“Shortly after moving into my new home, I found a key switch (above) near the front of my garage. I tested all the keys I was given and none of them worked. At the time, I had lots of bigger projects to work on, so I left it at that. Eventually, I got around to taking a closer look and I traced the key switch’s wires to the inside button that open and closed my garage. Hmmmm. I quickly cut and striped the wires near the key switch and found that if I touched them together, my garage would open! I did not like this! Anyone with a pair of vise grips, or better yet a dremel, could remove the “security bolts”, unmount the switch from the outside, cut the wires, and touch them to get into my garage. Even if I replaced the key switch with a keypad, or retina scanner for that matter, it would still be vulnerable to the previously outlined attack if it was using those 2 wires. I needed to somehow make the wiring that an attacker could access be independent from the logic to open the garage or not. I had two ideas. The first idea was to use a microcontroller and a keypad. The keypad would simply communicate number key presses to the microcontroller, which would chose to open the garage or not. This way if an attacker gained access to the wires, there would be nothing they could short to open the garage. Well, that’s not technically true, because they could short the correct button wires in the correct order to open the garage, but you get the point. The second idea was to use a microcontroller running a web server that I could connect to using my phone to open the garage. The beauty here is that there are no wires exposed for an attacker, however, there are other things to consider. For example, the security and access of my garage via this channel hinges on the availability and security of the web server on the microcontroller. I ultimately decided to build the later because it’s way cooler to open my garage from my phone and it would be a good exercise at attempting to build and secure an IoT device. I am penetration tester, so making sure the device is secure was very important to me.”
Related Content
Related Posts:
- Digital Vacuum Regulator
- How to Build an Automated DIY Irrigation System With App
- Complete Raspberry Pi / Nova Wireless Home Monitoring and Automation System …
- Raspberry-Pi Home Heating Controller
- IoT-based Home Automation with Google Home & Alexa
- IoT Based Monitoring And Safeguarding of Poultry Chickens
- Smart Houseplant Watering System
- Smart Power Monitor
- Smart Vertical Farming
- IOT Home Automation