How To Mash Up BLE, NodeJS, And MQTT To Get Internet Of Things

August 24, 2018 by Inderpreet Singh 10 Comments

We’re living in the world of connected devices. It has never been easier to roll your own and implement the functionality you actually want, rather than live with the lowest common denominator that the manufacture chose.

In a previous article I walked though a small python script to talk to a BLE light and used it to cycle through some colors. Now I want to delve deeper into the world of Internet Connected BLE devices and how to set up a simple Internet-Of-Things light. With this example in hand the sky’s the limit on what you can build and what it will be able to do.

Join me after the break as I demonstrate how to use NodeJS to bridge the digital world with the physical world.

Continue reading “How To Mash Up BLE, NodeJS, And MQTT To Get Internet Of Things” →

Welcome To The Internet Of Swords

August 16, 2018 by Tom Nardi 22 Comments

As has been made abundantly clear by the advertising department of essentially every consumer electronics manufacturer on the planet: everything is improved by the addition of sensors and a smartphone companion app. Doesn’t matter if it’s your thermostat or your toilet, you absolutely must know at all times that it’s operating at peak efficiency. But why stop at household gadgets? What better to induct into the Internet of Things than 600 year old samurai weaponry?

Introducing the eKatana by [Carlos Justiniano]: by adding a microcontroller and accelerometer to the handle of a practice sword, it provides data on the motion of the blade as it’s swung. When accuracy and precision counts in competitive Katana exhibitions, a sword that can give you real time feedback on your performance could be a valuable training aid.

The eKatana is powered by an Adafruit Feather 32u4 Bluefruit LE and LSM9DS0 accelerometer module along with a tiny 110 mAh LiPo battery. Bundled together, it makes for a small and unobtrusive package at the base of the sword’s handle. [Carlos] mentions a 3D printed enclosure of some type would be a logical future improvement, though a practice sword that has a hollow handle to hold the electronics is probably the most ideal solution.

A real-time output of sword rotation, pitch, and heading is sent out by the Adafruit Feather over BLE for analysis by a companion smartphone application. For now he just has a running output of the raw data, but [Carlos] envisions a fully realized application that could provide the user with motions to perform and give feedback on their form.

Incidentally this isn’t the first motion-detecting sword we’ve ever covered, but we think this particular incarnation of the concept might have more practical applications.

New App Note Day: Internet Of Pillows

April 8, 2018 by Brian Benchoff 25 Comments

The Internet of Things is a cancer that consumes all reasonable expectations of technology, opens vast security holes we’ve never had to deal with before, and complicates life in the pursuit of quarterly gains from whatever technology startup is hot right now. We are getting some interesting tech out of it, though. The latest in the current round of ‘I can’t believe someone would build that’ is the Internet of Pillows. No, it’s not a product, it’s just an application note, but it does allow us to laugh at the Internet of Things while simultaneously learning about some really cool chips.

The idea behind this ‘smart’ pillow is to serve as a snoring sensor. When the smart pillow detects the user is snoring, a small vibration motor turns on to wake up the user. There’s no connectivity in this smart pillow, so the design is relatively straightforward. You need a microphone or some sort of audio sensor, you should probably have a force-sensitive resistor so you know the pillow is actually being used, and you need a vibration motor. Throw in a battery for good measure. Aside from that, you’re also going to need a microcontroller, and that’s where things get interesting.

This application note was written as a demonstration of what Dialog’s GreenPAC devices can do. We’ve seen these things before, and the idea behind these devices is something like a ‘modern-day PAL’ or ‘a really, really limited FPGA’. It’s a bit more than that, though, because the GreenPAC devices are mixed-signal, there are some counters and latches in there, and all the programming is done through a graphical IDE. If you need a small, low-power chip that only does one thing, the GreenPAC is right up your alley.

So, how does this device detect snoring? The code pulls data from the sound sensor every 30 ms, with a 5 ms time window. If this sound repeats again within six seconds, it’s assumed the user is snoring. The logic then turns on the vibration motor, greatly annoying whoever is sleeping. All of this is done through a graphical IDE, which I’m sure will draw the ire of some, but there really aren’t that many pins or that many LUTs on GreenPAC devices, so it’s never going to get too out of hand.

The GreenPAC is a very interesting family of parts that we don’t see too much of around here. That’s a shame, because for low-power applications that don’t need a lot of horsepower, the GreenPAC seems like it would be very useful. Slightly more useful than an Internet of Things pillow, at least.

The Internet Of Three-Pointers

March 30, 2018 by James Hobson 1 Comment

When tossing something into the rubbish bin, do you ever concoct that momentary mental scenario where you’re on a basketball court charging the net — the game’s final seconds ticking down on the clock — making a desperate stretch and flicking some crumpled paper perfectly into the basket only for no one to notice your awesome skills? Well, now you can show off how good you are at throwing out garbage.

Well, not strictly garbage. The genesis of this IoT basketball hoop was in fact an inflatable ball on [Brandon Rice]’s desk that he felt would be more fun to fidget with if he could keep score. The hoop and backboard were laser cut on his Epilog cutter, and sport a Particle Photon to track and upload his running point tally to the Internet. An Arduino and IR sensor detect objects passing through the hoop — ultrasound proved to be too slow to keep up with [Rice]’s shots.

Continue reading “The Internet Of Three-Pointers” →

Memcached Servers Abused For DDoS Attacks

March 1, 2018 by Bob Baddeley 11 Comments

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway. And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

Finished Dryer Will Text You

December 9, 2017 by Rich Hawkes 35 Comments

Here’s a slightly different way to check on the status of your laundry. Instead of checking if the machine is vibrating, or listening for sound, or pulling everything apart and hacking an ESP8266 into it, check the power that the machine is drawing. This is what [Scrand] did in his IoT dryer build.

The secret behind the hack is the Sonoff POW, a small device that sits in between the wall and the dryer. It has a relay in it that controls it, but, importantly for this hack, it’s able to measure the power consumption used by what’s plugged into it. By installing the ESPurna firmware on it, he can now use all the power of the firmware to control and monitor what’s connected to the POW. He wrote a PowerShell script to monitor the http server now running on the POW checking on how much power is being drawn by the dryer. When that power drops, the laundry is done, and in the case of [Scrand], a text is sent saying so.

When you’re sitting on the couch relaxing, why get up every five minutes to check your laundry when you can have it text you when you know it’s done? Then you can decide whether to get up and deal with it or just leave it until later. The whole reason ESPurna exists to begin with is to check on the status of the laundry. Or, you can go a bit overboard with this laundry room monitor.

Internet Of Things Opens Possibilities

December 3, 2017 by Bryan Cockfield 7 Comments

While a lot of hardware gets put on the “Internet of Things” with only marginal or questionable benefits (or with hilariously poor security), every now and then a project makes use of this new platform in a way that illustrates the strengths of IoT. [ThingEngineer] turned to this platform as a cost-effective solution for an automatic gate, since new keyfobs were too expensive and a keypad was not an option.

Using an Electric IMP, [ThingEngineer] began by installing his IoT patch into the LiftMaster gate control box. This particular gate has easily accessible points that the controller can access to determine the gate’s status, so from there, an API was written to do the heavy lifting. A web server was deployed as well, so anyone with access can use a smartphone or other device to open the gate.

For anyone else looking to deploy a similar IoT solution, [ThingEngineer] has put all of the project code, schematics, and a thorough write-up about the project on his GitHub page. There are many useful ways to get on board the Internet of Things, though; so many that it’s been possible to win a substantial prize for using it in a creative way.