Hacker News new | past | comments | ask | show | jobs | submit login
Princeton IoT Inspector: discovers IoT devices and analyzes network traffic (princeton.edu)
122 points by 0xmohit on Apr 12, 2019 | hide | past | favorite | 27 comments

Disclaimer: I work in an IoT-focused consultancy and work with Fortune 500s in their IoT strategy.

This is a _great_ idea. Not sure the implementation is perfect, but giving consumers more control/visibility over their devices is going to be increasingly important.

I hope we get more companies into this space, but I don't think it's well understood enough to be a viable business. Until then, open source tools like this are going to be great.

If the authors are watching this thread, reach out, I'd love to connect you with some of my customers.

Hi! I work for a security startup that focuses on IoT security, and is solving these issues for enterprise. Would love to connect.

Hey there -- I'm a co-founder of a small company working in exactly this space. If at all possible, it'd be great for us to get in touch!

Awesome, I work for a small iot security based startup. Would love to touch base with you!

From the faq:

Security: All data collected from your IoT devices is stored on a secure server at the Department of Computer Science in Princeton University. IoT Inspector transmits data to our server over a secure channel, i.e., HTTPS.

Obviously they want data for research, but it would be ideal and self-consistent if a privacy-oriented tool would make data upload opt-in.

... Otherwise we're going to need an IoT Inspector Inspector.

If you want to compile it from source I can't imagine disabling this would be all that difficult: https://github.com/noise-lab/iot-inspector-client/blob/c5b0f...

or just the little snitch firewall on macos to disable it. that's what i did. sorry princeton

Can you disable it in the source code (server_config.py)?

The paper preprint behind this tool is here: https://www.cs.princeton.edu/~yuxingh/static/pets-2019.pdf

If anyone from the inspector team is reading: The audio in the "Installation" video really should be removed. :-D

I don't know, I thought the random snot-sucking and throat-clearing gave it a nice, relatable quality.

Why is their python app mac only? I guess it probably works on linux or mindows too. Wish they tell you what the main starting class was.

Because they're interacting with network stacks using OS-specific interfaces.

  def enable_ip_forwarding():

      os_platform = utils.get_os()

      if os_platform == 'mac':
          cmd = ['/usr/sbin/sysctl', '-w', 'net.inet.ip.forwarding=1']
      elif os_platform == 'linux':
          cmd = ['sysctl', '-w', 'net.ipv4.ip_forward=1']

      assert subprocess.call(cmd) == 0

Ah, that good old "all of US use macs, so we have no reason to make it work cross platform". "Aren't you making this for people to find IoT devices?" - "Yes?" - "Isn't probably more than half the student body _not_ on apple computers?"

In my experience, the % of students at Princeton using Apple computers is definitely north of 50%. However, given that they're students, I doubt they're the target audience for this utility, since they're likely not homeowners (if they're living in dorms, they likely don't have that many IoT devices to be worried about).

The target audience is likely "privacy-minded technically capable home network owners", a significant proportion of whom likely skew towards Apple products.

>The target audience is likely "privacy-minded technically capable home network owners"

why would you use apple if you're technically capable? locked down linux would be waaaay more secure(and give you waaaaay cheaper options)

> privacy minded technically capable network home owners

Uploads all data to Princeton’s servers.

Why would people who attend Princeton care about price, though?

Not sure, nothing should inherently stop this kind of app working on other systems apart from bad design decisions. I see they're bundling netdisco with it according to some git commit messages. Could be why, only osx builds catered for there.

> Moved netdisco exe and pid file to inspector's local directory

Does seem a little strange to bundle that

Great idea, however would be great to see an option which used the dataset but did not upload your data.

I've read the "FAQ Why must IoT Inspector upload the data to Princeton?" and do understand the reasons for data collection, maybe once it reaches a data saturation point this new option could be introduced (I believe there is a “Start/Pause Inspection” button but that seems to only temporarily pause collection).

Naturally, there's going to be some reluctance in using and deploying a tool that uploads data to an outside party.

From the website: "[2018-04-13 13:32 ET] We're still under heavy load. To reduce the likelihood of the Gateway Timeout error, we've reduced the refresh rate of the data -- i.e., information about your devices will be updated roughly once every minute (instead of once every 15 seconds previously)."

Including a nice and extensive FAQ on how they collect data: https://iot-inspector.princeton.edu/blog/post/faq/#data-priv...

Uses ARP Spoofing to capture data https://en.m.wikipedia.org/wiki/ARP_spoofing

Whoever made this site needs to spend just those few minutes more to ensure that images, one of the most basic HTML elements, actually work with a script blocker (wisely) turned on.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact