IoT

318 Articles

Programming Linux Devices With Arduino And The Cloud

March 15, 2018 by 28 Comments

Back in the olden days, when the Wire library still sucked, the Arduino was just a microcontroller. Now, we have single board computers and cheap microcontrollers with WiFi built in. As always, there’s a need to make programming and embedded development more accessible and more widely supported among the hundreds of devices available today.

At the Embedded Linux Conference this week, [Massimo Banzi] announced the beginning of what will be Arduino’s answer to the cloud, online IDEs, and a vast ecosystem of connected devices. It’s Arduino Create, an online IDE that allows anyone to develop embedded projects and manage them remotely.

As demonstrated in [Massimo]’s keynote, the core idea of Arduino Create is to put a connected device on the Internet and allow over-the-air updates and development. As this is Arduino, the volumes of libraries available for hundreds of different platforms are leveraged to make this possible. Right now, a wide variety of boards are supported, including the Raspberry Pi, BeagleBone, and several Intel IoT boards.

The focus of this development is platform-agnostic and focuses nearly entirely on ease of use and interoperability. This is a marked change from the Arduino of five years ago; there was a time when the Arduino was an ATmega328p, and that’s about it. A few years later, you could put Arduino sketches on an ATtiny85. A lot has changed since then. We got the Raspberry Pi, we got Intel stepping into the waters of IoT devices, we got a million boards based on smartphone SoCs, and Intel got out of the IoT market.

While others companies and organizations have already made inroads into an online IDE for Raspberry Pis and other single board computers, namely the Adafruit webIDE and Codebender, this is a welcome change that already has the support of the Arduino organization.

You can check out [Massimo]’s keynote below.

Continue reading “Programming Linux Devices With Arduino And The Cloud”

IoT Potty Training

March 10, 2018 by 22 Comments

If you have not had children, stop reading now, we implore you. Because before you’ve had kids, you can’t know how supremely important it is that they take care of going to the bathroom by themselves. [David Gouldin] knows how it is. But unlike most of us, he resorted to using an Amazon IoT button and Twilio. No, we are not kidding.

The problem he was trying to solve is when his younger child would need to use the potty in the middle of the night, calling out for assistance would wake the older child. [David] said it best himself:

Behind the smiling emoji facade is an Amazon IoT button, a variant of Amazon’s dash button. When my kid presses this button, it triggers an AWS Lambda function that uses Twilio’s Python Helper Library to call my iPhone from a Twilio number. The Twilio number is stored in my contacts with “emergency bypass” turned on, so even when it’s 2am and I’m on “do not disturb” I still get the call.

Continue reading “IoT Potty Training”

Memcached Servers Abused For DDoS Attacks

March 1, 2018 by 11 Comments

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

France Proposes Software Security Liability For Manufacturers, Open Source As Support Ends

February 22, 2018 by 58 Comments

It sometimes seems as though barely a week can go by without yet another major software-related hardware vulnerability story. As manufacturers grapple with the demands of no longer building simple appliances but instead supplying them containing software that may expose itself to the world over the Internet, we see devices shipped with insecure firmware and little care for its support or updating after the sale.

The French government have a proposal to address this problem that may be of interest to our community, to make manufacturers liable for the security of a product while it is on the market, and with the possibility of requiring its software to be made open-source at end-of-life. In the first instance it can only be a good thing for device security to be put at the top of a manufacturer’s agenda, and in the second the ready availability of source code would present reverse engineers with a bonanza.

It’s worth making the point that this is a strategy document, what it contains are only proposals and not laws. As a 166 page French-language PDF it’s a long read for any Francophones among you and contains many other aspects of the French take on cybersecurity. But it’s important, because it shows the likely direction that France intends to take on this issue within the EU. At an EU level this could then represent a globally significant move that would affect products sold far and wide.

What do we expect to happen in reality though? It would be nice to think that security holes in consumer devices would be neutralised overnight and then we’d have source code for a load of devices, but we’d reluctantly have to say we’ll believe it when we see it. It is more likely that manufacturers will fight it tooth and nail, and given some recent stories about devices being bricked by software updates at the end of support we could even see many of them willingly consigning their products to the e-waste bins rather than complying. We’d love to be proven wrong, but perhaps we’re too used to such stories. Either way this will be an interesting story to watch, and we’ll keep you posted.

Merci beaucoup [Sebastien] for the invaluable French-language help.

French flag: Wox-globe-trotter [Public domain].

Particle Introduces New Hardware, Adds Mesh Support

February 13, 2018 by 34 Comments

Particle, makers of the WiFi and Cellular IoT modules everyone loves, is introducing their third generation of hardware. The Particle Argon, Boron, and Xenon are Particle’s latest offering in the world of IoT dev boards, and this time they’re adding something amazing: mesh networking.

New Particle boards named Argon, Boron, and XenonThe three new boards are all built around the Nordic nRF52840 SoC and include an ARM Cortex-M4F with 1MB of Flash and 256k of RAM. This chip supports Bluetooth 5 and NFC. Breaking the new lineup down further, the Argon adds WiFi with an ESP32 from Espressif, the Boron brings LTE to the table with a ublox SARA-U260 module, and the Xenon ditches WiFi and Cellular, relying only on Bluetooth, but still retaining mesh networking. This segmentation makes sense; Particle wants you to buy a ton of the Xenon modules to build out your network, and use either the Argon or Boron module to connect to the outside world.

The form factor of the boards conforms to Adafruit Feather standard, a standard that’s good enough, and much better than gigantic Arduino shields with offset pins.

Of particular interest is the support for mesh networks. For IoT solutions (whatever they may be), mesh networking is nearly a necessity if you have a sufficient number of nodes or are covering a large enough area. The technology going into this mesh networking is called Particle Mesh, and is built on OpenThread. While it’s a little early to see Particle’s mesh networking in action, we’re really looking forward to a real-world implementation.

Preorder pricing for these boards sets the Argon module at $15, the Boron at $29, and the Xenon at $9. Shipping is due in July.

Hackaday Links Column Banner

Hackaday Links: January 28, 2018

January 28, 2018 by 14 Comments

In case you haven’t heard, we have a 3D printing contest going on right now. It’s the Repairs You Can Print Contest. The idea is simple: show off how you repaired something with a 3D printer. Prizes include $100 in Tindie credit, and as a special prize for students and organizations (think hackerspaces), we’re giving away a few Prusa i3 MK3 printers.

[Drygol] has made a name for himself repairing various ‘home’ computers over the years, and this time he’s back showing off the mods and refurbishments he’s made to a pile of Amiga 500s. This time, he’s installing some new RAM chips, fixing some Guru Meditations by fiddling with the pins on a PLCC, adding a built-in modulator, installing a dual Kickstart ROM, and installing a Gotek floppy adapter. It’s awesome work that puts all the modern conveniences into this classic computer.

Here’s an FPGA IoT Controller. It’s a Cyclone IV and a WiFi module stuffed into something resembling an Arduino Mega. Here’s the question: what is this for? There are two reasons you would use an FPGA, either doing something really fast, or doing something so weird normal microcontrollers just won’t cut it. I don’t know if there is any application of IoT that overlaps with FPGAs. Can you think of something? I can’t.

Tide pods are flammable.

You know what’s cool? Sparklecon. It’s a party filled with a hundred pounds of LEGO, a computer recycling company, a plasmatorium, and a hackerspace, tucked away in an industrial park in Fullerton, California. It’s completely chill, and a party for our type of people — those who like bonfires, hammer Jenga, beer, and disassembling fluorescent lamps for high voltage transformers.

A few shoutouts for Sparklecon. The 23b Hackerspace is, I guess, the main host here, or at least the anchor. Across the alley is NUCC, the National Upcycled Computing Collective. They’re a nonprofit that takes old servers and such, refurbishes them, and connects them to projects like Folding@Home and SETI@Home. This actually performs a service for scientists, because every moron is mining Bitcoin and Etherium now, vastly reducing the computational capabilities of these distributed computing projects. Thanks, OSH Park, for buying every kind of specialty pizza at Pizza Hut. I would highly encourage everyone to go to Sparklecon next year. This is the fifth year, and it’s getting bigger and better every time.

Build An Excellent Coffee Roaster With A Satisfyingly Low Price Tag

January 23, 2018 by 62 Comments

There’s a lot of mysticism around coffee roasting, but in the end it couldn’t be simpler. Take a bunch of beans, heat them up evenly, and stop before they get burned. The rest is details.

And the same goes for coffee roasters. The most primitive roasting technique involves stirring the beans in a pan or wok to keep them from scorching on the bottom. This works great, but it doesn’t scale. Industrial drum roasters heat a rotating drum with ridges on the inside like a cement mixer to keep the beans in constant motion while they pass over a gas fire. Fluidized-bed roasters use a strong stream of heated air to whirl the beans around while roasting them evenly. But the bottom line is that a coffee roaster needs to agitate the beans over a controllable heat source so that they roast as evenly as possible.

My DIY coffee roaster gave up the ghost a few days ago and I immediately ordered the essential replacement part, a hot air popcorn popper, to avert a true crisis: no coffee! While I was rebuilding, I thought I’d take some pictures and share what I know about the subject. So if you’re interested in roasting coffee, making a popcorn popper into a roaster, or even just taking an inside look at a thoroughly value-engineered kitchen machine, read on!

Continue reading “Build An Excellent Coffee Roaster With A Satisfyingly Low Price Tag”