Fail Of The Week: How Not To Do IoT Security

There are a lot of bad days at work. Often it’s the last day, especially when it’s unexpected. For the particularly unlucky, the first day on a new job could be a bad day. But the day you find an unknown wireless device attached to the underside of your desk has to rank up there as a bad day, or at least one that raises a lot of serious questions.

As alarming as finding such a device would be, and for as poor as the chain of decisions leading these devices being attached to the workstations of the employees at a mercifully unnamed company, that’s not the story that [Erich Styger] seeks to tell. Rather, this is a lesson in teardown skills – for few among us would not channel the anger of finding something like this is into a constructively destructive teardown – and an investigation into the complete lack of security consideration most IoT devices seem to be fielded with these days.

Most of us would recognize the device as some kind of connected occupancy sensor; the PIR lens being the dead giveaway there. Its location under a single person’s desk makes it pretty clear who’s being monitored.

The teardown revealed that the guts of the sensor included a LoRa module, microcontroller, a humidity/temperature sensor, and oddly for a device apparently designed to stick in one place with magnets, an accelerometer. Gaining access to the inner workings was easy through the UART on the microcontroller, and through the debug connectors and JTAG header on the PCB. Everything was laid out for all to see – no firmware protection, API keys in plain text, and trivially easy to reflash. The potential for low-effort malfeasance by a compromised device designed to live under a desk boggles the mind.

The whole article is worth a read, if only as a lesson in how not to do security on IoT devices. We know that IoT security is hard, but that doesn’t make it optional if you’re deploying out in the big wide world. And there’s probably a lot to learn about properly handling an enterprise rollout too. Spoiler alert: not like this.

Dummy Security Camera Is Smarter Than It Looks

The idea behind a dummy security camera is that people who are up to no good might think twice about doing anything to your property when they think they’re being recorded. Obviously a real security camera would be even better, but sometimes that’s just not economically or logistically possible. Admittedly they’re not always very convincing, but for a few bucks, hopefully it’s enough to make the bad guys think twice.

But what if that “fake” camera could do a little more than just look pretty up on the wall? [Chris Chimienti] thought he could improve the idea by adding some electronics that would notify him if motion was detected. As an added bonus, any would-be criminals who might be emboldened by the realization the camera itself is fake might find themselves in for a rude surprise when the notifications start firing off.

In the video after the break, [Chris] really takes his time walking the viewer through the disassembly of the dummy camera. As it turns out, these things look like they’d make excellent project enclosures; they come apart easily, have nothing but empty space inside, and even have an integrated battery compartment. That alone could be a useful tip to file away for the future.

He then goes on to explain how he added some smarts to this dummy camera. Up where the original “lens” was, he installed a PIR sensor, some white LEDs, a light sensor, and the original blinking red LED. All of this was mounted to a very slick 3D printed plate which integrates into the camera’s body perfectly. The new hardware is connected up to a similarly well mounted Wemos D1 Mini inside the camera. The rest of the video goes through every aspect of the software setup, which is sure to be of interest to anyone who’s ever thought of rolling their own IoT device.

This type of PIR sensor is hacker favorite, and we’ve seen a number of projects using them for all sorts of creative purposes. We’ve even seen them paired with the ESP8266 before for Internet-connected motion sensing, albeit without the tidy security camera enclosure.

Continue reading “Dummy Security Camera Is Smarter Than It Looks”

In This Aussie’s Back Yard, No Cat Is Safe From An Automated Soaking!

Some of us here at Hackaday are cat lovers, but we also understand that a plethora of unwanted cats using a suburban back garden can be bothersome, and a few years ago we featured a project from Aussie YouTuber [Craig Turner], in which he created a motion-detecting water spray for use as a relatively harmless cat repellent. Now he’s back with an updated version which is a little slicker and easier to make.

At its heart is the same PIR-turns-on-water operation, but this time there is a solenoid valve and purpose-built nozzle instead of a car central locking actuator and a lawn sprayer. Doing the electronic work is an off-the-shelf PIR module, so there is no  longer any need to hack a security PIR detector. Add in some pipe sections and PTFE tape with a bit of hot glue, and the result is a far more professional and streamlined device. The video gives a full run-down on construction, though we notice he neglected to emphasise the polarity of his protection diode so keep an eye out if you follow his example.

So if the thought of a continuous supply of free feline company courtesy of your neighbours is not for you then now you are equipped to send them packing. The latest video incarnation of the project is below the break, but if you are in search of the original then you can go back to our coverage at the time.

Continue reading “In This Aussie’s Back Yard, No Cat Is Safe From An Automated Soaking!”

Super Simple Sensor Makes DSLR Camera Motion Sensitive

Do you have a need to photographically document the doings of warm-blooded animals? If so, a game camera from the nearest hunting supplier is probably your best bet. But if you don’t need the value-added features such as a weather-resistant housing that can be chained to a tree, this DIY motion trigger for a DSLR is a quick and easy build, and probably loads more fun.

The BOM on [Jeremy S Cook]’s build is extremely short – just a PIR sensor and an optoisolator, with a battery, a plug for the camera’s remote jack, and a 3D-printed bracket. The PIR sensor is housed in a shroud to limit its wide field of view; [Jeremy] added a second shroud when an even narrower field is needed. No microcontroller is needed because all it does is trigger the camera when motion is sensed, but one could be added to support more complicated use cases, like an intervalometer or constraining the motion sensing to certain times of the day. The video below shows the build and some quick tests.

Speaking of intervalometers, we’ve seen quite a few of those over the years. From the tiny to the tinier to the electromechanical, people seem to have a thing for taking snapshots at regular intervals.

Continue reading “Super Simple Sensor Makes DSLR Camera Motion Sensitive”

A Super Simple ESP8266 IOT Motion Sensor

It’s really hard to overstate how awesome ESP8266 development boards like the Wemos D1 Mini really are. For literally a couple of dollars you can get a decently powerful Wi-Fi enabled microcontroller that has enough free digital pins to do some useful work. Like the Arduino and Raspberry Pi before it, the ESP8266 is a device that’s opening up whole new areas of hacking and development that simply weren’t as practical or cost-effective as previously.

As a perfect example, take a look at this stupendously simple Internet-connected motion detector that [Eric William] has come up with. With just a Wemos D1 Mini, a standard PIR sensor, and some open source code, you can create a practical self-contained motion sensor module that can be placed anywhere you want to keep an eye on. When the sensor picks up something moving, it will trigger an IFTTT event.

It only takes three wires to get the electronics connected, but [Eric] has still gone ahead and provided a wiring diagram so there’s no confusion for young players. Add a 3D printed enclosure from Thingiverse and the hardware component of this project is done.

Using the Arduino Sketch [Eric] has written, you can easily plug in your Wi-Fi information and IFTTT key and trigger. All that’s left to do is put this IoT motion sensor to work by mounting it in the area to be monitored. Once the PIR sensor sees something moving, the ESP8266 will trigger IFTTT; what happens after that is up to you and your imagination. In the video after the break, you can see an example usage that pops up a notification on your mobile device to let you know something is afoot.

With its low cost and connectivity options, the ESP8266 is really the perfect platform for remote sensing applications. Though to give credit where credit’s due, this still isn’t the simplest motion sensor build we’ve seen.

Continue reading “A Super Simple ESP8266 IOT Motion Sensor”

Clock Plays A Game Of Pong With Itself To Pass The Time

Would you play a game of Pong where each set lasts exactly one minute and the right player is guaranteed to win 60 times more than the left player? Of course not, but if you were designing a clock that displays the time using a Pong motif, then perhaps it would make sense.

There are some neat design tips in [oliverb]’s Pong Clock that are worth taking a look at. Foremost is the case, which is a retasked jewelry box with a glass lid, procured on the cheap from eBay. It’s a good size for a clock meant to be seen from across the room, and already finished to fit into modern decor. The case holds all the goodies, from the 24×16 green LED matrix display to the Uno that runs the show, as well as an RTC module, a sound chip, a temperature sensor, and a PIR module to turn the display off when the room is unoccupied. To prevent disrupting the sleek lines of the case, all the controls are mounted in a remote panel, itself a clean and modern-looking device thanks to the chrome-plated duplex outlet cover used to house it. The clock has several display modes, from normal time and temperature to a word clock, as well as the Pong mode, where the machine plays itself and the score shows the time. It’s fascinating to watch, and we like everything about it, although we think the tick-tock would drive us nuts pretty quickly.

We recently covered the life and times of [Ted Dabney], one of Pong’s fathers and co-founder of Atari. We tend to think he’d like the design of this clock, both as a nod to his game and for its simple but functional design.

Continue reading “Clock Plays A Game Of Pong With Itself To Pass The Time”

Sense All The Things With A Synthetic Sensor

What will it take to make your house smarter than you? Judging from the price of smart appliances we see in the home centers these days, it’ll take buckets of cash. But what if you could make your home smarter — or at least more observant — with a few cheap, general purpose “supersensors” that watch your every move?

Sounds creepy, right? That’s what [Gierad Laput] and his team at the Carnegie Mellon Human-Computer Interaction Institute thought when they designed their broadband “synthetic sensor,” and it’s why they purposely omitted a camera from their design. But just about every other sensor under the sun is on the tiny board: an IR array, visible light sensors, a magnetometer, temperature, humidity, and pressure sensors, a microphone, PIR, and even an EMI detector. Of course there’s also a WiFi module, but it appears that it’s only for connectivity and not used for sensing, although it clearly could be. All the raw data is synthesized into a total picture of the goings on in within the platform’s range using a combination of machine learning and user training.

The video after the break shows the sensor detecting typical household events from a central location. It’s a powerful idea and we look forward to seeing how it moves from prototype to product. And if the astute reader recognizes [Gierad]’s name, it might be from his past appearance on these pages for 3D-printed hair.

Continue reading “Sense All The Things With A Synthetic Sensor”