represent a minimal fraction of the total product connected to our bridges so the percentage of our users affected is minimal.” And they’d like to keep it that way, even though the people they’re hurting are probably their most vocal and dedicated customers.
This Techdirt response to the situation is positively apoplectic, and there’s been the predictable flood of tirades in the comments on Slashdot. [Joel Ward], who in January was celebrating the ability to afford enough colored lights to appease his son is not so happy anymore.
And while we, with our manual light switches, laugh comfortably at the first-world problems of Hue consumers, we have to ask ourselves whether we’re next. Today they come for our RGB lightbulbs, but tomorrow it might be our networked toasters. A chilling thought!
Snark aside, the IoT brings two of the saddest realities of the software world into your home appliances: Where there’s code, there’s vulnerabilities, and when you can’t control the code yourself you aren’t really in control. You may own the lightbulb, but you’re merely licensing the firmware that runs it. The manufacturer can change the rules of the game, or go out of the product line entirely, and you’re high and dry. What can you do? Pull out your JTAG debugger.
Of course it’s insane to suggest that everyone needs to become an embedded-device firmware hacker just to keep their fridge running. As we’ve written before, we need to come up with some solution that puts a little more control in the hands of the ostensible owners of the devices, while at the same time keeping the baddies out. We suggest a press-to-revert-firmware button, for instance. When Philips pushes a non-consumer-friendly upgrade, you could vote with your fingertips — but then you’d miss out on bug fixes as well. Maybe it’s better to just give in an learn to love Windows 10.
There are no easy solutions and no perfect software. The industry is still young and we’ll see a lot of companies staking out their turf as with any new technology. It seems to us that IoT devices leave consumers with even less choice and control than in the past, because they are driven by firmware that’s supposed to be invisible. It’s just a lightbulb, right?
What do you think? Any ideas about how to put the power back in the hands of the “owner” of the device without everyone’s refrigerators becoming botnet zombies? Let us know in the comments.
Thanks [djxfade] for the tip!
Edit: Shortly after we ran this piece, Philips backed down:
“We underestimated the impact this would have upon the small number of our customers who currently use uncertified lights from other brands in the Philips Hue system. We have decided to continue to enable our customers who wish to integrate these uncertified products within their Philips Hue system.”
Minecraft has come a long way since [Notch] first thought up the idea that would eventually make him a billionaire. The game can be enjoyed on so many levels and become so engaging that grown adults who should know better spend far more time playing it than working on, say, their backlog of Hackaday posts. As if that weren’t bad enough, now Minecraft threatens to break out of screen with the ability to control a WiFi light bulb from within the game.
For those unfamiliar with Minecraft, it’s an open world game that allows players to interact with blocks of various materials. Players can build, destroy, explore and create landscapes and structures. An active modding community contributes everything from cosmetic texture packs to new block types with extended functionality. It was one of these mods that was leveraged to “break the fourth wall” in Minecraft. [giannoug] used the OpenComputers mod, which allows placement of programmable in-game computers with a full complement of peripherals, including an Internet connection. That allowed [giannoug] to send commands to his Brand X eBay WiFi light bulb, the protocol for which his friend [Thomas] had previously reverse engineered. Flip a switch in Minecraft and the real-world light bulb comes on instantly. Pretty cool.
We’ve seen quite a few builds where Minecraft blocks inspired real-world lamps, but this is a step beyond and might be a great way to get kids into programming using Minecraft. But it’s not the first time Minecraft has broken the fourth wall – check out this 2012 effort to build a microcontroller-based Minecraft server that can toggle pins from within the game.
[Thanks to aggvan and Stathis K for the near-simultaneous tips!]
[Brian Dipert] over at EDN has a teardown of Belkin’s answer to the Internet of Things (IoT) craze: the WeMo. This little WiFi gadget plugs into an outlet and lets you turn a connected device on and off from a smart phone app or something like Amazon Echo.
As you might expect from a cheap piece of consumer hardware, there’s not a whole lot inside. The digital board contains a Ralink WiFi chip, an antenna etched on the PCB, and a handful of components, including an SDRAM and some flash memory.
2014 was the year that the Internet of Things (IoT) reached the “Peak of Inflated Expectations” on the Gartner Hype Cycle. By 2015, it had only moved a tiny bit, towards the “Trough of Disillusionment”. We’re going to try to push it over the edge.
Depending on whom you ask, the IoT seems to mean that whatever the thing is, it’s got a tiny computer inside with an Internet connection and is sending or receiving data autonomously. Put a computer in your toaster and hook it up to the Internet! Your thermostat? Hook it up to the Internet!? Yoga mat? Internet! Mattress pad? To the Intertubes!
Snark aside, to get you through the phase of inflated expectations and on down into disillusionment, we’re going to use just one word: “security”. (Are you disillusioned yet? We’re personally bummed out anytime anyone says “security”. It’s a lot like saying “taxes” or “dentist’s appointment”, in that it means that we’re going to have to do something unpleasant but necessary. It’s a reality-laden buzzkill.)
