The round-about way this iPhone garage door opener was put together borders on Rube Goldberg. But it does indeed get the job done so who are we to judge? Plus you have to consider that the Apple products aren’t quite as hacker friendly as, say, Android phones — so this may have been the easiest non-Jailbreak way.
The main components that went into it are the iPhone, a Wemo WiFi outlet, and a 110V rated mechanical relay. But wait, surely it can’t be that simple? You’re correct, just for added subterfuge [Tall-drinks] rolled IFTTT into the mix.
You may remember hearing about If This Then That from the Alert Tube project. It’s a web-based natural language scripting service. Throw everything together and it works like this: The iPhone sends a text message which IFTTT converts to a Wemo command. A power cord connects the Wemo outlet to the 110V electrodes on the relay. The normally open connection of the relay is attached to the same screw terminals of the garage door opener as the push button that operates it. When the relay closes, the garage door goes up or down.
The biggest problem we have with this is the inability to know if your garage door is open or closed.
[Matt Galisa] decided to try his hand at setting up the Belkin WeMo outlet without using a Smartphone app. The hardware is a pass-through for mains voltage which allows you to switch the plug over the network. It has a built-in WiFi module which normally connects to your home network. But the first time that you power it up it announces its own SSID designed for an iOS (and recently Android Beta) app to connect to in order to enter your AP credentials.
He started with this Python script used for WeMo hacking. It was originally meant to issue commands to the outlet once it had passed the initial setup. [Matt] followed along but couldn’t get an answer on the port he expected. It turns out that the device listens on a different port until the initial setup is complete (probably so that you don’t mess up other outlets on the network that are already working correctly). His next challenge was to manually set the WPA credentials. This never really worked and he ended up using a virtual AP without password protection through DD-WRT. From there he was able to set up a Python script to turn on, off, and toggle the state of the outlet.
If you’re looking to dig deeper into the device’s security check out this project.
This hack could be titled ‘Exercise or Starve’. [Charalampos] needed some motivation to become more active. There’s a device called a FitBit tracker (black and blue on the left) which records your activity and submits it to a web interface. You get daily goals and can earn badges. But those stinking badges didn’t motivate him. He decided he needed something that would really get him off of the couch. So he hacked the FitBit to cut power to his refrigerator. Not meeting his goals will eventually result in a stinky mess and no dinner.
It’s a bad idea to cut power to the icebox. But we see this merely as a proof of concept. He’s using the Belkin WeMo networked outlet. Other than some security issues we discussed on Thursday this is a very simple way to control devices from your server. [Charalampos’] implementation uses the FitBit API to check his activity and drives the outlet accordingly.
The Belkin WeMo is a small, WiFi connected outlet controlled by a mobile device that adds Internet control to a desk lamp, coffee maker, or, if you’re feeling daring, your home server. It’s an interesting device, but of course there are a few security implications of having your electric kettle connected to the Internet. [Daniel] was able to get root on his Belkin WeMo and with full control of his Internet-connected outlet was able to turn it into a deathtrap.
[Daniel] says his exploit could be developed into a virus that will scan for WeMo devices. Once these Internet-connected devices are found, it’s easy to turn these devices on and off really fast; something not too dangerous for a desk lamp, but potentially lethal if it’s plugged into a space heater.
In the video after the break, you can see [Daniel] exploiting the WeMo with a flaw in its UPnP implementation. There’s footage of his terminal hacking and of his desk lamp being turned on and off really fast, something that could be very dangerous for higher current devices.
Continue reading “Turning The Belkin WeMo Into A Deathtrap”