Home automation is a thing.  People love to say “Alexa, Turn on the Light” and giggle when it does.

But there is an inherent problem with this.  Most home automation products you buy come with a proprietary app that you control from your phone or computer.  That means your device is DEPENDENT ON THE “CLOUD”!

What do you do when the Cloud goes “Poof”?

About a week ago a brand of Home Automation products sold by Home Depot called “Insteon” went Poof.  Gone.  Dead.  If you own Insteon devices and an Insteon hub your home automation devices simply no longer work.

Oddly enough at Lowe’s in March 2019 the same thing happened.  Their offerings called “IRIS” also went poof.  At least they gave some warning.  Insteon just stopped working.  Their website has a mea culpa statement up.  “We’re real sorry your stuff stopped working”. Real helpful. Not.

All is not 100% lost though.  If you own Insteon stuff it can be incorporated into the Home Automation software called Home Assistant.  Home Assistant is a tad bit geeky though.  I dare say that most casual Home Automation users probably can’t pull it off.
Continue reading →

Local Control of IoT Devices

I’m all about tech and gadgets but I’m all about security as well.  Internet of Things is a term coined that relates to smart devices that are connected to the internet.  Local control is a term that means your IoT devices only run on your LOCAL network and are not internet facing. Typically, the state of security is very poor with IoT devices.   There have been some very high profile hacks and intrusions and I’ll highlight just a few of them.  You can dig deeper if you want.

• A Computer Takeover of a Jeep.  Yep.  It happened.
• Ring doorbell cameras and microphones hacked.
• Multitudes of smart devices with open SSH, Telnet, or HTTP ports open.
• St. Judes hackable cardiac devices.
• Baby monitor hacks. – This one is semi personal to me.  I am into Ham Radio and RTL-SDR devices.  One day I’m using an RTL-SDR device and listening around 900 MHz.  Lo and behold I can hear my neighbors baby monitor IN THE CLEAR.   Also in a similar vein one day I find Television audio where there shouldn’t be television audio.  Turns out it is the next door neighbors wireless headphones.
• SimpliSafe – Same thing.  One day I’m setting up a 433 MHz receiver for RF home automation and I begin receiving packets of information from a neighbors SimpliSafe.  Got their Pin Code and password because it was transmitted in the clear.  Hope they fixed that by now.
• Mirai Bot Net Attack – using hundreds of thousands of hacked IoT devices to perform Denial of Service attacks.
• Phillips Hue – Terrible security.

IoT Can Be Dangerous

I can go on and on and on.  If you google “IoT exploits” or “IoT hack examples” you can go down the rabbit hole.  I think the biggest take-away here is that all those cool cameras, LED strips, smart light bulbs, smart outlets and smart switches, and security devices can be a giant security issue waiting to happen.   What a dichotomy, huh?  You buy some security devices to make you safe and they in turn CAUSE you to get exploited.

Continue reading →

Decided to put an attic fan in over the garage and tried to find a “smart” one.  Sure enough Quietcool makes them and even better they have an ESP32 wifi chip in them which can be flashed with Tasmota.

ESP32

This means the fan can be controlled locally with Home Assistant and doesn’t need a separate app to control it.

Also while having an attic fan being smart it doesn’t need to be super smart.  You want them to come on at a certain temp and go off at a certain temp.

The manufacturers app has too much going on in my opinion.  And with these apps you just have no idea what they are up to.

The only person who has any business knowing my attic fan is on or off is ME.  Not QuietCool, not Google, just me.

DISCLAIMER:  This is not my work. I was walked through this by user kwikSi1ver on the Digiblur Discord discussion group.  I am only documenting this for posterity and re-creation purposes.  Again, I claim no credit for this.

Flashing with Tasmota is really no issue.  I can do that.  The magic and genius behind this is the reverse engineering.  Telling what relay to do what.  Making sure both relays don’t come on at the same time.  Making sure the power LED comes on.  Making sure all the sensors are recognized and spew out the right information and are DISCOVERABLE.

Yep, anyone can flash Tasmota.  The guys who reverse engineer stuff get all the credit.  But first ya gotta flash it.  But first lets back up the manufactures firmware in case something goes wrong.

Continue reading →

Kauf Smart Bulb

So you go to Walmart or something and see a smart light bulb. You bring said smart light bulb home and stick it in a lamp.  At this point you realize you have to:

1. Download an app
2. Create an account

This never goes well.  But you get it working.  And it’s cool.  But the app is probably harvesting your contacts list, wants access to your camera to scan a QR code, etc, etc, etc.

It’s crazy.  And it isn’t good for network security or your personal privacy.  I am NOT saying all smart devices are evil and do bad stuff but I am saying that a light bulb exposed to the entire internet is a bad thing.

I run a hardware firewall.  I can clear the active log and within SECONDS and I mean SECONDS there are all kinds of exploits being blocked by my firewall.   There are bots out there continually trying things over ranges of IP addresses.

Remember all the old movies where the skull and crossbones comes up and you knew you were hacked?  It isn’t like that.  The bad guys don’t want you to know they are using your computer for a bot to carry out their attacks, or trying to harvest your SSN or credit card numbers or bank passwords.

Anyway, that’s enough of that.  This is about the Kauf Smart Light Bulb.  They go for about $15 which is steep for a light bulb but cheap for a SMART light bulb.  Not a bad deal at all.

The best part of this bulb is that it comes pre-flashed with ESPHome.

NOTE: THIS BULB IS VERY SPECIFIC IN THAT YOU NEED HOME ASSISTANT HOME AUTOMATION SOFTWARE TO USE IT. AT LEAST WITH ESPHOME ON IT.  ONCE YOU FLASH IT TO TASMOTA YOU CAN CONTROL IT VIA A WEB BROWSER IF YOU GO TO THE LIGHT BULBS IP ADDRESS.  THIS BULB IS FOR GEEKS ONLY!  DON’T JUST BUY ONE IF YOU DON’T KNOW HOW TO DO THIS STUFF.

If you do know how to do this stuff……….keep reading.

Continue reading →

Go in any big box store and you’ll find dozens of smart home appliances.  Light bulbs, security cameras, smart outlets, smart switches, LED strip lights, etc.   There is no end to it.

So you buy something.  Then you have to download the app, and create an account and then you wow your friends by demonstrating how smart your home is becoming.   Then you buy another device which means you need another app and another login account.  Then you do it again and again and again.

Pretty soon your phone is full of apps and you can’t remember the passwords to all the new accounts you have.

Is it really convenient?  There are ways to get all those devices under one roof so to speak with home automation software but this blog isn’t about that.   It’s about your security.

All those devices are connected to the INTERNET, aka “The Cloud”.  You don’t know who wrote the app.  You don’t know if the app has gaping security holes or intentional malware.  Also you grant network access to that device.   Also when you fill in the app you provide your network credentials to the app.  Do you use your wifi password with any other account anywhere?  Does the app writer transmit your credentials back to their server?

In 2016 there was an exploit on Internet of Things (IoT) cameras and routers called the Mirai Bot Attack.  The attacker focused a Denial of Service (DDoS) attack using HUNDREDS OF THOUSANDS OF DEVICES.  That kind of implies that in 2016 there sure were a lot of infected Internet of Things devices.  Wonder what that statistic looks like in late 2021.  Better?  Worse?  My educated guess = WORSE.

How can you make it better and more secure?

Get Off The Cloud.

Continue reading →

This is one tiny camera.  Maybe a bit too tiny.

ESP32-CAM

For some perspective, the breakout board next to the ESP32-CAM has a Micro USB charger on the end of it like you would use to charge your phone.

The whole camera board isn’t a lot larger than a quarter.  A bit taller though.

But look at the camera lens itself.  It’s roughly the size of the USB connector on that green board.

You could put this cam anywhere there was a tiny hole.  Look around your room or even worse, YOUR HOTEL ROOM, and think of all the places a tiny camera could be.

Comparatively, look at the screen on your smart phone and look at the camera lens.  On a day to day basis YOU DON’T EVEN NOTICE IT, DO YOU?

Anyway, I’m not trying to creep you out but I am pointing out that it is easy for ANYONE to build a tiny spy camera or security camera.  This thing will live stream as well.  Let’s check it out!

Continue reading →

I have decided to try some Shelly Home Automation products and stumbled across the Shelly Flood Sensor.

Shelly Flood Sensor

Very cool little device and I while I won’t repeat the specs because you can look all that up at the link above I will tell you what I think is good about the device and what I think is bad about it.

Having a water sensor is pretty important in my estimation. While I’ve never had a pipe burst I did work with a guy once who deployed overseas for several months and his ice maker hose ruptured right after he left and leaked for MONTHS!

So I’m going to get several more of these now that I’ve worked through the installation of one of them. I intend to place them by the ice maker hose, the washing machine, under the sinks, in the hot water heater pan, and in the A/C secondary pan.

First I’ll start with what is bad about this thing.  And I’ll pull no punches.

Continue reading →

Sonoff iFan04

Introducing the Sonoff iFan04. In MOST cases you WILL NOT need one of these, however, if you have an older home where your ceiling fan and light are wired to a single wall switch and you have to control the fan by pulling on the chain………..then you need one of these.

If you have two switches it is WAY easier to buy smart wall switches.  One for a 3 speed fan and one for a regular switch.

Note, that I didn’t say it was cheaper to buy 2 smart switches.  It is EASIER to install the switches though.

The iFan04’s are about $18 each.  That is a bargain.

One real big limitation of the iFan is that it is, errrrr…….big.  Meaning you have to have space to install it in your fan.  The first fan I tried to install this on in my house………….there was just no way.  The ceiling baseplate cover was just too small with absolutely no room to install it.  I would literally need a whole new ceiling fan before I could make it work.

Continue reading →