Inspiration
In 2016, the Mirai botnet orchestrated a massive cyberattack by hijacking hundreds of thousands of insecure IoT devices like digital cameras and digital video recorders to overwhelm major internet service providers. This turned everyday household gadgets into an army that was able to take down huge platforms, including Twitter, Netflix, and CNN!
As more and more smart devices enter the household, the amount of IoT devices to hack grows. Most people don't realize that a smart lightbulb or a connected fridge is essentially a tiny computer, with outdated software and no security.
To solve this, we built Esper. Esper is a plug and play security hub that sits between your smart devices and the internet to stop hackers in their tracks.
How we built it
We started by configuring a Raspberry Pi to act just like a Wi-Fi router. We then programmed a custom engine using Python that watches every piece of data that passes through the RPi. To test if our system worked, we used ESP32 microcontrollers to act as our smart home devices. We even added a DDoS that activates at the click of a button.
To keep track of all the data, we connected our system to a database called Supabase. This is where Esper stores the IP addresses, traffic, hostname, packet loss data, and other statistics.
This database is how we detect any malicious activity. We have multiple criteria:
JA3 Fingerprinting
Even when traffic is encrypted, the way a device handshakes with a server is unique. Tshark allows us to extract JA3 hashes. By cross-referencing these with well known malicious JA3 databases, we can identify malware or botnet scripts.
Anomaly Detection
IoT devices are predictable. A smart toaster shouldn't suddenly send 1GB of data to a random IP in another country. After connecting, Esper learns the traffic patterns of the device and builds a database of normal network traffic. If a device exceeds a set bandwidth threshold or talks to a new suspicious IP, the system flags it as suspicious.
Blacklisting
We maintain a real time list of known malicious hostnames and IP addresses. Any attempt to connect to the router is caught instantly.
When a device fails our security criteria, the Python engine drops their access to the router. We do this by injecting a high-priority DROP rule for that specific MAC address via iptables. This immediately prevents the device from both sending / receiving data through the router, placing the device in quarantine before it infects anything else.
Every metric (latency, packet loss, network activity) is connected to Supabase. This allows for a real time dashboard where users can see exactly why a device was blocked, what it was trying to do, and the health of their network.
At the end of the day, Esper is about making smart home security actually work for everyone. Hacking shouldn't be a part of owning a baby camera. With Esper, you can use any smart device without the stress.
Log in or sign up for Devpost to join the conversation.