Foscam Security Camera Shenanigans

A few weeks back, krebonsecurity.com published a great post called This is Why People Fear the ‘Internet of Things’. The article describes a pretty disturbing practice in Foscam’s newer cameras with “P2P support”. Auspiciously this feature is to allow non-technical users to access their cameras remotely without having to do any firewall configuration, which is all well and good. But, it seems, if you ARE a technical user and opt to turn this feature off… it doesn’t actually turn off!

I’m not saying this is necessarily a possible security breach. But the fact that you have to trust a Chinese company (who, apparently, has never thought to hire a single fluent English-speaker to produce its documentation and provide support) to secure their P2P network in a feature you can’t turn off is disturbing. Apparently Foscam has provided a firmware update to at least one user, although I haven’t been able to actually locate it online. So, if this really disturbs you, it looks like you can open a support ticket with them to get the firmware.

To find out if you’re actually affected by this issue, krebonsecurity.com helpfully links to this Lifehacker post to monitor your own network. I’ve used WireShark on my own network to check out traffic from my cameras, confirming that my (non-P2P cameras) are not making these extraneous out-of-network calls. The trick was to use a filter like this to only monitor traffic from my various cameras:

 ip.src == 192.168.0.55 || ip.dst == 192.168.0.55 || ip.src==192.168.0.56 || ip.dst == 192.168.0.56 || ip.src==192.168.0.57 || ip.dst == 192.168.0.57 || ip.src==192.168.0.58 || ip.dst == 192.168.0.58

As you can see, the only network traffic from the cameras is to my PC (which is the video data flow to my Blue Iris installation):
wireshark-foscam

While it’s a bit of a shady practice to have a “turn off” option in their UI that doesn’t work, I still wouldn’t recommend avoiding Foscam altogether; they’re still pretty great cameras for the money, and it’s most likely not done for nefarious purposes. That said, I have started looking for other possible solutions, and recently purchased this micro-camera for Raspberry Pi to try out creating my own security camera solution. I’ll do another post when/if that effort works out! Read more ›

Posted by Matt Chiste
March 6
Tagged with: , , ,
Posted in Security

Be aware of home security implications with Amazon Echo

First, let me say I love my Amazon Echo, and have totally embraced my Connected Home with the ISY-994i! This isn’t a post about some random security hole with integrating it into your home automation system, but a word of caution to consider if you do so. Even if you don’t have a connected smart-home, there are very real security and financial implications you should consider when placing the Echo in your home, especially given its growing power and capability.

When you set up Connected Home devices, you get a warning/disclaimer from Amazon:

When you connect devices and services to Alexa, anyone speaking to Alexa can operate those products. This includes products such as garage doors, locks, and appliances.

That got me to thinking: while the ISY integration doesn’t (currently) allow you to ask “Alexa, unlock the front door”, it does allow you to run programs like this one:
door-unlock

What that means is that you can map a device called “Open Door” to the program, allowing you to unlock the door with “Alexa, turn on Open Door” and lock it with “Alexa, turn off Open Door”. Neat, huh?

The problem is that Alexa is a bit “too good” at what it does – always listening REALLY WELL for commands. Even… Through… Closed… Doors. And therein lies the problem: depending on the position of the Echo in your home, someone could just walk up from the outside and ask the door to unlock through a door or window!

Read more ›

Posted by Matt Chiste
March 2
Tagged with: , , , ,
Posted in Insteon, ISY-994i, Security

Power in-wall speakers with an HDMI audio extractor and cheap amplifier

Remember those in-wall speakers we mounted a while back? Well, now we’re going to need to power those things, and all we have for the source audio is the HDMI output coming from our HDMI matrix. So, we need two pieces: first, we’ll need to extract, or “de-embed”, the audio with this HDMI audio de-embedder – it allows you to pass through an HDMI signal and extract the audio signal via a stereo out cable (this particular model will also extract 5.1 channel surround-sound audio via an optical cable as well):
hdmi-audio-extractor
Read more ›

Posted by Matt Chiste
February 27
Tagged with: , ,
Posted in Media

Unconventional Insteon automation – a smarter litter box

Last year (on April 1, actually), I wrote a tongue-in-cheek article about automating your toilet. I got a lot of interesting and funny feedback on the post, but most interesting was an actual, practical application for the post.

Reader Steve Pattison wrote me and said:

Hey Matt – Just wanted to say thanks for the code idea. I had spent some time last week working on the same but not for a toilet seat but my automatic cat litter box (Litter-Robot). There are times when the litter box goes into its cleaning mode and gets stuck. At that point the cats can no longer use the litterbox until I notice the problem. Your code was much cleaner and simpler than what I created so I switched to yours. Now, if the litterbox does not return to its home position after 3 minutes, I get a text message. …. I did see the humor in the toilet seat but you never know how far someone will take an idea.

So by using an Insteon open/close sensor and the code from that post, Steve was able to solve a specific problem with an “unconventional” home device like an automated litter box.
litter-box
Read more ›

Posted by Matt Chiste
February 23
Tagged with: , , ,
Posted in Insteon

A better HDMI matrix for whole-house video distribution

A few months back, I wrote about my whole-house media distribution system based on an HDMI matrix in my basement. The problem I found with that matrix is that the HDMI output signal went through an additional conversion process to transmit the HDMI over ethernet cables, and I couldn’t get IR signals back and forth from the source.

I ended up upgrading to this Hdmi 4×8 Matrix/extender set, and have been very happy with it for the past few months.
hdmi-splitter
Read more ›

Posted by Matt Chiste
February 19
Tagged with: , ,
Posted in Media

Fun facts about insulation

There are three different types of heat transfer: conduction, convection, and radiation. When discussing insulation in my posts about installing a wall safe or installing in-wall speakers, I thought back to Mr. Roman in my high school physics class and how insulation actually works. To over-generalize, all materials – wood, air, metal – have conductive and convective heat properties. Conductive heat transfer is the spread of heat through a material, like when air outside your home heats the walls and that heat slowly moves through them (radiant heat is when the sun heats those walls). Convective heat transfer occurs when heat is transferred through movement – think of the phrase “hot air rises” and you’ll understand convection.

Air has very low conductive heat transfer (heat doesn’t move quickly through it), so it makes for a really good insulator. BUT, it also has very high convective heat transfer (air starts moving as it’s warmed up), which is why it’s not ideal for insulation. The solution? Whether you’re using blown-in insulation or the pink stuff, you’re actually using AIR to insulate your home; that insulation traps tiny pockets of air to prevent it from moving around; the insulation maximizes the resistance to conductive heat transfer in the air, and traps the air in place to minimize any convective transfer of heat.

attic-insulation-blown

And that, my friends, is why you don’t want to compact blown in insulation by walking on it, or squish the pink stuff inside walls – you want to leave as much space as possible to allow the air inside the insulation to do its work! Read more ›

Posted by Matt Chiste
February 15
Tagged with: ,
Posted in Green Energy

Installing in-wall speakers

We’ve already covered installing ceiling speakers in these pages, so I won’t go into great detail on the process of physically installing in-wall speakers – it’s a virtually identical process to installing them in the ceiling. However, if you’re installing on an interior wall, you may have a different set of challenges, such as wiring across studs (where you have to remove a lot of drywall to get the speaker wire through).
speakers-front-wall
Read more ›

Posted by Matt Chiste
February 11
Tagged with: , , , ,
Posted in Media
 Subscribe to HomeAutomationGuru.com
    Add to Google Reader or Homepage

Enter your email address to subscribe: