LoRa Meshtastic And Encrypted Communications
Lora Meshtastic V3 Board
If Edward Snowden taught us anything it is that almost all of our communications are simply not as private as we thought they were. Heck, a week or so ago it was revealed that AT&T was giving cell phone data to the Department of Justice (DOJ) without warrants. Encryption is cool and I bet if you are reading this you are in the same boat I’m in. I can encrypt stuff but no one else I know has the tech savvy to do it. It’s like owning one shoe. Now a new method of encrypted communications has come along. A marriage between LoRa and Meshtastic firmware.
LoRa stands for “Long Range” and it is a mesh network that uses low power, and wide area networking protocols. LoRa does not require internet, wifi, or cellular and is OFF GRID.
Meshtasic firmware is Open Sourced. That still means something these days.
Tasmota Light Bulb Kauf A21
There are a ton of smart Internet of Things (IoT) devices out there. Most of them are a security nightmare to introduce into your home network. But I’ve found one that ISN’T a security nightmare. The Kauf A21 bulb with ESPHome Firmware is one such device. An ESPHome or Tasmota Light will ONLY communicate within your home network. A Tasmota Light is my personal preference for home automation.
These lights are designed to work with home automation software such as Home Assistant
If you buy a light bulb at Walmart you can control it with an app you put on your phone. And while that seems cool, it really isn’t. That app, and that bulb communicate off of your phone and contact servers outside of your home network.
IoT devices that are app controlled are a security risk. And in your quest to smarten up your home you may have several devices and several apps. Additionally, those apps want you to grant permission to use your camera (presumably to scan a QR code) and they also want location control enabled. Why does my Lifx bulb I bought at Walmart need to know where I and my phone are? Riddle me that, Batman.
Home automation is a thing. People love to say “Alexa, Turn on the Light” and giggle when it does.
But there is an inherent problem with this. Most home automation products you buy come with a proprietary app that you control from your phone or computer. That means your device is DEPENDENT ON THE “CLOUD”!
What do you do when the Cloud goes “Poof”?
About a week ago a brand of Home Automation products sold by Home Depot called “Insteon” went Poof. Gone. Dead. If you own Insteon devices and an Insteon hub your home automation devices simply no longer work.
Oddly enough at Lowe’s in March 2019 the same thing happened. Their offerings called “IRIS” also went poof. At least they gave some warning. Insteon just stopped working. Their website has a mea culpa statement up. “We’re real sorry your stuff stopped working”. Real helpful. Not.
All is not 100% lost though. If you own Insteon stuff it can be incorporated into the Home Automation software called Home Assistant. Home Assistant is a tad bit geeky though. I dare say that most casual Home Automation users probably can’t pull it off.
Local Control of IoT Devices
I’m all about tech and gadgets but I’m all about security as well. Internet of Things is a term coined that relates to smart devices that are connected to the internet. Local control is a term that means your IoT devices only run on your LOCAL network and are not internet facing. Typically, the state of security is very poor with IoT devices. There have been some very high profile hacks and intrusions and I’ll highlight just a few of them. You can dig deeper if you want.
- A Computer Takeover of a Jeep. Yep. It happened.
- Ring doorbell cameras and microphones hacked.
- Multitudes of smart devices with open SSH, Telnet, or HTTP ports open.
- St. Judes hackable cardiac devices.
- Baby monitor hacks. – This one is semi personal to me. I am into Ham Radio and RTL-SDR devices. One day I’m using an RTL-SDR device and listening around 900 MHz. Lo and behold I can hear my neighbors baby monitor IN THE CLEAR. Also in a similar vein one day I find Television audio where there shouldn’t be television audio. Turns out it is the next door neighbors wireless headphones.
- SimpliSafe – Same thing. One day I’m setting up a 433 MHz receiver for RF home automation and I begin receiving packets of information from a neighbors SimpliSafe. Got their Pin Code and password because it was transmitted in the clear. Hope they fixed that by now.
- Mirai Bot Net Attack – using hundreds of thousands of hacked IoT devices to perform Denial of Service attacks.
- Phillips Hue – Terrible security.
IoT Can Be Dangerous
I can go on and on and on. If you google “IoT exploits” or “IoT hack examples” you can go down the rabbit hole. I think the biggest take-away here is that all those cool cameras, LED strips, smart light bulbs, smart outlets and smart switches, and security devices can be a giant security issue waiting to happen. What a dichotomy, huh? You buy some security devices to make you safe and they in turn CAUSE you to get exploited.
Decided to put an attic fan in over the garage and tried to find a “smart” one. Sure enough Quietcool makes them and even better they have an ESP32 wifi chip in them which can be flashed with Tasmota.
This means the fan can be controlled locally with Home Assistant and doesn’t need a separate app to control it.
Also while having an attic fan being smart it doesn’t need to be super smart. You want them to come on at a certain temp and go off at a certain temp.
The manufacturers app has too much going on in my opinion. And with these apps you just have no idea what they are up to.
The only person who has any business knowing my attic fan is on or off is ME. Not QuietCool, not Google, just me.
DISCLAIMER: This is not my work. I was walked through this by user kwikSi1ver on the Digiblur Discord discussion group. I am only documenting this for posterity and re-creation purposes. Again, I claim no credit for this.
Flashing with Tasmota is really no issue. I can do that. The magic and genius behind this is the reverse engineering. Telling what relay to do what. Making sure both relays don’t come on at the same time. Making sure the power LED comes on. Making sure all the sensors are recognized and spew out the right information and are DISCOVERABLE.
