Since each member of our team had different skills, we decided to create a project that could satisfy all of our interests, as well as including a bit of humor.

What it does

Recently, there have been a large number of internet connected "IoT" devices sold as methods of home automation (for example, a wifi-connected doorbell, or light switch) that have been produced without much worry about security. With IoToaster, we made a device both vulnerable and capable of defending itself, and other IoT devices in order to promote awareness about the security risks these devices pose.

This toaster is packed with conventional IoT technology (built on the Google Home API), as well as custom additions, such as the ability to send deauthentication management frames to wireless networks and devices, as well as detect when deauthentication management frames are being broadcasted. Along side the wireless tech, there is a microcontroller, seen only by the male USB-A cable snaking out of the frame. If plugged into a host machine, the toaster will emulate a keyboard, and begin typing keystrokes into the host machine. (HID attack). A wireless camera mounted on the front of the frame allows for simple remote monitoring, from a local webserver, or anywhere in the world, with an accompanying domain. In order to bring the security power of the IoToaster even higher, a single board computer equipped with dual monitor mode capable antennas is found in one of the former toast slots. Preinstalled on this computer is a comprehensive suite of digital tools, providing features from IDS (intrusion detection systems) to SQL database takeover tools. Overall, this toaster provides the conventional comfort of a "home assistant," while containing some of the industries most potent security features, all in a innovative and comfortable shell: a bright red toaster. Feel free to look at our github repo for a complete list of components and installed tools

How we built it

The management website was written in JavaScript and HTML. Google Home API is hosted on a raspberry pi 3. HID attack is run with an Arduino-compatible pro micro. Two ESP8266 boards manage deauthentication and detection. One Raspberry pi Zero W manages the camera feed, and another Raspberry Pi 3 equipped with two external wifi adapters contains the suite of cybersecurity tools.

Challenges we ran into

One of the inital plans for the project was to have the toaster mounted on two wheels and a caster, allowing it to be remotely driven via the management website. However, due to a lack of proper tools and resources, the idea had to be put aside.

Accomplishments that we're proud of

We are very proud of our ability to work together. Over multiple hours, our team managed to combine very diffrent spheres of expertise into a final project, which, with the exception of some poorly made physical components, went together very smoothly.

What we learned

We developed new skills, and a greater understanding of how our various personal interests can be combined with those of others, in order to create one final product.

What's next for IoToaster

There were a slew of features we were not able to implement into IoToaster, including the ability to "drive" the build, as well as various internal features, such as FM broadcasting, and hardware reverse engineering. Another key aspect of this build we hope to expand on in the future is integration with other IoT devices on the market, in order to be able to provide a more complete central hub.

Share this project: