Possibilities with DIY IoT Projects and Products

[ISamson]

Hello.
While planning to purchase an Arduino MKR1000 or ESP8266 I decided to analyse the possibilities with IoT projects. How far is it possible to go with DIY IoT projects? I have read a number of things on unboxing an MKR1000, setting it up, but it is hard to estimate the possibilities of Internet projects just by searching already made projects.
Does anyone know some interesting project possibilities, downsides of IoT projects, or something else worth knowing for a beginner?
Having had a look in the Arduino projects hub (or something), hackster.io, and Google, I found some interesting projects, like rubberducky attack over wifi, and wondered about the possibilities with IoT projects.
Does anybody own an MKR 1000 or ESP8266? I would value it if anybody would kindly share their experience with me.
This thread leads off from my previous one: https://www.physicsforums.com/threads/arduino-esp8266-or-mkr1000.929242/
Thank you.

 

[anorlunda]

downsides of IoT projects

• Privacy
• Hacking vulnerability
• Power loss vulnerabilithy
• KISS
• Resale value of your house

 

[ISamson]

Privacy

Why? It's a simple IoT project... Like my PC or the device (Arduino?)?

Hacking vulnerability

Why/how?

Power loss vulnerabilithy

Don't I have unlimited in my computer and plug?

KISS

What is this?

Resale value of your house

?

Thanks, anorlunda.

 

[TeethWhitener]

I think anorlunda is equating IoT with the "smart home" idea. It doesn't have to be--or at the very least, you could design a system where each automated device falls back into a manual mode when the power goes out. Other possibilities could include wearables (FitBit, etc.).

KISS means "keep it simple, stupid."

Edit: one idea that's gaining traction on a more commercial scale is environmental monitoring (air/water quality remote monitoring). This might be something you could play with as a hobby project.

 

[anorlunda]

Why? It's a simple IoT project... Like my PC or the device (Arduino?)?

You need to catch up a bit on what's been happening.
https://www.trendmicro.com/us/iot-security/
https://www.toptal.com/it/are-we-creating-an-insecure-internet-of-things
https://techcrunch.com/2015/10/24/why-iot-security-is-so-critical/
https://www.schneier.com/blog/archives/2017/02/security_and_th.htmlEven such simple IOT things as light bulbs and teddy bears have been hacked or are equipped to spy on your house.

 

[ISamson]

You need to catch up a bit on what's been happening.
https://www.trendmicro.com/us/iot-security/
https://www.toptal.com/it/are-we-creating-an-insecure-internet-of-things
https://techcrunch.com/2015/10/24/why-iot-security-is-so-critical/
https://www.schneier.com/blog/archives/2017/02/security_and_th.html
https://www.schneier.com/blog/archives/2017/02/security_and_th.html

Even such simple IOT things as light bulbs and teddy bears have been hacked or are equipped to spy on your house.

Yes. Internet hacking is a very dangerous thing.
But who would target especially me? There are millions of amateur gadgets out there, ParPis, ESPs, MKRs, and other boards that people possess. Why target my one?

You posted some interesting info...

 

[anorlunda]

But who would target especially me? There are millions of amateur gadgets out there, ParPis, ESPs, MKRs, and other boards that people possess. Why target my one?

You don't have to be specifically targeted to become a victim. One of the biggest risks is botnets. Botnets are spread by malware. Most often the infected PC or IOT owners never become aware their devices are used like that. But if somebody uses your IOT device to help spread or store child porn, you could be in deep trouble.

A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection. The owner can control the botnet using command and control (C&C) software.

Another simple strategy to get to a target is to release malware to wherever possible. The malware phones home. The calls home from any PC not a target are ignored. That's much simpler than trying to specifically place the malware on just the target computer. Besides, the identities of the other infected machines can be sold to other bad guys with different intentions in mind.

It is a wild world we live in. Basically, even the tiniest internet connected device needs the same cybersecurity as the most secret military computers. It's hard enough to do for your PC. Having IOT devices around makes it much more difficult to be responsible.

I thought the most fun story was about those teddy bears. The West German government ordered the parents to destroy them.

