IoT

322 Articles

Quick And Easy IoT Prototyping With Involt

February 4, 2017 by 20 Comments

IoT, web apps, and connected devices are all becoming increasingly popular. But, the market still resembles a wild west apothecary, and no single IoT ecosystem or architecture seems to be the one bottle of snake oil we’ll all end up using. As such, we hackers are keen to build our own devices, instead of risking being locked into an IoT system that could become obsolete at any time. But, building an IoT device and interface takes a wide range of skills, and those who are lacking skill in the dark art of programming might have trouble creating a control app for their shiny new connected-thing.

Enter Involt, which is a framework for building hardware control interfaces using HTML and CSS. The framework is built on Node-Webkit, which means the conventions should be familiar to those with a bit of web development background. Hardware interactions (on Arduinos) are handled with simple CSS classes. For example, a button might contain a CSS class which changes an Arduino pin from high to low.

Involt can take that CSS and convert it into a function, which is then sent to the Arduino via serial or Bluetooth communication. For more advanced functionality, Javascript (or really any other language) can be used to define what functions are generated — and, in turn, sent to the Arduino. But, all that is needed for the basic functionality necessary for many IoT devices (which might only need to be turned on and off, or set to a certain value) is a bit of HTML and CSS knowledge. You’ll create both the interface and the underlying hardware interactions all within an HTML layout with CSS styling and functionality.

While Involt isn’t the only framework to simplify hardware interaction (it’s not even the only Node.js based method), the simplicity is definitely laudable. For those who are just getting started with these sorts of devices, Involt can absolutely make the process faster and less painful. And, even for those who are experienced in this arena, the speed and efficiency of prototyping with Involt is sure to be useful.

Popular Printers Pwned In Prodigious Page Prank

February 4, 2017 by 40 Comments

A new day dawns, and we have another story involving insecure networked devices. This time it is printers of all makes and descriptions that are causing the panic, as people are finding mystery printouts bearing messages such as this:

Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned

Well that’s it then, you can’t argue with a deity, especially one who has apparently created a botnet from the world’s printing devices. Printer owners the world over are naturally worried about their unexpected arrival, and have appeared on support forums and the like to express their concern.

We are of course used to taking everything our printers tell us at face value. Low on ink? I hear you, my inanimate reprographic friend! But when our printer tells us it’s part of a botnet perhaps it’s time to have a little think. It is entirely possible that someone could assemble a botnet of compromised printers, but in this case we smell a rat. Only in farcical crime dramas do crooks announce their crimes in such a theatrical fashion, you might say it’s the point of a botnet not to be detected by its host. Reading some of the reports it seems that many of the affected systems have port 9100 open to the world, that’s the standard TCP printer port, so it seems much more likely that someone has written a little script that looks for IP addresses with port 9100 open, and trolls them with this message.

The real message here is one with which we expect Hackaday readers will be very familiar, and which we’ve covered before. Many network connected appliances have scant regard for security, and are a relative push-over for an attacker. The solution is relatively straightforward to those of a technical inclination, be aware of which services the devices is exposing, lock down services such as uPNP and close any open ports on your router. Unfortunately these steps are probably beyond many home users, whose routers remain with their default manufacturer’s settings for their entire lives. It’s a shame our printer troll didn’t add a link to basic router security tips.

If you want to have a little fun, some of the printed pages include an email address for ‘the god’. It would be fun to figure out who this is, right?

Dash With Arduino

February 2, 2017 by 5 Comments

Amazon Dash is a handy service, and when Amazon released their AWS IoT platform, [Brian Carbonette] felt that it left out all the hardware hackers from the tinkering fun. Seeking justice, he put together a guide for an Arduino Dash button aimed at hardware hackers and those who are still easing into the world.

For his build, [Carbonette] used an Arduino MKR1000, laying out a few different configuration options for building your button. He has also gone to great lengths to help all comers tackle the Arduino-Dash API communication process by building an AmazonDRS Arduino Library, which handles all the “boring details,” so you can focus on the hardware. With the warning that the software-side setup is tedious the first time around, [Carbonette] has included a detailed manual for setting up the aforementioned AmazonDRS library, some example code, and a breakdown thereof. He also suggests implementing other features — such as a notification if the item is out of stock on Amazon — to tie the project together.

Continue reading “Dash With Arduino”

IoT-ify All Things: LG Has Gone Overboard

January 9, 2017 by 133 Comments

If you been following Hackaday lately, you’ve surely noticed an increased number of articles about IoT-ifying stuff. It’s a cool project to take something old (or new) and improve its connectivity, usually via WiFi, making it part of the Internet of Things. Several easy to use modules, in particular the ESP8266, are making a huge contribution to this trend. It’s satisfactory to see our homes with an ESP8266 in every light switch and outlet or to control our old stereo with our iPhone. It gives us a warm fuzzy feeling. And that’s completely fine for one’s personal projects.

But what happens when this becomes mainstream? When literally all our appliances are ‘connected’ in the near future? The implications might be a lot harder to predict than expected. The near future, it seems, starts now.

