Homepage of our wiki for the LNDW demonstrator project

About the Project

Given task

The aim of the project is a demo in the context of "IoT Security", which can be presented at the LNDW (Lange Nacht der Wissentschaften) or on other occasions. There are no limits to your creativity! One possibility would be, for example, a warning system for your own smart home: One (or more) IoT device(s) are put into operation and controlled via the smartphone. Then it is attacked, manipulated, and taken over by an attacker. The smartphone app or an LED traffic light reports this to the legitimate user and offers to initiate a countermeasure. This then leads the system back into a "healthy", green state.

Idea

We use an old software project from Hendrik to build a small smart home demonstrator that monitors windows or doors and informs the user about the status. We then demonstrate various attack scenarios and possible countermeasures.

Demonstrations

• Suspend OTA update web server (with a loophole)
  • Web server is being used and a manipulated binary file is being uploaded
  • Secure Boot of the ESP32 detects this, aborts the update and sends a warning message to the app
• WLAN interference / Jamming
• unsecured MQTT
  • Include unknown esp32 in the network and send incorrect data about window status

Software:

• Smartphone apps for visualization of an attack / control of the smart home components

Used hardware (for single setup)

• 1x Raspberry Pi 3
• 1x power supply for the Pi
• 1x micro-SD-Card (minimum of 8 GB, Class 10)
• 1x case for the Pi
• 1x ESP32
• 1x Micro-USB cable (for flashing the ESP32)
• 1x magnetic switches
• 2x Jumper cable

Used Software

• esp-idf with arduino component
• openHAB as central unit of our smarthome as control and as basis for the cell phone app
• nginx as OTA update server
• MQTT broker (mosquitto)