UCSC's ITS wants to know what kind of problems could arise from putting these smart outlets around the school, and also what out of the box applications they could have to benefit the student body.
What it does
We're compiling a list of security vulnerabilities that arise from using these smart outlet devices. We're also working on developing a way of using these smart outlet devices independently from their distributor, so that there is no need to have a constant communication between the outlet and outside proprietary servers.
We're also developing an enterprise level universal control module for the corporate world to monitor a framework of multiple smart wifi plugs.
How we built it
We used many networking tools such as airmon-ng, airodump-ng, nmap, wireshark, tcpdump, tcpkill in order to do the networking analysis of the device.
We also used an open source api from a 3rd party developer "chickendelicious" (https://github.com/chickendelicious/python-vesync) with our own HTML/CSS, Python and Mongo DB.
Challenges we ran into
Even though we could track the traffic between the smart plug and its server we were unable to decrypt the packets sent. Also as it became clear we would not be able to take the place of the server and send our own commands we had to look for a more innovative solution.
Accomplishments that we're proud of
Locating the IP address of the smart plug device and using that information to disrupt the connection between the device and its server.
Utilizing open source software to create a scalable application that streamlines critical data in a presentable and efficient manner for system admins.
What we learned
How to discover and track all devices on the network we are connected to which allowed us to gain valuable information that could be used in a devastating way against the smart plug device.
What's next for Voltson Hack
Creating an integrated dashboard with Google Cloud Services.