This year, at CES, LG Electronics (LG) has introduced Smart InstaView™, a refrigerator that’s powered by webOS smart platform and integrated with Amazon’s Alexa Voice Service.

… with webOS, consumers can also explore a host of WiFi-enabled features directly on the refrigerator, creating a streamlined and powerful food management system all housed directly on the front of the fridge door. Amazon’s Alexa Voice Service gives users access to an intelligent personal assistant that, in addition to searching recipes, can play music, place Prime-eligible orders from Amazon.com…

This is ‘just’ a fridge. There are other WiFi-enabled appliances by now, so what?  Apparently, during the LG press conference last Wednesday, the company marketing VP David VanderWaal said that from 2017 on, all of LG’s home appliances will feature “advanced Wi-Fi connectivity”.

Notice the word advanced, we wonder what that means? Will ‘advanced’ mean complicated? Mesh? Secure? Intelligent? Will our toaster finally break the Internet and ruin it for everyone by the end of the year? Will the other big players in the home appliances market jump in the WiFi wagon? We bet the answer is yes.

Here be dragons.

[via Ars Technica]

Appliance Monitor Is Kinda Shaky

January 8, 2017 by 24 Comments

Lots of people set out to build appliance monitors, whether it be for the fridge, the garage door, or the washing machine. Often, it’s nicer not to cut into an appliance to make direct electrical connections, especially when mains power or water is involved. But how else can we know what the appliance is doing?

[Drew Dormann] wanted to smarten up his old washing machine, so designed a system that uses a vibration sensor to monitor appliances. It’s a simple build, pairing the 801s vibration sensor with a Raspberry Pi Zero. Naturally, adapter boards are readily available to make hooking things up easy. Then it’s just a matter of tying it all together with a simple Python script which sends notifications using Twitter & PushBullet.

It’s important to note that this approach isn’t just limited to washing machines – there’s a whole laundry list of home appliances that vibrate enough to be monitored in this way! It’s likely you could even spy on a communal microwave in this way, though you might struggle with WiFi dropouts due to interference. Build it and let us know.

[Drew]’s build is a great example of what you can put together in a few hours with parts off the shelf. For those that consider the Pi Zero overkill for this application, consider this vibration-based laundry monitor based on the ESP8266. Think you can do better? Show us what you’ve got on Hackaday.io!

ESP-ing A Philips Sound System.

January 5, 2017 by 42 Comments

IoT-ifying old stuff is cool. Or even new, offline stuff. It seems to be a trend. And it’s sexy. Yes, it is. Why are people doing this, you may ask: we say why not? Why shouldn’t a toaster be on the IoT? Or a drill press? Or a radio? Yes, a radio.

[Dr. Wummi] just added another device to the IoT, the Internet of Thongs as he calls it. It’s a Philips MCM205 Micro Sound System radio. He wanted to automate his radio but his original idea of building a setup with an infrared LED to remotely control it failed. He blamed it to “some funky IR voodoo”.  So he decided to go for an ESP8266 based solution with a NodeMCU. ESP8266 IR remotes have been known to work before but maybe those were just not voodoo grade.

After opening the radio up, he quickly found that the actual AM/FM Radio was a separate module. The manufacturer was kind enough to leave the pins nicely labelled on the mainboard. Pins labelled SCL/SDA hinted that AM/FM module spoke I²C. He tapped in the protocol via Bus Pirate and it was clear that the radio had an EEPROM somewhere on the main PCB. A search revealed a 24C02 IC in the board, which is a 2K I²C EEPROM. So far so good but there were other functionalities left to control, like volume or CD playing. For that, he planned to tap into the front push button knob. The push button had different resistors and were wired in series so they generated different voltages at the main board radio ADC Pins. He tried to PWM with the NodeMCU to simulate this but it just didn’t work.

Continue reading “ESP-ing A Philips Sound System.”

OWL Insecure Internet Of Energy Monitors

January 2, 2017 by 25 Comments

[Chet] bought an electricity monitor from OWL, specifically because it was open and easy to hack on at him within the confines of his home network. Yay! Unfortunately, it also appears to be easy to hack read outside of his home network too, due to what appears to be extraordinarily sloppy security practices.

The short version of the security vulnerability is that the OWL energy monitors seem to be sending out their data to servers at OWL, and this data is then accessible over plain HTTP (not HTTPS) and with the following API: http://beta.owlintuition.com/api/electricity/history_overview.php?user=&nowl=&clientdate=. Not so bad, right? They are requiring username and password, plus the ID number of the device. Maybe someone could intercept your request and read your meter remotely, because it’s not encrypting the transaction?

Nope. Much worse. [Chet] discovered that the username and password fields appear not to be checked, and the ID number is the device’s MAC address which makes is very easy to guess at other device IDs. [Chet] tried 256 MACs out, and got 122 responses with valid data. Oh my!

Take this as a friendly reminder and a cautionary tale. If you’re running any IoT devices, it’s probably worth listening to what they’re saying and noting to whom they’re saying it, because every time you send your data off to “the cloud” you’re trusting someone else to have done their homework. It is not a given that they will have.