IoT

319 Articles

Evolution Of The ESP8266 Party Button

March 28, 2018 by 13 Comments

Sometimes the best part of building something is getting to rebuild it again a little farther down the line. Don’t tell anyone, but sometimes when we start a project we don’t even know where the end is going to be. It’s a starting point, not an end destination. Who wants to do something once when you could do it twice? Maybe even three times for good measure?

Original version of the Party Button

That’s what happened when [Ryan] decided to build a wireless “party button” for his kids. Tied into his Home Assistant automation system, a smack of the button plays music throughout the house and starts changing the colors on his Philips Hue lights. His initial version worked well enough, but in the video after the break, he walks through the evolution of this one-off gadget into a general purpose IoT interface he can use for other projects.

The general idea is pretty simple, the big physical button on the top of the device resets the internal ESP8266, which is programmed to connect to his home WiFi and send a signal to his MQTT server. In the earlier versions of the button there was quite a bit of support electronics to handle converting the momentary action of the button to a “hard” power control for the ESP8266. But as the design progressed, [Ryan] realized he could put the ESP8266 to deep sleep after it sends the signal, and just use the switch to trigger a reset on the chip.

Additional improvements in the newer version of the button include switching from alkaline AA batteries to a rechargeable lithium-ion pack, and even switching over to a bare ESP8266 rather than the NodeMCU development board he was using for the first iteration.

For another take on MQTT home automation with the ESP8266, check out this automatic garage door control system. If the idea of triggering a party at the push of a button has your imagination going, we’ve seen some elaborate versions of that idea as well.

Continue reading “Evolution Of The ESP8266 Party Button”

Programming Linux Devices With Arduino And The Cloud

March 15, 2018 by 28 Comments

Back in the olden days, when the Wire library still sucked, the Arduino was just a microcontroller. Now, we have single board computers and cheap microcontrollers with WiFi built in. As always, there’s a need to make programming and embedded development more accessible and more widely supported among the hundreds of devices available today.

At the Embedded Linux Conference this week, [Massimo Banzi] announced the beginning of what will be Arduino’s answer to the cloud, online IDEs, and a vast ecosystem of connected devices. It’s Arduino Create, an online IDE that allows anyone to develop embedded projects and manage them remotely.

As demonstrated in [Massimo]’s keynote, the core idea of Arduino Create is to put a connected device on the Internet and allow over-the-air updates and development. As this is Arduino, the volumes of libraries available for hundreds of different platforms are leveraged to make this possible. Right now, a wide variety of boards are supported, including the Raspberry Pi, BeagleBone, and several Intel IoT boards.

The focus of this development is platform-agnostic and focuses nearly entirely on ease of use and interoperability. This is a marked change from the Arduino of five years ago; there was a time when the Arduino was an ATmega328p, and that’s about it. A few years later, you could put Arduino sketches on an ATtiny85. A lot has changed since then. We got the Raspberry Pi, we got Intel stepping into the waters of IoT devices, we got a million boards based on smartphone SoCs, and Intel got out of the IoT market.

While others companies and organizations have already made inroads into an online IDE for Raspberry Pis and other single board computers, namely the Adafruit webIDE and Codebender, this is a welcome change that already has the support of the Arduino organization.

You can check out [Massimo]’s keynote below.

Continue reading “Programming Linux Devices With Arduino And The Cloud”

IoT Potty Training

March 10, 2018 by 22 Comments

If you have not had children, stop reading now, we implore you. Because before you’ve had kids, you can’t know how supremely important it is that they take care of going to the bathroom by themselves. [David Gouldin] knows how it is. But unlike most of us, he resorted to using an Amazon IoT button and Twilio. No, we are not kidding.

The problem he was trying to solve is when his younger child would need to use the potty in the middle of the night, calling out for assistance would wake the older child. [David] said it best himself:

Behind the smiling emoji facade is an Amazon IoT button, a variant of Amazon’s dash button. When my kid presses this button, it triggers an AWS Lambda function that uses Twilio’s Python Helper Library to call my iPhone from a Twilio number. The Twilio number is stored in my contacts with “emergency bypass” turned on, so even when it’s 2am and I’m on “do not disturb” I still get the call.

Continue reading “IoT Potty Training”

Memcached Servers Abused For DDoS Attacks

March 1, 2018 by 11 Comments

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

France Proposes Software Security Liability For Manufacturers, Open Source As Support Ends

February 22, 2018 by 58 Comments

It sometimes seems as though barely a week can go by without yet another major software-related hardware vulnerability story. As manufacturers grapple with the demands of no longer building simple appliances but instead supplying them containing software that may expose itself to the world over the Internet, we see devices shipped with insecure firmware and little care for its support or updating after the sale.

The French government have a proposal to address this problem that may be of interest to our community, to make manufacturers liable for the security of a product while it is on the market, and with the possibility of requiring its software to be made open-source at end-of-life. In the first instance it can only be a good thing for device security to be put at the top of a manufacturer’s agenda, and in the second the ready availability of source code would present reverse engineers with a bonanza.

