element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • Community Hub
    Community Hub
    • What's New on element14
    • Feedback and Support
    • Benefits of Membership
    • Personal Blogs
    • Members Area
    • Achievement Levels
  • Learn
    Learn
    • Ask an Expert
    • eBooks
    • element14 presents
    • Learning Center
    • Tech Spotlight
    • STEM Academy
    • Webinars, Training and Events
    • Learning Groups
  • Technologies
    Technologies
    • 3D Printing
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Design Challenges
    • element14 presents Projects
    • Project14
    • Arduino Projects
    • Raspberry Pi Projects
    • Project Groups
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Multicomp Pro
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • About Us
  • Store
    Store
    • Visit Your Store
    • Choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
  • Settings
Upcycle It
  • Challenges & Projects
  • Design Challenges
  • Upcycle It
  • More
  • Cancel
Upcycle It
Blog [Upcycle It] WiFi Connected Smoke Detector #9: WannaCry and IoT security
  • Blog
  • Forum
  • Documents
  • Polls
  • Files
  • Events
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
  • Share
  • More
  • Cancel
Group Actions
  • Group RSS
  • More
  • Cancel
Engagement
  • Author Author: vlasov01
  • Date Created: 22 May 2017 3:05 AM Date Created
  • Views 2079 views
  • Likes 2 likes
  • Comments 12 comments
  • wannacry
  • ransomware
  • cyber security
  • network isolation
Related
Recommended

[Upcycle It] WiFi Connected Smoke Detector #9: WannaCry and IoT security

vlasov01
vlasov01
22 May 2017
<< Previous

Project Index

Next>>

Sonoff POW order arrived

 

This week started pretty good as I received my order of Sonoff POW WiFi Switch with Power Consumption Measurement. It was the last piece I wanted to use in my system to demonstrate that I can improve home safety by acting on an alert from a smoke detector by shutting down connected appliances.

The out of box firmware doesn't provide MQTT connection and creates a lot of Internet network connections as discovered in the following blog post "How to hack free your Sonoff RF without soldering". I've turned down this option.

I've start reading about Sonoff ESP8266 programming options. TASMOTA project seems the most straightforward one for Sonoff devices. This Arduino sketch is an Open Source project. It has a lot of recent activity, documentation, videos and it comes with MQTT support,

I've installed required software and packages. I've updated user_config.h with mt WiFi parameters and other settings. Arduino IDE verify and build failed initially, but after some debugging and files movement the compilation was successful. Unfortunately my USB-to-TTL sopped functioning without any warning signs.I'll try to use my Arduino UNO as USB-to-TTL adapter as described in this 1 minute video.

 

Thoughts after WannaCry

 

WannaCry impacted significant number unpatched Windows PC worldwide.

The number of IoT internet connected devices will be significantly higher then the number of PCs.

 

There is a lot of questions in relation to IoT security. The negative impact of breaches in IoT may be comparable or even bigger then from WannaCry. Recently these IoT devices have been exploited for DDoS attacks.Once these devices become more widespread with a common core they may be exploited much more frequently.

  1. Who is managing patches for IoT devices? Based on my previous blog even Intel is not necessary keeps supplied Intel Edison packages up-to-date.
  2. How long they will be supported? Windows XP been released 16 years ago, but still requires patches.Do you think TASMOTA project will be supported in 5 years? It has only one contributor at this point.
  3. How can I validate chain of trust of libraries, firmware and toolchain used to build it? What kind of secure software development practices were followed in the process of building them? TASMOTA relies on ESP SDK which is partially closed.
  4. What I can do to minimize risks of increasing secure attack vector on my IoT infrastructure in my home, which I'd like to make safer by introducing WiFi Connected Smoke Detector? Does it still make sense?

 

Many questions but one answer

 

I have very little power to control the top three points. But I may be able to control the last one. And the answer came from CBC Radio program Spark. One of the guests recommended to connect to the Internet only what needs to be connected. it can be achieved by applying network isolation, where the network gets split in several zones as described in the following paper.

I start looking if I can introduce this notion of network zones on my Intel Edison IoT gateway. I was thinking about using it as an edge gateway, where on one side it plays a role of Access Point (AP mode) for IoT devices like Sonoff and WiFi smoke detector, And on other side it is a WiFi client (STAtion mode) so it can communicate with Slack and Cronitor. But it is not possible now as Edison radio "Broadcom  module does not support STA/AP concurrently" as described in Intel Edison WiFi Guide.

At this point I can use a separate router (or create a separate net on my router) for IoT devices and Intel Edison gateway, where only the gateway has access my home network and internet. Another option is to add WiFi USB module to Intel Edison, so it will get two network interfaces one for each network.

  • Sign in to reply

Top Comments

  • DAB
    DAB over 8 years ago +3
    Nice update. Security has been my main objection to this rush to IOT. Unless control is in place from the start then there is a huge systemic risk. I currently do not own any IOT enabled devices and I…
  • Workshopshed
    Workshopshed over 8 years ago in reply to mcb1 +2
    It is possible to put an opensource firmware onto a selection of routers. I have thought about that to turn an old one into a bridge
  • vlasov01
    vlasov01 over 8 years ago in reply to mcb1 +1
    My WiFi router allows creation of an isolated guest network. Not sure if I can set rules and ports for this network. If it is possible, then I'll set it for my IoT devices, where only the gateway will…
Parents
  • DAB
    DAB over 8 years ago

    Nice update.

     

    Security has been my main objection to this rush to IOT.

    Unless control is in place from the start then there is a huge systemic risk.

     

    I currently do not own any IOT enabled devices and I have no plans to add any until I am sure that they are under MY control and not someone else's.

     

    DAB

    • Cancel
    • Vote Up +3 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • vlasov01
    vlasov01 over 8 years ago in reply to DAB

    What about central security alarm systems? They are based on IOT devices as well. Where we should draw the line?

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • mcb1
    mcb1 over 8 years ago in reply to vlasov01

    What about central security alarm systems

    Here in NZ we still have these connected to a physical telephone line.

    The phone line comes in via the alarm system and it will disconnect everything when it makes the call out.

     

    However there is a suggestion that VOIP style systems will come in, and this does raise some issues with older security style systems, as well as connection into a network.

     

    Mark

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • DAB
    DAB over 8 years ago in reply to vlasov01

    Hi Sergey,

     

    I come out of an extreme security environment, so from my perspective, you draw the line where you can ensure the integrity of access.

     

    Inside a controlled environment, you can use lower security implementations as long as you regularly check to make sure that they cannot be /have not been, accessed from outside.

     

    The more open the environment and access, the more security you need.

     

    Luckily, most of the IOT sensors are small, so you can physically secure them from tampering.  The goal is to use physical impediments to make it not worth the effort to tamper with them directly.

     

    Embedding internal security scanning can provide a good level of security without adding too much expense and you can make it extremely difficult to access that internal security.

     

    DAB

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • mcb1
    mcb1 over 8 years ago in reply to DAB

    The more open the environment and access, the more security you need

    A lesson shown in this.

    https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
Comment
  • mcb1
    mcb1 over 8 years ago in reply to DAB

    The more open the environment and access, the more security you need

    A lesson shown in this.

    https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
Children
No Data
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2025 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube