More on Local Control of Internet of Things (IoT) Devices

3 Replies

Local Control of IoT Devices

I’m all about tech and gadgets but I’m all about security as well.  Internet of Things is a term coined that relates to smart devices that are connected to the internet.  Local control is a term that means your IoT devices only run on your LOCAL network and are not internet facing. Typically, the state of security is very poor with IoT devices.   There have been some very high profile hacks and intrusions and I’ll highlight just a few of them.  You can dig deeper if you want.

  • A Computer Takeover of a Jeep.  Yep.  It happened.
  • Ring doorbell cameras and microphones hacked.
  • Multitudes of smart devices with open SSH, Telnet, or HTTP ports open.
  • St. Judes hackable cardiac devices.
  • Baby monitor hacks. – This one is semi personal to me.  I am into Ham Radio and RTL-SDR devices.  One day I’m using an RTL-SDR device and listening around 900 MHz.  Lo and behold I can hear my neighbors baby monitor IN THE CLEAR.   Also in a similar vein one day I find Television audio where there shouldn’t be television audio.  Turns out it is the next door neighbors wireless headphones.
  • SimpliSafe – Same thing.  One day I’m setting up a 433 MHz receiver for RF home automation and I begin receiving packets of information from a neighbors SimpliSafe.  Got their Pin Code and password because it was transmitted in the clear.  Hope they fixed that by now.
  • Mirai Bot Net Attack – using hundreds of thousands of hacked IoT devices to perform Denial of Service attacks.
  • Phillips Hue – Terrible security.

IoT Can Be Dangerous

I can go on and on and on.  If you google “IoT exploits” or “IoT hack examples” you can go down the rabbit hole.  I think the biggest take-away here is that all those cool cameras, LED strips, smart light bulbs, smart outlets and smart switches, and security devices can be a giant security issue waiting to happen.   What a dichotomy, huh?  You buy some security devices to make you safe and they in turn CAUSE you to get exploited.

Continue reading

Home Entertainment TV Observations

2 Replies

After setting up a new household, network, and entertainment devices I have observed the following items.  My apologies for not going in depth with device names and photos and statistics……….I’m trying to keep this as simple a read as possible.

We have a smart TV and several smart devices.  Roku, Firestick, Apple TV, and HDHomeRun for Live TV connected to an antenna.

Quick observations:

  • Wireless devices and TV’s are the norm.  You have to pay bigger $$’s to get an ethernet port.  Streaming video and hi res is more likely to glitch over wifi.
  • All have abandoned Optical out for audio.  They seem to think that all devices operate perfectly over HDMI or that no one has an older Audio Visual (AV) system.
  • The HDHomeRun app only provides audio on some TV sets if set to Dolby Audio.

Granted I have older stuff but still.  Anyone with anything more than a few years old might have an AV system or surround sound system that worked on Optical or Digital out.  All these new devices seem to be HDMI only.

I have a Polk Audio sound bar on one TV that was several hundred dollars (came with the house) and isn’t that old.  It DOES NOT connect to HDMI.  So if I want to use a Roku AND THE SOUND BAR …………..it ain’t gonna happen.  In order to use the sound bar I have to hook up a super old (2015 era) Apple TV that I have.  Yeah it works but Apple no longer supports those devices and you just don’t get updated apps, etc. for them.

In other words, there is no backwards compatibility.

You would think that at a Tech Blog the guy writing it would only have the latest and greatest.  Well, let me tell you something about the latest.

Continue reading

Flashing QuietCool-AFG-SMT-PRO-2.0 Attic Fan with Tasmota

6 Replies

Decided to put an attic fan in over the garage and tried to find a “smart” one.  Sure enough Quietcool makes them and even better they have an ESP32 wifi chip in them which can be flashed with Tasmota.

ESP32

This means the fan can be controlled locally with Home Assistant and doesn’t need a separate app to control it.

Also while having an attic fan being smart it doesn’t need to be super smart.  You want them to come on at a certain temp and go off at a certain temp.

The manufacturers app has too much going on in my opinion.  And with these apps you just have no idea what they are up to.

The only person who has any business knowing my attic fan is on or off is ME.  Not QuietCool, not Google, just me.

 

DISCLAIMER:  This is not my work. I was walked through this by user kwikSi1ver on the Digiblur Discord discussion group.  I am only documenting this for posterity and re-creation purposes.  Again, I claim no credit for this.