It’s worth making the point that this is a strategy document, what it contains are only proposals and not laws. As a 166 page French-language PDF it’s a long read for any Francophones among you and contains many other aspects of the French take on cybersecurity. But it’s important, because it shows the likely direction that France intends to take on this issue within the EU. At an EU level this could then represent a globally significant move that would affect products sold far and wide.

What do we expect to happen in reality though? It would be nice to think that security holes in consumer devices would be neutralised overnight and then we’d have source code for a load of devices, but we’d reluctantly have to say we’ll believe it when we see it. It is more likely that manufacturers will fight it tooth and nail, and given some recent stories about devices being bricked by software updates at the end of support we could even see many of them willingly consigning their products to the e-waste bins rather than complying. We’d love to be proven wrong, but perhaps we’re too used to such stories. Either way this will be an interesting story to watch, and we’ll keep you posted.

Merci beaucoup [Sebastien] for the invaluable French-language help.

French flag: Wox-globe-trotter [Public domain].

Particle Introduces New Hardware, Adds Mesh Support

February 13, 2018 by 34 Comments

Particle, makers of the WiFi and Cellular IoT modules everyone loves, is introducing their third generation of hardware. The Particle Argon, Boron, and Xenon are Particle’s latest offering in the world of IoT dev boards, and this time they’re adding something amazing: mesh networking.

New Particle boards named Argon, Boron, and XenonThe three new boards are all built around the Nordic nRF52840 SoC and include an ARM Cortex-M4F with 1MB of Flash and 256k of RAM. This chip supports Bluetooth 5 and NFC. Breaking the new lineup down further, the Argon adds WiFi with an ESP32 from Espressif, the Boron brings LTE to the table with a ublox SARA-U260 module, and the Xenon ditches WiFi and Cellular, relying only on Bluetooth, but still retaining mesh networking. This segmentation makes sense; Particle wants you to buy a ton of the Xenon modules to build out your network, and use either the Argon or Boron module to connect to the outside world.

The form factor of the boards conforms to Adafruit Feather standard, a standard that’s good enough, and much better than gigantic Arduino shields with offset pins.

Of particular interest is the support for mesh networks. For IoT solutions (whatever they may be), mesh networking is nearly a necessity if you have a sufficient number of nodes or are covering a large enough area. The technology going into this mesh networking is called Particle Mesh, and is built on OpenThread. While it’s a little early to see Particle’s mesh networking in action, we’re really looking forward to a real-world implementation.

Preorder pricing for these boards sets the Argon module at $15, the Boron at $29, and the Xenon at $9. Shipping is due in July.

Hackaday Links Column Banner

Hackaday Links: January 28, 2018

January 28, 2018 by 14 Comments

In case you haven’t heard, we have a 3D printing contest going on right now. It’s the Repairs You Can Print Contest. The idea is simple: show off how you repaired something with a 3D printer. Prizes include $100 in Tindie credit, and as a special prize for students and organizations (think hackerspaces), we’re giving away a few Prusa i3 MK3 printers.

[Drygol] has made a name for himself repairing various ‘home’ computers over the years, and this time he’s back showing off the mods and refurbishments he’s made to a pile of Amiga 500s. This time, he’s installing some new RAM chips, fixing some Guru Meditations by fiddling with the pins on a PLCC, adding a built-in modulator, installing a dual Kickstart ROM, and installing a Gotek floppy adapter. It’s awesome work that puts all the modern conveniences into this classic computer.

Here’s an FPGA IoT Controller. It’s a Cyclone IV and a WiFi module stuffed into something resembling an Arduino Mega. Here’s the question: what is this for? There are two reasons you would use an FPGA, either doing something really fast, or doing something so weird normal microcontrollers just won’t cut it. I don’t know if there is any application of IoT that overlaps with FPGAs. Can you think of something? I can’t.

Tide pods are flammable.

You know what’s cool? Sparklecon. It’s a party filled with a hundred pounds of LEGO, a computer recycling company, a plasmatorium, and a hackerspace, tucked away in an industrial park in Fullerton, California. It’s completely chill, and a party for our type of people — those who like bonfires, hammer Jenga, beer, and disassembling fluorescent lamps for high voltage transformers.

A few shoutouts for Sparklecon. The 23b Hackerspace is, I guess, the main host here, or at least the anchor. Across the alley is NUCC, the National Upcycled Computing Collective. They’re a nonprofit that takes old servers and such, refurbishes them, and connects them to projects like Folding@Home and SETI@Home. This actually performs a service for scientists, because every moron is mining Bitcoin and Etherium now, vastly reducing the computational capabilities of these distributed computing projects. Thanks, OSH Park, for buying every kind of specialty pizza at Pizza Hut. I would highly encourage everyone to go to Sparklecon next year. This is the fifth year, and it’s getting bigger and better every time.