NastyMa is a security consulting web application for IoT devices. A main goal is it to provide the (potentially inexperienced) user with security information about IoT devices using only a smartphone camera. Principles of augmented reality are used to identify devices in front of the user and provide him with device specific information, such as security status. Additionally the application is scanning the network for IoT devices and providing a list of them to the user.
What it does
The webapp focuses on helping non-techy users to find the smart-devices available in their home. The app provides the user information about all the smart devices available in the near proximity along with the security test information with everything being displayed via Augmented Reality. The current implementation utilizes user-printed markers (‘tags’) to identify IoT devices and let users naturally interact with them through augmented reality.
How we built it
The webapp is running on an own hardware in the same network as the IoT devices. The hardware could be a small low power device like a rasperry pi. The webapp consists out of a python backend which is able to execute scripts for scanning the network and security tests and a angular4 application which contains a augmented reality view realized with ar.js and a list showing the IoT devices of the network. The webapp is responsive and can be accesses by a smartphone or tablet.
Challenges we ran into
Accomplishments that we're proud of
Elegant UI to handle complex tasks. Simple workflow.
What we learned
We’ve learned about a complex world of IoT security and got our first experience in developing applications for augmented reality.
What's next for Nastyma
We envision using AI techniques (such as optical character recognition, and eventually image classification) for helping Nastyma better recognizing devices in the network. According to our tests, currently available cloud-based computer vision services efficiently recognize device labels. Thanks to an accurate device recognition, inexperienced users are guided to the appropriate configuration interfaces for each IoT device. In addition, a small piece of HW stays in the user’s LAN and while monitoring attached devices, it checks for current vulnerabilities.