I'm not a security expert, but if your device has all programs in ROM and no communication ports, it sounds to me that it can not be hacked from a remote location.

 

[NTL2009]

Just catching up on this as it was moved to the new DIY forum.

I have a couple projects underway, using and ESP8266 and MicroPython language, just recently learned ESP8266 is supported by the Arduino IDE, and have worked with that as well (for MIDI music applications, not really IoT).

Not sure these count as "IoT" either, because I only have them on my local WiFi network. I have one connected to the pump for my well. It saves the start/stop times of the pump. I once had an underground leak, and the pump ran non-stop for who knows how long, until the leak was bad enough to cause a pressure drop that I noticed. Once an hour, the ESP8266 connects to a script running on my computer and it uploads the file if it can connect. The computer script checks for long or short run times, and sends me an email alert if limits are exceeded, and a daily summary just to let me know it is still running.

I plan to connect more of these for the fridge/freezer in the basement, and my sump pump. Maybe status of doors open/closed?

 

[anorlunda]

They sound like fun projects.

I too am unsure if they count as IOT. Does the device get an IP address?

 

[NTL2009]

They sound like fun projects.

I too am unsure if they count as IOT. Does the device get an IP address?

Yes, they get an IP address for their WiFi port (with its MAC), so my router can see them, and a 'socket' is established between them and my computer so I can transfer the file (a line at a time).

I haven't set up anything so that I can 'see' them outside my local network, so that's why I question if an "IoT" moniker applies. But I don't know all that much about the Internet or how security works, so I don't really know if a bad guy could see these. But their running a Micropython script from NVM, no real "OS" beyond that MicroPython capability and a few included libraries. It can't email directly, it's not supported by Micropython on that device (that's one reason I have my computer handle that part). So it would seem a pretty tough and useless target for bad guys. But I really don't know much about how they do that stuff, other than in a very general sense of taking over a machine to spit out spam email, or maybe host a web page with ads/spam/malware.

I also plan to hook one up to my water heater. It has a powered damper/flapper on the exhaust to reduce losses when it's off, so it should be easy to sense the state of that. A water heater problem is rare though, and this has an electronic control to light a pilot to light the gas, and will retry three times, so the chance of a pilot just blown out is low, though I guess there could be some other fault. It would be more for just the interest in seeing how often it runs at night (if at all). Hmmm, now I realize I could also sense the fault LED, so it could have my computer email and text me if the fault light was on, that way I'd have an immediate awareness of a fault, and maybe correct it before I run out of hot water.

 

[anorlunda]

I too don't know how the hackers do it. The problem with IOT is that neither the manufacturers, nor the homeowners (you) are the victims. Last year, they turned baby monitors and webcams into bots to launch DOS attacks on banks. The banks were the victims, so nobody else has is motivated to close the vulnerabilities.

A project I would like to do myself could be called a baseliner. It would be more fun to do it in a car than a house. It would simply log all possible measurements, and alert me to sudden changes or ramping trends. In a car for example, a sudden change in mpg signals something wrong. The cool thing is that the logging device has no need to know what is being measured, and various filters could be applied for expected daily/seasonal variations etc.

More cool, and more sophisticated, just measure the total power consumption in your house and log it every second. Then you could learn to recognize things like water heater cycles, washer/dryer/fridge cycles, garage door open/close, and when people leave for work and come home. You could baseline it to watch for trends or changes, to optimize energy use, or simply have fun figuring out how the power company can spy on your privacy using nothing more than the smart meter data.

 

[NTL2009]

...
A project I would like to do myself could be called a baseliner. It would be more fun to do it in a car than a house. It would simply log all possible measurements, and alert me to sudden changes or ramping trends. In a car for example, a sudden change in mpg signals something wrong. The cool thing is that the logging device has no need to know what is being measured, and various filters could be applied for expected daily/seasonal variations etc. ...

