[chbot] Wifi Controlled Power Sockets / Internet of Things

William Fleete fleetwil at gmail.com
Thu May 21 07:43:58 BST 2015


Connor Wolf did some hacking of a smart outlet, he bypasses the relay so he can just monitor power without some chucklehead potentially turning off his servers

Video https://youtu.be/rjry28Ym7kI
Sent from my iPad

> On 21/05/2015, at 18:12, Nick Rout <nick.rout at gmail.com> wrote:
> 
> On Tue, Apr 21, 2015 at 6:51 PM, Volker Kuhlmann
> <list0570 at paradise.net.nz> wrote:
>> On Tue 21 Apr 2015 18:05:42 NZST +1200, Richard Jones wrote:
>> 
>>> http://www.aliexpress.com/item/EU-AU-UK-US-Smart-plug-WiFi-Smartphone-Remote-control-socket-power/32272099666.html
>> 
>>> I'm still considering the security implications that were raised at last
>>> nights meeting.
>> 
>> The plug you mention above is cloud based:
>> "use your smartphone to turn off appliances when you're out"
>> "Accurate feedback: ... whether you're in LAN or remote network"
>> And the giveaway:
>> "Double protection and more safety", "LonHand Server"
>> 
>> That means someone somewhere always knows exactly what you're doing in
>> your house, whether you're home or not. Assume that this info gets
>> stored permanently. Assume that this someone eventually gets bought out
>> by google or likewise, including your personality profile. Orwell would
>> have a field day.
>> 
>> As I must have said previously, personally I put this kind of thing into
>> the class of "consumer junk" with respect to network security.
>> Irrespective of what big words their marketroids come up with and how
>> many times they mention "password protected", bugs won't get fixed. The
>> key is a feel-good instrument if the lock doesn't need it when you look
>> at it sideways. For wifi I suspect that that unfortunately is a fairly
>> safe assumption. The firmware is complex and made for time to market and
>> low cost.
>> 
>> If you have a good firewall and don't allow these things to connect out
>> a technically advanced neighbour / passersby may turn your light/fridge
>> off. You might not care, assuming the thing still "works", which it
>> might not. It still is a gateway for attacks on your home network
>> though.
> 
> Yes I don't know why every home control software has to 'connect to
> the cloud' to make it work from outside your LAN. What happened to
> running a VPN?
> 
> 
>> Volker
>> 
>> --
>> Volker Kuhlmann
>> http://volker.top.geek.nz/      Please do not CC list postings to me.
>> 
>> _______________________________________________
>> Chchrobotics mailing list Chchrobotics at lists.linuxnut.co.nz
>> http://lists.ourshack.com/mailman/listinfo/chchrobotics
>> Mail Archives: http://lists.ourshack.com/pipermail/chchrobotics/
>> Meetings usually 3rd Monday each month. See http://kiwibots.org for venue, directions and dates.
>> When replying, please edit your Subject line to reflect new subjects.
> 
> _______________________________________________
> Chchrobotics mailing list Chchrobotics at lists.linuxnut.co.nz
> http://lists.ourshack.com/mailman/listinfo/chchrobotics
> Mail Archives: http://lists.ourshack.com/pipermail/chchrobotics/
> Meetings usually 3rd Monday each month. See http://kiwibots.org for venue, directions and dates.
> When replying, please edit your Subject line to reflect new subjects.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/chchrobotics/attachments/20150521/b0cc09e2/attachment.html>


More information about the Chchrobotics mailing list