IoT

318 Articles

Review: IoT Data Logging Services With MQTT

October 31, 2017 by 11 Comments

For the last few months, I had been using Sparkfun’s Phant server as a data logger for a small science project. Unfortunately, they’ve had some serious technical issues and have discontinued the service. Phant was good while it lasted: it was easy to use, free, and allowed me to download the data in a CSV format. It shared data with analog.io, which at the time was a good solution for data visualization.

While I could continue using Phant since it is an open-source project and Sparkfun kindly releases the source code for the server on Github, I thought it might be better to do some research, see what’s out there. I decided to write a minimal implementation for each platform as an interesting way to get a feel for each. To that end, I connected a DHT11 temperature/humidity sensor to a NodeMCU board to act as a simple data source.

Continue reading “Review: IoT Data Logging Services With MQTT”

Don’t Miss The Bus: A One-Day Build

October 23, 2017 by 7 Comments

Sometimes the most satisfying hacks are those that spring from a situation where resources are limited, either by choice or by chance. Constraints tend to stir the creative juices.

Serial Hackaday poster [limpkin] limited himself to a one-day build with what he had on hand for this bus-route countdown timer. Full points for actually building something useful, and extra credit for making something to keep his wife from being late for work.

The principle is simple: scrape a web page to find out how much time is left before either of two busses leaves his wife’s stop, and display the number of minutes left on a huge LED display. The parts bin gave up everything needed, including an ESP8266, a boost converter, a charge controller, and the display and driver. We’re skeptical that the PCB was fabricated the same day; looks like [limpkin] is only counting the design and coding time in his 10-hour build. Still, it’s a testament to what’s possible with a deep inventory and the skills to put it to use.

Check out some of [limpkin]’s other hacks, like this Formula-E race car PCB or his adventures in laundry larceny. Oh, and he also used to write for Hackaday.

Aussies Propose Crackdown On Insecure IoT Devices

October 16, 2017 by 36 Comments

We’ve all seen the stories about IoT devices with laughably poor security. Both within our community as fresh vulnerabilities are exposed and ridiculed, and more recently in the wider world as stories of easily compromised baby monitors have surfaced in mass media outlets. It’s a problem with its roots in IoT device manufacturers treating their products as appliances rather than software, and in a drive to produce them at the lowest possible price.

The Australian government have announced that IoT security is now firmly in their sights, announcing a possible certification scheme with a logo that manufacturers would be able to use if their products meet a set of requirements. Such basic security features as changeable, non-guessable, and non-default passwords are being mentioned, though we’re guessing that would also include a requirement not to expose ports to the wider Internet. Most importantly it is said to include a requirement for software updates to fix known vulnerabilities. It is reported that they are also in talks with other countries to harmonize some of these standards internationally.

It is difficult to see how any government could enforce such a scheme by technical means such as disallowing Internet connection to non-compliant devices, and if that was what was being proposed it would certainly cause us some significant worry. Therefore it’s likely that this will be a consumer certification scheme similar to for example the safety standards for toys, administered as devices are imported and through enforcement of trading standards legislation. The tone in which it’s being sold to the public is one of “Think of the children” in terms of compromised baby monitors, but as long-time followers of Hackaday will know, that’s only a small part of the wider problem.

Thanks [Bill Smith] for the tip.

Baby monitor picture: Binatoneglobal [CC BY-SA 3.0].

Encryption For The Most Meager Of Devices

October 15, 2017 by 57 Comments

It seems that new stories of insecure-by-design IoT devices surface weekly, as the uneasy boundary is explored between the appliance and the Internet-connected computer. Manufacturers like shifting physical items rather than software patches, and firmware developers may not always be from the frontline of Internet security.

An interesting aside on the security of IoT traffic comes from [boz], who has taken a look at encryption of very low data rate streams from underpowered devices. Imagine perhaps that you have an Internet-connected sensor which supplies only a few readings a day that you would like to keep private. Given that your sensor has to run on tiny power resources so a super-powerful processor is out of the question, how do you secure your data? Simple encryption schemes are too easily broken.