Flashing with Tasmota is really no issue.  I can do that.  The magic and genius behind this is the reverse engineering.  Telling what relay to do what.  Making sure both relays don’t come on at the same time.  Making sure the power LED comes on.  Making sure all the sensors are recognized and spew out the right information and are DISCOVERABLE.

Yep, anyone can flash Tasmota.  The guys who reverse engineer stuff get all the credit.  But first ya gotta flash it.  But first lets back up the manufactures firmware in case something goes wrong.

Continue reading

Using 2 Smart Lights in a 3 way switch configuration

Leave a reply

We all know what 3 way switches are even if we don’t know what they are called.  It is a light that has 2 switches, like at the top and bottom of the stairs.  What I did here was to wire up two smart switches that are not 3 way switches in a 3 way configuration.

BIG DISCLAIMER

FIRST OF ALL LET ME SAY THIS ISN’T MY DOING.  I HAD TO HAVE MY HAND HELD DURING THE ENTIRE CONFIGURATION OF THE SWITCHES BY THE COMMUNITY AT DIGIBLUR’S DISCORD CHAT ROOM.  THEY ARE THE GENIUSES. I’M MERELY DOCUMENTING THIS PROCESS FOR POSTERITY.

If you have any interest in Home Automation be sure and check out the YouTube Channel of Digiblur and his Discord chat room.  Great resource.   Let’s get to the switches!

Continue reading

Kauf Smart Light Bulb Preflashed with ESPHome

4 Replies

Kauf Smart Bulb

So you go to Walmart or something and see a smart light bulb. You bring said smart light bulb home and stick it in a lamp.  At this point you realize you have to:

  1. Download an app
  2. Create an account

This never goes well.  But you get it working.  And it’s cool.  But the app is probably harvesting your contacts list, wants access to your camera to scan a QR code, etc, etc, etc.

It’s crazy.  And it isn’t good for network security or your personal privacy.  I am NOT saying all smart devices are evil and do bad stuff but I am saying that a light bulb exposed to the entire internet is a bad thing.

I run a hardware firewall.  I can clear the active log and within SECONDS and I mean SECONDS there are all kinds of exploits being blocked by my firewall.   There are bots out there continually trying things over ranges of IP addresses.

Remember all the old movies where the skull and crossbones comes up and you knew you were hacked?  It isn’t like that.  The bad guys don’t want you to know they are using your computer for a bot to carry out their attacks, or trying to harvest your SSN or credit card numbers or bank passwords.

Anyway, that’s enough of that.  This is about the Kauf Smart Light Bulb.  They go for about $15 which is steep for a light bulb but cheap for a SMART light bulb.  Not a bad deal at all.

The best part of this bulb is that it comes pre-flashed with ESPHome.

NOTE: THIS BULB IS VERY SPECIFIC IN THAT YOU NEED HOME ASSISTANT HOME AUTOMATION SOFTWARE TO USE IT. AT LEAST WITH ESPHOME ON IT.  ONCE YOU FLASH IT TO TASMOTA YOU CAN CONTROL IT VIA A WEB BROWSER IF YOU GO TO THE LIGHT BULBS IP ADDRESS.  THIS BULB IS FOR GEEKS ONLY!  DON’T JUST BUY ONE IF YOU DON’T KNOW HOW TO DO THIS STUFF.

If you do know how to do this stuff……….keep reading.

Continue reading

Hey, Hey, You Get Offa “The Cloud”

Leave a reply

Go in any big box store and you’ll find dozens of smart home appliances.  Light bulbs, security cameras, smart outlets, smart switches, LED strip lights, etc.   There is no end to it.

So you buy something.  Then you have to download the app, and create an account and then you wow your friends by demonstrating how smart your home is becoming.   Then you buy another device which means you need another app and another login account.  Then you do it again and again and again.

Pretty soon your phone is full of apps and you can’t remember the passwords to all the new accounts you have.

Is it really convenient?  There are ways to get all those devices under one roof so to speak with home automation software but this blog isn’t about that.   It’s about your security.

All those devices are connected to the INTERNET, aka “The Cloud”.  You don’t know who wrote the app.  You don’t know if the app has gaping security holes or intentional malware.  Also you grant network access to that device.   Also when you fill in the app you provide your network credentials to the app.  Do you use your wifi password with any other account anywhere?  Does the app writer transmit your credentials back to their server?

In 2016 there was an exploit on Internet of Things (IoT) cameras and routers called the Mirai Bot Attack.  The attacker focused a Denial of Service (DDoS) attack using HUNDREDS OF THOUSANDS OF DEVICES.  That kind of implies that in 2016 there sure were a lot of infected Internet of Things devices.  Wonder what that statistic looks like in late 2021.  Better?  Worse?  My educated guess = WORSE.

How can you make it better and more secure?

Get Off The Cloud.

Continue reading

ESP32-CAM. Tiny live stream camera

3 Replies

This is one tiny camera.  Maybe a bit too tiny.

ESP32-CAM

For some perspective, the breakout board next to the ESP32-CAM has a Micro USB charger on the end of it like you would use to charge your phone.

The whole camera board isn’t a lot larger than a quarter.  A bit taller though.

But look at the camera lens itself.  It’s roughly the size of the USB connector on that green board.

You could put this cam anywhere there was a tiny hole.  Look around your room or even worse, YOUR HOTEL ROOM, and think of all the places a tiny camera could be.

Comparatively, look at the screen on your smart phone and look at the camera lens.  On a day to day basis YOU DON’T EVEN NOTICE IT, DO YOU?

Anyway, I’m not trying to creep you out but I am pointing out that it is easy for ANYONE to build a tiny spy camera or security camera.  This thing will live stream as well.  Let’s check it out!

Continue reading

Shelly Flood Sensors

Leave a reply

I have decided to try some Shelly Home Automation products and stumbled across the Shelly Flood Sensor.

Shelly Flood Sensor

Very cool little device and I while I won’t repeat the specs because you can look all that up at the link above I will tell you what I think is good about the device and what I think is bad about it.

Having a water sensor is pretty important in my estimation. While I’ve never had a pipe burst I did work with a guy once who deployed overseas for several months and his ice maker hose ruptured right after he left and leaked for MONTHS!

So I’m going to get several more of these now that I’ve worked through the installation of one of them. I intend to place them by the ice maker hose, the washing machine, under the sinks, in the hot water heater pan, and in the A/C secondary pan.

First I’ll start with what is bad about this thing.  And I’ll pull no punches.

Continue reading

Sonoff iFan04. I’m A Fan

7 Replies

Sonoff iFan04

Introducing the Sonoff iFan04. In MOST cases you WILL NOT need one of these, however, if you have an older home where your ceiling fan and light are wired to a single wall switch and you have to control the fan by pulling on the chain………..then you need one of these.

If you have two switches it is WAY easier to buy smart wall switches.  One for a 3 speed fan and one for a regular switch.

Note, that I didn’t say it was cheaper to buy 2 smart switches.  It is EASIER to install the switches though.

The iFan04’s are about $18 each.  That is a bargain.

One real big limitation of the iFan is that it is, errrrr…….big.  Meaning you have to have space to install it in your fan.  The first fan I tried to install this on in my house………….there was just no way.  The ceiling baseplate cover was just too small with absolutely no room to install it.  I would literally need a whole new ceiling fan before I could make it work.

Continue reading

Shelly. I love you. I hate you. Shelly Switches.

3 Replies

I generally like most tech I review.  I have mixed emotions here but this may be a cluster f*** of my own making.

I dig home automation.  There is nothing better than asking a smart device to turn on a light or a fan or effect lighting or play a song …………and it works.

I’m a long time user of HomeAssistant .  It was kind of hard in the beginning but it is super smart and more intuitive now. Again, you don’t have to go off the deep end.  Turning a light on and off or hooking up to your thermostat can be huge.

I’m a big fan of taking Internet of Things (IoT) devices and flashing them with open source firmware such as Tasmota.  And my house was AWESOME.  But then I moved and I had to start all over.  ESP8266 is kind of slowly being phased out by ESP32 chips and Sonoff devices have some competition now such as Shelly.  I had seen the Shelly 1 a couple years back but opted to stick with Sonoff devices.   Fast forward a couple years and Shelly has really advanced.  They have some cool offerings and I decided to give them a trial run.

So since I’m starting over I grabbed some Shelly devices.  The internet bubbas love them. But I wonder if they have ever deployed them other than in lab conditions for a YouTube video because I had a hell of a time with my first installation.

Continue reading