Following Pigs: Building An Injectable Livestock Tracking System

I’m often asked to design customer and employee tracking systems. There are quite a few ways to do it, and it’s an interesting intersection of engineering and ethics – what information is reasonable to collect in different contexts, anonymizing and securely storing it, and at a fundamental level whether the entire system should exist at all.

On one end of the spectrum, a system that simply counts the number of people that are in your restaurant at different times of day is pretty innocuous and allows you to offer better service. On the other end, when you don’t pay for a mobile app, generally that means your private data is the product being bought and sold. Personally, I find that the whole ‘move fast and break things’ attitude, along with a general disregard for the privacy of user data, has created a pretty toxic tech scene. So until a short while ago, I refused to build invasive tracking systems – then I got a request that I simply couldn’t put aside…

Continue reading “Following Pigs: Building An Injectable Livestock Tracking System”

The Trials And Tribulations Of Building An IOT Garage Door Opener

Garage doors can be frustrating things, being a chore to open manually and all. Many people opt to install a motorized opener, but for some, even this isn’t enough. Hooking up a garage door to the Internet of Things has long been a popular project, and [Simon Ludborzs] decided to give it a shot. Naturally, there were some obstacles to be overcome along the way.

[Simon]’s build is relatively straight down the lines, using an ESP-12 as the brains of the operation, which connects to the internet over WiFi. However, robustness was a major goal of the project, and being reliant on shaky cloud-based services wouldn’t do. This opener is set up to work independently of an internet connection, too. There’s a nifty control panel with glowing buttons to operate the opener, in addition to the webpage served up on the network.

During the development, [Simon] ran into several roadblocks. A set of roller door motors were inadvertently killed, and there were issues in getting the web interface working as expected. None of these were showstoppers, though, and with a little work and some new parts, everything came together in the end. The project was then given a proper commercial-grade case, sourced from AliBaba. This is a great step to take for a project expected to hold up to daily use for years on end. He also took the time to document his tips for easier ESP8266 development, which may prove useful to those just getting started with the platform.

Garage door openers remain a common theme around here, but every project has its own story to tell. If you’ve developed a particularly unique solution to your garage access problems, you know who to call.

Raspberry Pi Catches The Early Bird

If you live in an area with high bird activity, setting up a bird feeder and watching some hungry little fellows visit you can be a nice and relaxing pastime. Throw in a Raspberry Pi with some sensors and it can also be the beginning of your next IoT project, as it was the case for [sbkirby] with his Bird Feeder Monitor project.

To track the arrival and departure times of his avian visitors, [sbkirby] attached a set of capacitive touch sensors to each side of his bird feeder, and hooked them up to a Raspberry Pi Zero W via a CAP1188 breakout board. The data is published via MQTT to another Raspberry Pi that serves as backend and stores the data, as well as to an optional additional camera-equipped Pi that will take a picture of each guest along the way. Taking into account that precipitation might affect the sensor readings, he also checks the current weather situation to re-calibrate the sensors if necessary, and also to observe a change in the birds’ presence and eating behavior based on weather conditions.

It seems that sensor-based animal feeding will always serve as inspiration for some new projects, whether feeding the animal itself is the goal, like most recently this fish feeder has shown, or whether the eating behavior is monitored and used for further research such as this squirrel-based weather forecast system.

Understanding Elliptic Curve Cryptography And Embedded Security

We all know the usual jokes about the ‘S’ in ‘IoT’ standing for ‘Security’. It’s hardly a secret that security in embedded, networked devices (‘IoT devices’) is all too often a last-minute task that gets left to whichever intern was unfortunate enough to walk first into the office that day. Inspired by this situation, All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security.

In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC) which prevents anyone from brute-forcing the key. Barring any quantum computers, naturally. All three articles should be understandable by anyone, with a simple, step-by-step format.

The upcoming articles will cover implementing security on microcontrollers specifically.  For those who cannot wait to learn more, Wikipedia has a number of articles on the topic of Elliptic Curve Cryptography (comparing it to the more older and still very common RSA encryption) specifically, as well as the Elliptic-Curve Diffie-Hellman key agreement protocol as discussed in the All About Circuits article.

A detail of note here is that the hardest problem in secure communications isn’t to keep the communications going, but to securely exchange the keys in the first place. That’s why a much much computationally expensive key exchange scheme using an asymmetric (or public-key) cryptography scheme  is generally used to set up the second part of the communications, which would use a much faster symmetric-key cryptography scheme, where both parties have the means to decode and encode messages using the same private key.

All the math aside, one does have to wonder about how one might denote ‘secure’ IoT. Somehow ‘SIoT’ doesn’t feel very catchy.

Reverse Engineering WyzeSense Hardware

Wyze are a company that produces a variety of home automation products. Their Wyze Sense package is a system of contact and PIR home security sensors, that piggy backs off their Wyze Cam product. In the interests of being able to use this hardware outside the prescribed corporate ecosystem, [Xuan Xing] got down to hacking.

The project starts by tearing down the Wyze Cam, and getting serial console access. This was made easier by an existing Github project, which develops custom firmwares for smart cameras. With that in place he was able to see what was going on under the hood, and read the camera’s system logs.

By poring over these logs, and examining the disassembled Wyze Sense dongle, he’s well on the way to discovering how the sensors communicate with the Wyze Cam. The end goal is to enable the Wyze security sensors to be used with the Raspberry Pi platform, and to share the code on Github for other makers to experiment with.

Home automation platforms come and go quicker than the seasons change. This makes the hardware a popular target for hackers trying to get things running independently of any one company’s servers.

Fablab Saigon Celebrates A Belated Arduino Day

Okay, we’ve just left May and stepped into June, why are we talking about Arduino Day — traditionally a March 16th event where makers congregate and share projects? I live in Ho Chi Minh City, and the event tends to take place in mid-May, but the enthusiasm and collaborative spirit are just as strong. Organized by the awesome local maker group Fablab Saigon with the venue provided by Intek Institute, there were some neat projects on display along with some talks from local companies.

The first thing that struck me about the event was how young the maker movement is here – most attendees were still in high school or early university. By contrast, I was 23 when I first learned to use AVR microcontrollers with assembly language (by the time Arduino started to get traction the boat effectively missed me). I couldn’t help but feel like a bit of a relic, at least until we all started talking excitedly about robots (I had brought a couple). It seems that geeking out about electronics is the great equalizer which knows no age limits.

Continue reading “Fablab Saigon Celebrates A Belated Arduino Day”

Fail Of The Week: How Not To Do IoT Security

There are a lot of bad days at work. Often it’s the last day, especially when it’s unexpected. For the particularly unlucky, the first day on a new job could be a bad day. But the day you find an unknown wireless device attached to the underside of your desk has to rank up there as a bad day, or at least one that raises a lot of serious questions.

As alarming as finding such a device would be, and for as poor as the chain of decisions leading these devices being attached to the workstations of the employees at a mercifully unnamed company, that’s not the story that [Erich Styger] seeks to tell. Rather, this is a lesson in teardown skills – for few among us would not channel the anger of finding something like this is into a constructively destructive teardown – and an investigation into the complete lack of security consideration most IoT devices seem to be fielded with these days.

Most of us would recognize the device as some kind of connected occupancy sensor; the PIR lens being the dead giveaway there. Its location under a single person’s desk makes it pretty clear who’s being monitored.

The teardown revealed that the guts of the sensor included a LoRa module, microcontroller, a humidity/temperature sensor, and oddly for a device apparently designed to stick in one place with magnets, an accelerometer. Gaining access to the inner workings was easy through the UART on the microcontroller, and through the debug connectors and JTAG header on the PCB. Everything was laid out for all to see – no firmware protection, API keys in plain text, and trivially easy to reflash. The potential for low-effort malfeasance by a compromised device designed to live under a desk boggles the mind.

The whole article is worth a read, if only as a lesson in how not to do security on IoT devices. We know that IoT security is hard, but that doesn’t make it optional if you’re deploying out in the big wide world. And there’s probably a lot to learn about properly handling an enterprise rollout too. Spoiler alert: not like this.