Screenshot of eBay listings with Gigaset IoT devices being sold, now basically useless

A Giga-Sunset For Gigaset IoT Devices

In today’s “predictable things that happened before and definitely will happen again”, we have another company in the “smart device” business that has just shuttered their servers, leaving devices completely inert. This time, it’s Gigaset. The servers were shuttered on the 29th of March, and the official announcement (German, Google Translate) states that there’s no easy way out.

It appears that the devices were locked into Gigaset Cloud to perform their function, with no local-only option. This leaves all open source integrations in the dust, whatever documentation there was, is now taken down. As the announcement states, Gigaset Communications Gmbh has gotten acquired due to insolvency, and the buyer was not remotely interested in the Smart Home portion of the business. As the corporate traditions follow, we can’t expect open sourcing of the code or protocol specification or anything of the sort — the devices are bricks until someone takes care of them.

If you’re looking for smart devices on the cheap, you might want to add “Gigaset” to your monitored search term list — we’ll be waiting for your hack submissions as usual. After all, we’ve seen some success stories when it comes to abandoned smart home devices – like the recent Insteon story, where a group of device owners bought out and restarted the service after the company got abruptly shut down.

We thank [Louis] for sharing this with us!

Three ZigBee radios in ESD bags, marked "Zigbee Sniffer", "Router" and "Coordinator".

Crash IoT Devices Through Protocol Fuzzing

IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for low-level experiments, just any radio won’t do. This means there’s quite a bit of security ground to cover. Now, the U-Fuzz toolkit from [asset-group] helps us make up for it.

Unlike fuzzers you might imagine, U-Fuzz doesn’t go in blindly. This toolkit has provisions to parse protocols and fuzz fields meaningfully, which helps because many of devices will discard packets they deem too malformed. With U-Fuzz, you feed it a couple packet captures, help it make some conclusions about packet and protocol structure, and get suggestions on how to crash your devices in ways not yet foreseen.

This allows for basically arbitrary protocol fuzzing, and to demonstrate, we get examples on 5G, CoAP and ZigBee probing alike, with a list of found CVEs to wrap the README up. As Wikipedia often states, this list is incomplete, and you can help by expanding it. Fuzzing is an underestimated tool – it will help you hack ubiquitous wireless protocols, proprietary standards, and smart home hubs alike.

Hackaday Links Column Banner

Hackaday Links: March 31, 2024

Battlelines are being drawn in Canada over the lowly Flipper Zero, a device seen by some as an existential threat to motor vehicle owners across the Great White North. The story started a month or so ago, when someone in the government floated the idea of banning devices that could be “used to steal vehicles by copying the wireless signals for remote keyless entry.” The Flipper Zero was singled out as an example of such a nefarious device, even though relatively few vehicles on the road today can be boosted using the simple replay attack that a Flipper is capable of, and the ones that are vulnerable to this attack aren’t all that desirable — apologies to the 1993 Camry, of course. With that threat hanging in the air, the folks over at Flipper Devices started a Change.org petition to educate people about the misperceptions surrounding the Flipper Zero’s capabilities, and to urge the Canadian government to reconsider their position on devices intended to explore the RF spectrum. That last bit is important, since transmit-capable SDR devices like the HackRF could fall afoul of a broad interpretation of the proposed ban; heck, even a receive-only SDR dongle might be construed as a restricted device. We’re generally not much for petitions, but this case might represent an exception. “First they came for the Flipper Zero, but I did nothing because I don’t have a Flipper Zero…”

Continue reading “Hackaday Links: March 31, 2024”

A new display wedged into a car-based fridge

New Brains Save 12 V Fridge From The Scrap Heap

Recently [nibbler]’s Evakool 55L vehicle fridge started to act strangely, reporting crazy temperature errors and had no chance of regulating. The determination was that the NTC thermistor was toast, and rather than trying to extricate and replace this part, it was a lot easier to add a new one at a suitable location

Bog-standard fridge internals

A straight swap would have been boring, so this was a perfect excuse for an overboard hack. Reverse engineering the controller wouldn’t be easy, as the data wasn’t available, as is often the case for many products of this nature.

While doing a brain transplant, the hacker way, we can go overboard and add the basics of an IoT control and monitoring system. To that end, [nibbler] learned as much as possible about the off-the-shelf ZH25G compressor and the associated compressor control board. The aim was to junk the original user interface/control board and replace that with a Raspberry Pi Pico W running CircuitPython.

For the display, they used one of the ubiquitous SH1106 monochrome OLED units that can be had for less than the cost of a McDonald’s cheeseburger at the usual purveyors of cheap Chinese electronics.  A brief distraction was trying to use a DS18B20 waterproof thermometer probe, which they discovered didn’t function, so they reverted to tried and trusted tech — a simple NTC thermistor.

Continue reading “New Brains Save 12 V Fridge From The Scrap Heap”

Hacking An Actual WiFi Toothbrush With An ESP32-C3

Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.

Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)
Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)

The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.

The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.

As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for future  hacking.

We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.

Continue reading “Hacking An Actual WiFi Toothbrush With An ESP32-C3”

Haier Europe Eases Off On Legal Threat And Seeks Dialogue

After initially sending a cease and desist order to [Andre Basche] – the developer of a Haier hOn plugin for Home Assistant – Haier Europe’s head of Brand and IoT has now penned a much more amicable response, seeking to enter into dialogue in search of a solution for both parties.

This latest development is detailed both in the ongoing GitHub issue, as well as the Takedown FAQ and Timeline document that [Andre] created to keep track of everything that’s going on since we last checked in on the situation. As things stand, there is hope that Haier Europe may relent, especially as the company’s US division has shown no inclinations to join in on the original C&D.

In the confusion following the initial C&D announcement demanding the take-down of [Andre]’s hOn-related repositories, it was not clear to many which Haier was involved. As it turns out, Haier Europe as a separately legal entity apparently decided to go on this course alone, with Haier US distancing themselves from the issue. In that same Reddit thread it’s noted that GE Appliances (part of Haier US) has had a local API available for years. This makes Haier Europe the odd one out, even as they’re attempting some damage control now.

Amidst this whirlwind of developments, we hope that Haier Europe can indeed reach an amicable solution with the community, whether it’s continued API usage, or the development of a local API.

Haier Threatens Legal Action Against Home Assistant Plugin Developer

Appliance manufacturer Haier has been integrating IoT features into their newer products, and as is so common these days, users are expected to install their “hOn” mobile application to access them. Not satisfied with that limitation, [Andre Basche] reverse engineered the protocol used by the app, and released a Python library and associated Home Assistant plugin to interface with a wide array of Haier appliances, which includes brands like Hoover, Candy, GE Appliances and others.

Unfortunately, it looks like his efforts have gotten him into a bit of legal hot water. In an issue recently opened on the project’s GitHub page, [Andre] explains the circumstances and legal options that have led him to consider pulling the repositories completely — mostly due to the cost of mounting a legal defense to the cease & desist from Haier Europe.

What’s ironic here is that Haier has been part of the Connectivity Standard Alliance (CSA) since 2022, whose goal is to ‘promote universal open IoT standards’, including Matter.

It’s possible that a legal defense will be mounted against this C&D from Haier within the coming days. Yet regardless of the outcome here, it remains problematic that these IoT-enabled Haier appliances are connected to the Haier servers. Ideally they would be controlled locally, which is the goal of projects like [Miguel Ángel López Vicente]’s ESP Haier, that uses an ESP8266 to connect Haier AC units to the local WiFi and e.g. HA instances, all without requiring internet access.

This is sadly just one more example of why building your own off-line smart home can be such an incredible struggle.

Thanks to [Ar3itrary] for the tip.