Local Control of IoT Devices
I’m all about tech and gadgets but I’m all about security as well. Internet of Things is a term coined that relates to smart devices that are connected to the internet. Local control is a term that means your IoT devices only run on your LOCAL network and are not internet facing. Typically, the state of security is very poor with IoT devices. There have been some very high profile hacks and intrusions and I’ll highlight just a few of them. You can dig deeper if you want.
- A Computer Takeover of a Jeep. Yep. It happened.
- Ring doorbell cameras and microphones hacked.
- Multitudes of smart devices with open SSH, Telnet, or HTTP ports open.
- St. Judes hackable cardiac devices.
- Baby monitor hacks. – This one is semi personal to me. I am into Ham Radio and RTL-SDR devices. One day I’m using an RTL-SDR device and listening around 900 MHz. Lo and behold I can hear my neighbors baby monitor IN THE CLEAR. Also in a similar vein one day I find Television audio where there shouldn’t be television audio. Turns out it is the next door neighbors wireless headphones.
- SimpliSafe – Same thing. One day I’m setting up a 433 MHz receiver for RF home automation and I begin receiving packets of information from a neighbors SimpliSafe. Got their Pin Code and password because it was transmitted in the clear. Hope they fixed that by now.
- Mirai Bot Net Attack – using hundreds of thousands of hacked IoT devices to perform Denial of Service attacks.
- Phillips Hue – Terrible security.
IoT Can Be Dangerous
I can go on and on and on. If you google “IoT exploits” or “IoT hack examples” you can go down the rabbit hole. I think the biggest take-away here is that all those cool cameras, LED strips, smart light bulbs, smart outlets and smart switches, and security devices can be a giant security issue waiting to happen. What a dichotomy, huh? You buy some security devices to make you safe and they in turn CAUSE you to get exploited.
Local Control
One way to mitigate these issues is to ensure your IoT devices are NOT connected to the internet. Additionally, it seems odd that you wouldn’t want an Internet of Things device connected to the Internet.
Not really. What you want is LOCAL CONTROL. In other words the devices sits behind your (hopefully very secure) network and they do not talk to the outside world. Your security cams, light switches, light bulbs, etc are only accessible to YOU on YOUR NETWORK.
First and foremost the network needs to be secure. If you bought a router at Walmart and hooked it directly to your modem you are SCREWED. Home routers with stock firmware are like Swiss cheese to hackers. There is essentially no security. If you don’t believe me find your router model number and google “Netgear XXXXXXXX exploit”. You’ll see.
Firewalls
I personally run my network behind a hardware firewall and routers on Virtual LAN’s (VLAN’s) running 3rd party firmware such as OpenWRT or DD-WRT. Can the super hackers in North Korea or the National Security Agency get me? Probably. But why make it easy?
If you have a stock router connected directly to the internet and you have lights talking to servers in China I dare say you probably are a had lad. Sure whipping out your iPhone and making your LED’s strobe like a police car is COOL but at what cost?
So again the answer here is LOCAL CONTROL. All these devices have/had ESP8266, or other variant chips in them. They are flashable with 3rd party, OPEN SOURCE firmware such as Tasmota or ESPHome. There are others out there. I used to use one called “Homie”. Anyway these firmwares allow for MQTT messaging. Surprisingly the acronym MQTT doesn’t stand for anything, although there was some name evolution……….anyway MQTT is a light weight MACHINE to MACHINE protocol that involves a client and a broker. It can all be run locally.
Air Gap
Also, you may have heard the term “Air Gap” as it relates to Network Security. That is where the network is protected by not being connected to anything. Can you still hack an air gapped network? You betcha. Do you remember the Iranian centrifuges that turned themselves on full speed and destroyed themselves? That was an air gap exploit probably performed by PHYSICAL ACCESS or doing something like leaving a USB drive on the ground in the parking lot. What are you gonna do if you find a brand new USB drive laying around. Why, by golly, you’ll plug it in somewhere to see what’s on it. Anyway google “Stuxnet” if you want to learn about that hack. I believe it was an Air Gap Windows attack.
So essentially we want an air gap with our IoT devices. We want them talking to a local broker, usually using a program called Mosquitto, and keeping everything behind our firewall.
Home automation software such as Home Assistant can auto-magically pull in Tasmota flashed devices set up with MQTT. It sounds difficult, and it one time it kinda was, but now it is pretty easy.
Also, now it seems there is a shift in the force where many IoT devices that came with flashable chips are now coming with chips that currently cannot be flashed with Open Source firmware. Conversely, the chips are from a company called Tuya out of China. Now, gee, why would a company in China make a chip that hooks to the internet that you can’t flash and control locally?
Non-User Flashable Chips, No Local Control
The WB3S is an example of a Tuya chip that cannot be flashed. To the left of it is an ESP8266 for transplanting.
Fortunately for us they are pin for pin exact with an ESP8266. If you possess the skills you can de-solder the old chip and lay an ESP8266 chip on the board and solder it in. So for now, we can still get around some of the nonsense but just be aware………….it seems there are corporations or governments that DON’T WANT YOU TO HAVE LOCAL CONTROL OF YOUR DEVICES.
Is it really that nefarious? I don’t know. Maybe they just don’t want you bricking your device and sending it back for a refund. Or maybe the company IS gathering intel on you. Gee, China would never do that, would they? Or at the least they can use your computer resources to BitCoin mine. All hacks are not created equal. Maybe they just want to steal your CPU cycles.
Does it really matter why they want in? All this makes me want local control all that much more.
Spot on analysis of the current state of IoT device insecurity in the current global consumer marketplace. Users have no idea that their home networks are easily hackable and that they will not receive any alert messages that their network traffic is flowing outbound to some foreign servers somewhere on the planet.
As the global geopolitical crisis deepens, you can bet that those vulnerabilities will be exploited. Creating air gapped home automation systems is a challenge that most consumers are not prepared for. So, the near future will be an unfolding security nightmare…
Exactly right, Sir!
Very helpful discussion. I see that quite a few IOT devices are “required” to be conected to a private wifi and that subsequent control of such devices (drones, video endoscopes and so ) requires users to connect to the devices’ onboard wifi chip for connection to a phone or other control device. I can see that other connections like BT would not have enough bandwidth for video but is the built-in wifi bridge a specific security issue? I am not a techie, as you can see!