Yep, anyone can flash Tasmota. The guys who reverse engineer stuff get all the credit. But first ya gotta flash it. But first lets back up the manufactures firmware in case something goes wrong.
Kauf Smart Bulb
So you go to Walmart or something and see a smart light bulb. You bring said smart light bulb home and stick it in a lamp. At this point you realize you have to:
- Download an app
- Create an account
This never goes well. But you get it working. And it’s cool. But the app is probably harvesting your contacts list, wants access to your camera to scan a QR code, etc, etc, etc.
It’s crazy. And it isn’t good for network security or your personal privacy. I am NOT saying all smart devices are evil and do bad stuff but I am saying that a light bulb exposed to the entire internet is a bad thing.
I run a hardware firewall. I can clear the active log and within SECONDS and I mean SECONDS there are all kinds of exploits being blocked by my firewall. There are bots out there continually trying things over ranges of IP addresses.
Remember all the old movies where the skull and crossbones comes up and you knew you were hacked? It isn’t like that. The bad guys don’t want you to know they are using your computer for a bot to carry out their attacks, or trying to harvest your SSN or credit card numbers or bank passwords.
Anyway, that’s enough of that. This is about the Kauf Smart Light Bulb. They go for about $15 which is steep for a light bulb but cheap for a SMART light bulb. Not a bad deal at all.
The best part of this bulb is that it comes pre-flashed with ESPHome.
NOTE: THIS BULB IS VERY SPECIFIC IN THAT YOU NEED HOME ASSISTANT HOME AUTOMATION SOFTWARE TO USE IT. AT LEAST WITH ESPHOME ON IT. ONCE YOU FLASH IT TO TASMOTA YOU CAN CONTROL IT VIA A WEB BROWSER IF YOU GO TO THE LIGHT BULBS IP ADDRESS. THIS BULB IS FOR GEEKS ONLY! DON’T JUST BUY ONE IF YOU DON’T KNOW HOW TO DO THIS STUFF.
If you do know how to do this stuff……….keep reading.
Go in any big box store and you’ll find dozens of smart home appliances. Light bulbs, security cameras, smart outlets, smart switches, LED strip lights, etc. There is no end to it.
So you buy something. Then you have to download the app, and create an account and then you wow your friends by demonstrating how smart your home is becoming. Then you buy another device which means you need another app and another login account. Then you do it again and again and again.
Pretty soon your phone is full of apps and you can’t remember the passwords to all the new accounts you have.
Is it really convenient? There are ways to get all those devices under one roof so to speak with home automation software but this blog isn’t about that. It’s about your security.
All those devices are connected to the INTERNET, aka “The Cloud”. You don’t know who wrote the app. You don’t know if the app has gaping security holes or intentional malware. Also you grant network access to that device. Also when you fill in the app you provide your network credentials to the app. Do you use your wifi password with any other account anywhere? Does the app writer transmit your credentials back to their server?
In 2016 there was an exploit on Internet of Things (IoT) cameras and routers called the Mirai Bot Attack. The attacker focused a Denial of Service (DDoS) attack using HUNDREDS OF THOUSANDS OF DEVICES. That kind of implies that in 2016 there sure were a lot of infected Internet of Things devices. Wonder what that statistic looks like in late 2021. Better? Worse? My educated guess = WORSE.
How can you make it better and more secure?
Get Off The Cloud.
This is one tiny camera. Maybe a bit too tiny.
For some perspective, the breakout board next to the ESP32-CAM has a Micro USB charger on the end of it like you would use to charge your phone.
The whole camera board isn’t a lot larger than a quarter. A bit taller though.
But look at the camera lens itself. It’s roughly the size of the USB connector on that green board.
You could put this cam anywhere there was a tiny hole. Look around your room or even worse, YOUR HOTEL ROOM, and think of all the places a tiny camera could be.
Comparatively, look at the screen on your smart phone and look at the camera lens. On a day to day basis YOU DON’T EVEN NOTICE IT, DO YOU?
Anyway, I’m not trying to creep you out but I am pointing out that it is easy for ANYONE to build a tiny spy camera or security camera. This thing will live stream as well. Let’s check it out!
I have decided to try some Shelly Home Automation products and stumbled across the Shelly Flood Sensor.
Shelly Flood Sensor
Very cool little device and I while I won’t repeat the specs because you can look all that up at the link above I will tell you what I think is good about the device and what I think is bad about it.
Having a water sensor is pretty important in my estimation. While I’ve never had a pipe burst I did work with a guy once who deployed overseas for several months and his ice maker hose ruptured right after he left and leaked for MONTHS!
So I’m going to get several more of these now that I’ve worked through the installation of one of them. I intend to place them by the ice maker hose, the washing machine, under the sinks, in the hot water heater pan, and in the A/C secondary pan.
First I’ll start with what is bad about this thing. And I’ll pull no punches.
Introducing the Sonoff iFan04. In MOST cases you WILL NOT need one of these, however, if you have an older home where your ceiling fan and light are wired to a single wall switch and you have to control the fan by pulling on the chain………..then you need one of these.
If you have two switches it is WAY easier to buy smart wall switches. One for a 3 speed fan and one for a regular switch.
Note, that I didn’t say it was cheaper to buy 2 smart switches. It is EASIER to install the switches though.
The iFan04’s are about $18 each. That is a bargain.
One real big limitation of the iFan is that it is, errrrr…….big. Meaning you have to have space to install it in your fan. The first fan I tried to install this on in my house………….there was just no way. The ceiling baseplate cover was just too small with absolutely no room to install it. I would literally need a whole new ceiling fan before I could make it work.