He makes the argument for encryption from a rather unexpected source: a one-time pad. We imagine a one-time pad as a book with pages of numbers, perhaps as used by spies in Cold-War-era East Berlin or something. Surely storing one of those would be a major undertaking! In fact a one-time pad is simply a sequence of random keys that are stepped through, one per message, and if your message is only relatively few bytes a day then you have no need to generate more than a few K of pad data to securely encrypt it for years. Given that even pretty meager modern microcontrollers have significant amounts of flash at their disposal, pad storage for sensor data of this type is no longer a hurdle.

Where some controversy might creep in is the suggestion that a pad could be recycled when its last entry has been used. You don’t have to be a cryptologist to know that reusing a one-time pad weakens the integrity of the cypher, but he has a valid answer there too, If the repeat cycle is five years, your opponent must have serious dedication to capture all packets, and at that point it’s worth asking yourself just how sensitive the sensor data in question really is.

Custom Lightbulb Firmware

October 1, 2017 by 15 Comments

The Internet of Things is developing at a rapid pace, as hobbyists and companies rush to develop the latest and greatest home automation gear. One area of particular interest to some is lighting – yes, even the humble lightbulb now comes with a brain and is ripe for the hacking.

[Tinkerman] starts by doing a full disassembly of the Sonoff B1 lightbulb. It’s a popular device, and available for less than $20 on eBay. Rated at 6 watts, the bulb has a heatsink that is seemingly far larger than necessary. Inside is the usual AC/DC converter, LED driver and an ESP8285 running the show. While this is a slightly different part to the usual ESP8266, it can be programmed in the same way by selecting the correct programming mode.

This is where it gets interesting – [Tinkerman] flashes the device with a custom firmware known as ESPurna. This firmware enables greater control over the function of the bulb, from colour choice, to speaking to the bulb over MQTT.

[Tinkerman] does a great job of walking through the exact steps needed to disassemble and reprogram the bulb, and touches upon the added flexibility given by the custom firmware. We love to see projects like this one, that give greater control over IoT devices and enable users to better integrate them with other systems.

AI: This Decade’s Worst Buzz Word

September 18, 2017 by 84 Comments

In hacker circles, the “Internet of Things” is often the object of derision. Do we really need the IoT toaster? But there’s one phrase that — while not new — is really starting to annoy me in its current incarnation: AI or Artificial Intelligence.

The problem isn’t the phrase itself. It used to mean a collection of techniques used to make a computer look like it was smart enough to, say, play a game or hold a simulated conversation. Of course, in the movies it means HAL9000. Lately, though, companies have been overselling the concept and otherwise normal people are taking the bait.

The Alexa Effect

Not to pick on Amazon, but all of the home assistants like Alexa and Google Now tout themselves as AI. By the most classic definition, that’s true. AI techniques include matching natural language to predefined templates. That’s really all these devices are doing today. Granted the neural nets that allow for great speech recognition and reproduction are impressive. But they aren’t true intelligence nor are they even necessarily direct analogs of a human brain.

Continue reading “AI: This Decade’s Worst Buzz Word”

DIY Wireless Sprinkler System? Don’t Mind If I Do.

September 5, 2017 by 13 Comments

What to do once you have a sprinkler system installed on your property: buy a sprinkler control system or make your own? The latter, obviously.

[danaman] was determined to hack together a cheap, IoT-enabled system but it wasn’t easy — taking the better part of a year to get working. Instead of starting right from scratch, he used the open-source Sustainable Irrigation Platform(SIP) control software — a Python sprinkler scheduler with some features [danman] was looking for(eg: it won’t activate if there’s rain in the forecast). Since he wasn’t running it with a Raspberry Pi as recommended, [danman] wrote a Python plugin that runs on his home server as a daemon which listens to TCP port 20000 for connections and then updates the relevant relays. Ok, software done; on to the relay controller box!

Continue reading “DIY Wireless Sprinkler System? Don’t Mind If I Do.”