I’m getting into node-red and I’m loving it.
Another reason to ditch PHP in favour of NojeJS
Got in to it a few years back (not red though) and set up one of our rental properties as a show piece. Was fun and something may go back to at some point. Also very scary on the flip-side when you can gain root through a light-bulb!
We partnered with these guys: http://getvera.com/
One of the reasons I just interface everything through homekit and have my RPi isolated from the internet. To be honest I only trust my home to Apple and their privacy and security standards that come attached to their premium prices. Nothing is 100% safe of course but I think Apple has the edge on these matters.
I heard great things about Vera controllers in the past. Specially with the support of multiple protocols (ZWave. Zigbee, BLE, etc). But I guess this will come to an end with CHIP/Matter and the big players in smarthomes (Apple, Google, Amazon, Samsung...) will be the ones to profit removing smaller competition like Vera.
Although the real winners are end-users of course. Having just one controller and a meshed network created by each smart device sounds great.
At the time (2015/2016 or so) it was an astonishing device and a real eye-opener for us. We had a team of Pen-Testers that worked alongside another company we operated which did onsite security audits (Red team contracts for some quite big names). They brute forced the lock in about twenty minutes and then went on to cause havoc. Was fun but quite concerning.
Also worked with a very quiet ‘organisation’ in Portugal and did a demonstration for them featuring IOT devices and their vulnerabilities (at the time). Suffice to say it was a disturbing moment for them as it was for us. I’m sure the approach we demonstrated was ‘abused’, the offer of quite a substantial amount of money for time with our A-Team, and to commission certain tools, was declined. Was a different life…
In the end we stopped the orders for the locks (we required around x100 of them at the time). The real problem we could see with IOT was bad user practice, those with little to no understanding of what they could, in theory and practice, be letting themselves in for. Am sure things have got a lot better these days though! Still can hit Shodan and run a quick scan and locate many IOT devices to ‘play’ with. Those days are over for me as remaining on top of the security curve was a full time job if I’m honest. Sleep and you’re behind. But there are many people still out there (and wide-awake).
I can see the Vera guys getting bought out, as you say, the BIG players are bang on it.
My wife just said we still have some of these in a box somewhere (new). I’m happy to send them to you if the postage from here to where you are is not too hefty. I’ll see if I can find them and if you want them you are welcome.
That is still the one thing I am reluctant to add. For now I have lights, security cameras, A/C, heating, TV. Now I’m working on getting notifications when the temperature outside is higher or lower than inside to remind us to open/close windows.
Shades and curtains are next.
I am also interested in using on of these and attach it to my garage remote to open it remotely. But an Arduino and a servo could also work.
And the last piece would be a door lock and a peep door camera. We are often out of our home but receive quite a lot of parcel so depending on who is delivering we want to be able to open the door remotely for them to leave the package. We have built some trust over the years with some of the guys that deliver in our zone.
Also we would like to be able to provide a one code use so someone can come and take the dog for a walk if we are not in.
I already told you this in the past. I envy your blue/red team exercises. They had to be incredibly fun.
So true. I guess the big ones are trying to fill the gap there.
I didn’t know about Shodan. Thanks for the link.
Can’t say no to that. If you find time, you can have a look at what you have and obviously you don’t plan to do anything of use with them I am more than grateful to have them here if I can foresee some use to me.
But of course I would pay for postage cheap or expensive.
Have a Vera Edge Home Controller and a Danalock you can have Jon. Same as in the above photo. We did have a few other bits and pieces but must be in storage or in one of the many boxes in our garage so will have another look. The breach of the lock was not simple for the un-initiated. It involved compromising the phone itself so required access to the device and was not a remote exploit. So in that sense I probably made it sound a little too simple above. As far as it goes its pretty damn secure otherwise. Also when you have a window to smash why attack the lock? That side of our business was fun. We got to go to DefCON a couple of years on the trot, and BlackHat too. Met a lot of interesting people who on occasion we sub-contracted based upon the Client’s specific requirements. Sometimes was full access no holds barred so to speak, others a little more restrictive, based upon the facility or establishment employing our services. A few big hits were Yellow Pages, a large data-storage facility and a couple of Telecom companies. Did some work with BAE, Microsoft, BAA (Heathrow and Gatwick airports, RFID door locks and access systems, RFID snooping is very cool), we also breached the toll systems here in Portugal via RFID snooping and traveled up and down the motorways here for FREE (which got us in to quite a bit of trouble, we disclosed the vulnerability to the operator and they ignored it entirely and then tried to have us arrested, which didn’t go well for them I suffice to say). Getting arrested was part and parcel, and a big FAIL hahaha… Anyway I’m beginning to sound like a know-it-all and I really don’t want to. We had an extremely talented team so I was a very small cog in the grand scheme (more a Social Engineering specialist, Troll, Phishing, etc).
Give us a week or two and I’ll sort out sending it on to you Jon.
Shodan is a great tool, as is Metasploit and Kali Linux (can have a lot of fun). Now its a hobby I play around with but back then it was very serious. I’m a Qualified Ethical Hacker so more of a White hat (little Gray around the periphery), my Black hat days were something else all-together. I lived a few minutes from DEC/Hewlett Packard/Compaq and a lot of other tech companies. So was all on my doorstep to explore.
Fun times!
Here ya go:
Provider of the lock:
Node-red does looks nice indeed I like the visual editor was checking it out it for some inspiration
Although it is visual, it still seemed too low level and too detailed to connect everything but I presume this is needed in the IoT world.
Uh oh - there goes a load of money on IOT and time playing with it
Thanks @Dave! I need to spare some time and look if it’s possible to integrate in the HomeKit ecosystem via homebridge and/or node-red
It’s actually very similar to a Server Connect. Nodes are js files that pass data in json form from the previous underlying module to the next one that interprets and run it. And so on.
It started as a IoT thing but it’s grown into a huge workflow automation tool. There a nodes that are very low level and others that can run on top of db drivers to manage them.
It’s still has a clear IoT focus but it could work as a zapier(or n8n) replacement.
Man toys
Don’t let my inclusive vocabulary government hear that I said that.
I love working with MQTT protocol
https://mqtt.org/
For web interface
Incredibly simple
I dream of support MQTT in Wappler
We have been using thinger.io for quite a while on our Dock Lifeguard devices. You can setup node-red on the back end there. As far as what data gets logged and what data doesn’t.
I then use api calls through wappler to pull that data. We are experimenting with showing all of the different docks at a marina and then using google maps and custom map pins to show the status of the devices through a webpage.