The Easy Way To Make A Smart Appliance

April 7, 2024 by Jenny List 32 Comments

It seems that finding an appliance without some WiFi connectivity and an app to load your laundry data into the cloud is an increasingly difficult thing to do in the 2020s. Many of us resolutely refuse to connect these smart appliances to the Internet, but not because we don’t see the appeal — we just want to do it on our own terms.

[Terence Eden] did just this with his rice cooker, using a surprisingly straightforward approach. He simply connected it to the mains via an energy monitoring smart plug, and that was the hardware part, done. Of course, were it that simple we probably wouldn’t be featuring this here, as the meat of this project lies in connecting it to his smart home systems and getting something useful from it.

He’s using Home Assistant, and after a bit of messing about had it part of his home automation system. Then it was time for Appliance Status Monitor, which allowed him to easily have the rice cooker send him a notification once it has done its thing by monitoring the power it was using. All online, part of a smart home, and not a byte of his data captured and sold to anyone!

This isn’t the first home automation project we’ve brought you from this source.

Screenshot of eBay listings with Gigaset IoT devices being sold, now basically useless

A Giga-Sunset For Gigaset IoT Devices

April 3, 2024 by Arya Voronova 73 Comments

In today’s “predictable things that happened before and definitely will happen again”, we have another company in the “smart device” business that has just shuttered their servers, leaving devices completely inert. This time, it’s Gigaset. The servers were shuttered on the 29th of March, and the official announcement (German, Google Translate) states that there’s no easy way out.

It appears that the devices were locked into Gigaset Cloud to perform their function, with no local-only option. This leaves all open source integrations in the dust, whatever documentation there was, is now taken down. As the announcement states, Gigaset Communications Gmbh has gotten acquired due to insolvency, and the buyer was not remotely interested in the Smart Home portion of the business. As the corporate traditions follow, we can’t expect open sourcing of the code or protocol specification or anything of the sort — the devices are bricks until someone takes care of them.

If you’re looking for smart devices on the cheap, you might want to add “Gigaset” to your monitored search term list — we’ll be waiting for your hack submissions as usual. After all, we’ve seen some success stories when it comes to abandoned smart home devices – like the recent Insteon story, where a group of device owners bought out and restarted the service after the company got abruptly shut down.

We thank [Louis] for sharing this with us!

Three ZigBee radios in ESD bags, marked "Zigbee Sniffer", "Router" and "Coordinator".

Crash IoT Devices Through Protocol Fuzzing

April 2, 2024 by Arya Voronova 1 Comment

IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for low-level experiments, just any radio won’t do. This means there’s quite a bit of security ground to cover. Now, the U-Fuzz toolkit from [asset-group] helps us make up for it.

Unlike fuzzers you might imagine, U-Fuzz doesn’t go in blindly. This toolkit has provisions to parse protocols and fuzz fields meaningfully, which helps because many of devices will discard packets they deem too malformed. With U-Fuzz, you feed it a couple packet captures, help it make some conclusions about packet and protocol structure, and get suggestions on how to crash your devices in ways not yet foreseen.

This allows for basically arbitrary protocol fuzzing, and to demonstrate, we get examples on 5G, CoAP and ZigBee probing alike, with a list of found CVEs to wrap the README up. As Wikipedia often states, this list is incomplete, and you can help by expanding it. Fuzzing is an underestimated tool – it will help you hack ubiquitous wireless protocols, proprietary standards, and smart home hubs alike.

Hackaday Links: March 31, 2024

March 31, 2024 by Dan Maloney 6 Comments

Battlelines are being drawn in Canada over the lowly Flipper Zero, a device seen by some as an existential threat to motor vehicle owners across the Great White North. The story started a month or so ago, when someone in the government floated the idea of banning devices that could be “used to steal vehicles by copying the wireless signals for remote keyless entry.” The Flipper Zero was singled out as an example of such a nefarious device, even though relatively few vehicles on the road today can be boosted using the simple replay attack that a Flipper is capable of, and the ones that are vulnerable to this attack aren’t all that desirable — apologies to the 1993 Camry, of course. With that threat hanging in the air, the folks over at Flipper Devices started a Change.org petition to educate people about the misperceptions surrounding the Flipper Zero’s capabilities, and to urge the Canadian government to reconsider their position on devices intended to explore the RF spectrum. That last bit is important, since transmit-capable SDR devices like the HackRF could fall afoul of a broad interpretation of the proposed ban; heck, even a receive-only SDR dongle might be construed as a restricted device. We’re generally not much for petitions, but this case might represent an exception. “First they came for the Flipper Zero, but I did nothing because I don’t have a Flipper Zero…”

Continue reading “Hackaday Links: March 31, 2024” →

A new display wedged into a car-based fridge

New Brains Save 12 V Fridge From The Scrap Heap

March 14, 2024 by Dave Rowntree 17 Comments

Recently [nibbler]’s Evakool 55L vehicle fridge started to act strangely, reporting crazy temperature errors and had no chance of regulating. The determination was that the NTC thermistor was toast, and rather than trying to extricate and replace this part, it was a lot easier to add a new one at a suitable location

A straight swap would have been boring, so this was a perfect excuse for an overboard hack. Reverse engineering the controller wouldn’t be easy, as the data wasn’t available, as is often the case for many products of this nature.

While doing a brain transplant, the hacker way, we can go overboard and add the basics of an IoT control and monitoring system. To that end, [nibbler] learned as much as possible about the off-the-shelf ZH25G compressor and the associated compressor control board. The aim was to junk the original user interface/control board and replace that with a Raspberry Pi Pico W running CircuitPython.

For the display, they used one of the ubiquitous SH1106 monochrome OLED units that can be had for less than the cost of a McDonald’s cheeseburger at the usual purveyors of cheap Chinese electronics. A brief distraction was trying to use a DS18B20 waterproof thermometer probe, which they discovered didn’t function, so they reverted to tried and trusted tech — a simple NTC thermistor.

Continue reading “New Brains Save 12 V Fridge From The Scrap Heap” →

Hacking An Actual WiFi Toothbrush With An ESP32-C3

March 5, 2024 by Maya Posch 15 Comments

Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.

Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)

The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.

The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.

As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for future hacking.

We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.

Continue reading “Hacking An Actual WiFi Toothbrush With An ESP32-C3” →

Haier Europe Eases Off On Legal Threat And Seeks Dialogue

January 22, 2024 by Maya Posch 40 Comments

After initially sending a cease and desist order to [Andre Basche] – the developer of a Haier hOn plugin for Home Assistant – Haier Europe’s head of Brand and IoT has now penned a much more amicable response, seeking to enter into dialogue in search of a solution for both parties.

This latest development is detailed both in the ongoing GitHub issue, as well as the Takedown FAQ and Timeline document that [Andre] created to keep track of everything that’s going on since we last checked in on the situation. As things stand, there is hope that Haier Europe may relent, especially as the company’s US division has shown no inclinations to join in on the original C&D.

In the confusion following the initial C&D announcement demanding the take-down of [Andre]’s hOn-related repositories, it was not clear to many which Haier was involved. As it turns out, Haier Europe as a separately legal entity apparently decided to go on this course alone, with Haier US distancing themselves from the issue. In that same Reddit thread it’s noted that GE Appliances (part of Haier US) has had a local API available for years. This makes Haier Europe the odd one out, even as they’re attempting some damage control now.

Amidst this whirlwind of developments, we hope that Haier Europe can indeed reach an amicable solution with the community, whether it’s continued API usage, or the development of a local API.