I actually had a great deal of success with something like this at my work. (for the tl/dr version - picking your baseline is key!) We would have maybe a dozen production test/tuning systems running in parallel to handle the volume. We logged all the data for test results, and the electronic tuning settings ( for example, there might be 3 bits, values 0-7, dedicated to setting modulation levels). We had some PhD statisticians from corporate try to do some process monitoring, and while they were all very bright and hard working and had lots of resources available, they failed, I think because they just didn't grasp the 'system'.

They kept trying to apply traditional statistical analysis to detect sudden shifts in this data, and alarm on it. But we tune the product so that it can handle variations in the supplied components. So a sudden shift in the mod setting from maybe a range of 5-6-7 to 2-3-4 is an alarm to that system, but we (and the product designers) know that might have just meant we got a batch of components from a different supplier, or a different batch from the same supplier. Ideally, you want them all the same, but that costs $. And the tuning algorithm is designed to accommodate that wider range, so it's just doing what it was designed to do. Now, if you start seeing a lot of 0's and 7's, yes, that can indicate you are running out of range, and might start seeing failures - but not necessarily, there may still be enough tuning range to accommodate the variation.

So anyhow, I took a different approach (with a narrower goal). I used a running average from that group of a dozen test benches for my 'baseline'. If one bench was running significantly different from the others, it was a warning that that bench might be out-of-calibration, or having some other sort of noise, or contact problem. So it didn't tell us so much about the product, but it was super-effective at alerting us to any test bench that was drifting from the others. It was just me and a summer intern working on it part-time, and we got it all going during her summer with us.

It was pretty funny, because our maintenance techs were skeptical, and the gruffest one in the bunch was complaining about having to sign off on this report at the start, middle, and end of the shift . A few days later, he came to me and said he was "getting a stupid alarm from that report, and he knew it was stupid, because they hadn't had any failures for that parameter on that bench all shift, and he didn't understand why he should have to 'fix' a bench that wasn't failing any product". But he said he checked it anyway, and the connector that is critical to that specific measurement was loose, ready to fall off. He fixed it before we saw any failures, saw the report come right back in line, and was a believer after that!

RE: "various filters could be applied for expected daily/seasonal variations etc." ... Yes, I forget the details now, but I had an array or two for each parameter with some sort of 'ignore if' factors. I didn't want it to be too sensitive and create false alarms that would lead to the techs ignoring the alarms.

... More cool, and more sophisticated, just measure the total power consumption in your house and log it every second. Then you could learn to recognize things like water heater cycles, washer/dryer/fridge cycles, garage door open/close, and when people leave for work and come home. You could baseline it to watch for trends or changes, to optimize energy use, or simply have fun figuring out how the power company can spy on your privacy using nothing more than the smart meter data.

I've got a smart meter now, and for some odd reason, I rarely check it. I should take another look. Again, since the data is normally what I expect, there's no reason to look. But then I will miss an anomaly. I guess I could try 'scrubbing' their website and doing my own alarms?

 

[anorlunda]

I actually had a great deal of success with something like this at my work.

It sounds like paradise for those of us who enjoy data analysis. Yanking useful information from seemingly useless noise as your example illustrates.

Big corporations spend millions on big data, but even DIY ers can do it on the data from their own houses and vehicles using modest resources like Arundino or Rasberry Pi.

 

[NTL2009]

Funny thing is, I just realized what the statisticians could/should have done with those tuned parameters (15 years too late! :) ) :

Only look at the parametric data if the digital tuning data is at the high or low bit of its range ( 0 or 7 in the case above, ignore anything that was tuned using 1-6). And then only look at the parametric data that is near the failure limit that that tuning bit could tune to. So alarm if a "0" was still getting too many near the upper limit, or a "7" was still getting too many near the lower limit (assuming positive response here).

Some of these were pretty course tuning, so a "3" (and by default, we started in the middle until/if we had data that told us another starting point was better - we did automatically gather this and use it for some routines) might get you near the upper limit - and for speed purposes, we typically stopped tuning as soon as we got a pass value, so even if a "2" got you closer to mid-point of the spec, a pass is a pass. We might go for a closer tune if other parameters were affected by that one, making 'closer better'. But that shows that a measurement near a limit isn't a problem, as long as we have some tuning range left. So ignore those 'close calls'.