× What is this Internet of Things Map project?

At its core, this project is driven by exploration. According to Gartner, there will be approximately 5 billion connected things in use during 2015, up 30% from 2014, and will reach 25 billion by 2020. Where are these things? Who made them? What do they do? Are they secure? These are some of the questions we hope to answer. The first step of our exploration involves locating and fingerprinting ZigBee-enabled smart devices and networks (more on ZigBee below). We're starting local and expanding from here. It's a big world to explore and billions of things to discover.

Why are you doing this?

What are common components of an Internet of Things (IoT) ecosystem?

We’re a team of strongly motivated, highly curious security engineers with a passion for exploring complex challenges and emerging technology. At Praetorian , every team member is afforded several weeks of bench time each year to work on projects they love. This is one of them. Interested in getting involved? Shoot us a message at iot@praetorian.com and let's talk Internet of Things. Or better yet, join our team ... we're always hiring. We're already starting to build a coalition of interested collaborators who each bring unique skills that will help advance this project beyond what was originally envisioned. Together, we can make something great.

A single ZigBee-enabled Internet of Things system could consist of hundreds of devices supported by various sensors, controllers, applications, platforms and cloud services. They can be quite complex. Below is an example of a smart lighting system consisting of several ZigBee-enabled smart bulbs, a ZigBee remote controller, a smart lighting gateway plugged into a local WiFi router, mobile apps used to control the system, and back-end cloud services. This project aims to locate and identify IoT devices operating on, and interacting with, local area mesh networks communicating over ZigBee. Devices we find have embedded ZigBee radios. Our visibility ends at the point at which ZigBee communication ends.

What is ZigBee?

ZigBee is one of the leading wireless communication protocols that many of today’s Internet of Things (IoT) devices use to connect to one another. From smart homes, connected lighting, smart grids, and retail services, ZigBee enables simple and smart objects to work together, improving comfort and efficiency in everyday life. It is also often used in machine-to-machine (M2M) communication associated with industrial automation and physical plant operation.

What are the security implications?

According to Gartner, 4.9 billion connected things will be in use during 2015, up 30 percent from 2014, and will reach 25 billion by 2020. In today’s connected world, the perception of security risk alone, even if not realized, can still negatively impact consumer confidence necessary for new technologies to meet their full market potential. Recent, high-profile data breaches have heightened consumers’ awareness of data security and privacy issues. As a result, consumer adoption may suffer until vendors can adequately address security and privacy concerns.

Joining the Internet of Things adds many new layers of complexity for any product environment. New technologies, existing technologies working together in new ways, limited standards, and competing protocols all add to the challenge of delivering a secure connected product to the market. From smart homes, connected lighting, smart grids and retail services to connected cars, industrial automation, and physical plant operation, Internet of Things security testing and assurance is critical for delivering and deploying secure connected products. We'll be sharing a lot more about IoT security as the project evolves.

How are you finding devices in the wild?

ZigBee is buzzing all around us, everywhere, everyday. In order to listen in on conversations taking place between machines, we’ve developed an autonomous, hand-held device that speaks the ZigBee language. It helps us humans better understand the conversations going on around us—a translator of sorts. The device is equipped with several ZigBee radios for communicating with the devices around it and an integrated GPS to triangulate the location of each device. It’s self-powered, weighs about 250g, and has software that makes it fully autonomous. While in operation, the device captures and logs the locations of all smart devices it finds within range (approximately 30-100 meters). Today, it can be held in your hand while taking a stroll around town or it can sit in your car while driving. Soon it will take flight on a drone.

Very soon, we’ll be releasing a full how-to build guide for our device, along with a release of the code the drives it, so other passionate engineers and hackers interested in ZigBee can start listening in to the machines around them.

How do you know who the device manufacturers are?

We’ve developed a methodology for fingerprinting smart devices communicating over ZigBee. This means we can tell who the original manufacturer is of the smart devices we find. Is it a Philips Hue smart light? Is it a device communicating with the smart grid? Is it your smart TV from Sony? Was its underlying hardware developed by Silicon Labs or Freescale? These are all questions we’re looking to answer. Overtime, as our fingerprinting capabilities improve, we’ll be able to better understand specific attributes and and capabilities of each device to more accurately understand its purpose. Does it measure or control temperature? Does turn things lights on/off? Does it physically interact with other things? These are the questions we want to answer.

I hear you've been scaring people with drones, why?

Drones are sexy.

How can I get involved?

Drop us a line and let’s talk iot@praetorian.com