Author Topic: How do users connect IOT device to WiFi?  (Read 6924 times)

0 Members and 1 Guest are viewing this topic.

Offline KasperTopic starter

  • Frequent Contributor
  • **
  • Posts: 793
  • Country: ca
Re: How do users connect IOT device to WiFi?
« Reply #25 on: August 08, 2019, 10:24:13 pm »
[...]
Also I think Bluetooth doesn't require anything extra if you don't use it in marketing, just classic FCC and similar for other countries.

Last I checked, you can use bluetooth without bluetooth membership but you can not say bluetooth anywhere. 

It's hard not to use the word 'bluetooth' in a user guide that tells users to make bluetooth connection. "click the symbol that looks like a B" is probably a little iffy.  I don't want users wondering why I have funny wording nor do I want bluetooth coming after me.  As Dave would say, that would cumagutsa
 

Offline KasperTopic starter

  • Frequent Contributor
  • **
  • Posts: 793
  • Country: ca
Re: How do users connect IOT device to WiFi?
« Reply #26 on: August 08, 2019, 10:42:18 pm »
Thanks everyone for all the replies.  Lots of good ideas here. 

Audio: This could probably be done without the user even knowing about it which would be great but I think people are growing weary of everything having microphones so I don't want to go there.

I am still leaning towards website based with AP, no app.  It sounds like that is the standard and robust method.  Many good ideas here though, some sound better but not better enough to justify going away from the standard, specially since this is not my area of expertise.    This being my first product (on my own) I'd like to focus on making it solid more-so than fancy.
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9321
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: How do users connect IOT device to WiFi?
« Reply #27 on: August 09, 2019, 02:30:33 am »
Last I checked, you can use bluetooth without bluetooth membership but you can not say bluetooth anywhere. 

It's hard not to use the word 'bluetooth' in a user guide that tells users to make bluetooth connection. "click the symbol that looks like a B" is probably a little iffy.  I don't want users wondering why I have funny wording nor do I want bluetooth coming after me.  As Dave would say, that would cumagutsa
Have the setup app be open source ("generic" and can be used for any device with a compatible implementation) and have the manual direct users to download that open source app to set it up. Any mention of Bluetooth would be in the app and only where absolutely necessary e.g. prompting the user to turn it on if not already.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline Fire Doger

  • Regular Contributor
  • *
  • Posts: 209
  • Country: 00
  • Stefanos
Re: How do users connect IOT device to WiFi?
« Reply #28 on: August 09, 2019, 05:37:40 am »
How you will make the server infrastructure to work over the internet?
 

Offline hamdi.tn

  • Frequent Contributor
  • **
  • Posts: 626
  • Country: tn
Re: How do users connect IOT device to WiFi?
« Reply #29 on: August 09, 2019, 12:05:30 pm »
Hi,

ESP32 and ESP8266 support a feature called ESP Touch, it use only Wifi but it require an application running on a smartphone either Android or Ios, they have samples application if you want to edit it yourself. The idea is that this application will broadcast wifi credentials through the router on which the phone is already connected, while the module will be sniffing for those frames. You can connect multiple units at once using this method.

ESP32 support WPS as well, so a button on the device can be used, sample code can be found in ESP_IDF.

These sound like the easiest solutions for the users but would they be venerable to users' neighbors who are constantly sniffing or other hackers?

I think the frame is encrypted
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9321
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: How do users connect IOT device to WiFi?
« Reply #30 on: August 09, 2019, 01:15:13 pm »
How you will make the server infrastructure to work over the internet?
There are plenty of free dynamic DNS services. There's also Tor, but I think that's a bit too complex for an ESP8266.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #31 on: August 10, 2019, 11:22:10 am »
I think the frame is encrypted

I don't understand this. An APP is connected to the WLAN AP through the phone's OS. It wants to send a packet and it hands it to the OS and in the header is the address of the recipient. The OS encrypts the packet and sends it over the WIFI. Being encrypted makes it opaque to any and all listeners. So how is a device listening in going to get anything out of it?

I don't understand how it can work.
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Online Jeroen3

  • Super Contributor
  • ***
  • Posts: 4209
  • Country: nl
  • Embedded Engineer
    • jeroen3.nl
Re: How do users connect IOT device to WiFi?
« Reply #32 on: August 10, 2019, 11:39:28 am »
The length and destination of the packet are not encrypted.
 

Offline Fire Doger

  • Regular Contributor
  • *
  • Posts: 209
  • Country: 00
  • Stefanos
Re: How do users connect IOT device to WiFi?
« Reply #33 on: August 10, 2019, 12:42:48 pm »
How you will make the server infrastructure to work over the internet?
There are plenty of free dynamic DNS services. There's also Tor, but I think that's a bit too complex for an ESP8266.
Posts above indicates that some users have hard time changing wifi network on their phones.
Will they make an account to Free DNS provider, pass back and forth info and credentials to connect ESP to DNS and open any firewall setting on their router to give access from outside into the ESP?
Also how secure is having a public server in your local network based on ESP?
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #34 on: August 10, 2019, 01:05:23 pm »
The length and destination of the packet are not encrypted.

That does not answer my question. How is it done?

Suppose the device is sniffing the airwaves and it "sees" several WLANs. Now what? Let us suppose it decides to listen to the strongest one and it "sees" packets, long and short, coming and going, among a bunch of different devices. Now what?

The question is: How can it be done?
 
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Offline hamdi.tn

  • Frequent Contributor
  • **
  • Posts: 626
  • Country: tn
Re: How do users connect IOT device to WiFi?
« Reply #35 on: August 11, 2019, 08:33:37 am »
The length and destination of the packet are not encrypted.

That does not answer my question. How is it done?

Suppose the device is sniffing the airwaves and it "sees" several WLANs. Now what? Let us suppose it decides to listen to the strongest one and it "sees" packets, long and short, coming and going, among a bunch of different devices. Now what?

The question is: How can it be done?
 

the device doesn't decide to listen to a particular AP based on the signal strength, it scan all available channel in sniffing mode. While i can't explain how it work in details, i can say it's based on the "CC3000 SmartConfig" by Texas Instrument, you may find more details by googling that instead of ESP-Touch

http://depletionregion.blogspot.com/2013/10/cc3000-smart-config-transmitting-ssid.html

Hamdi

 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #36 on: August 11, 2019, 11:49:22 am »
the device doesn't decide to listen to a particular AP based on the signal strength, it scan all available channel in sniffing mode. While i can't explain how it work in details, i can say it's based on the "CC3000 SmartConfig" by Texas Instrument, you may find more details by googling that instead of ESP-Touch

http://depletionregion.blogspot.com/2013/10/cc3000-smart-config-transmitting-ssid.html

Hamdi

I had a look. Well, the information is being transmitted in the packet size. This is a serious vulnerability because any listener can gather the same information and get into the network.

I suppose additional security could be gained by encrypting the information but this is still not enough.

I suppose my remotely-controlled switch might use this system. 
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9321
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: How do users connect IOT device to WiFi?
« Reply #37 on: August 11, 2019, 02:00:21 pm »
I had a look. Well, the information is being transmitted in the packet size. This is a serious vulnerability because any listener can gather the same information and get into the network.

I suppose additional security could be gained by encrypting the information but this is still not enough.
Point the smartphone camera at a LED on the device and now you have a way to securely negotiate an encryption key.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline djacobow

  • Super Contributor
  • ***
  • Posts: 1170
  • Country: us
  • takin' it apart since the 70's
Re: How do users connect IOT device to WiFi?
« Reply #38 on: August 11, 2019, 04:41:03 pm »
I had a look. Well, the information is being transmitted in the packet size. This is a serious vulnerability because any listener can gather the same information and get into the network.

I suppose additional security could be gained by encrypting the information but this is still not enough.
Point the smartphone camera at a LED on the device and now you have a way to securely negotiate an encryption key.

This was discussed at the beginning of the thread. If you are going to do this, you don't need the AP mode at all.

It does bring up another problem I have with the AP approach. It is perhaps a simple thing to fill in an ssid and passphrase over a web form, but the complexity goes up if you want to relay a firmware update or a certificate. You can do it, of course, but now you're asking users to find those files, upload them etc. Look how good people are at updating the fw on their home routers, almost all of which work this way.

This issue is important to me because I want to build IOT devices that might be compatible with "the cloud" but are not at all dependent on it to be useful. For example, devices that interact with a small server inside the home. (The server then might relay messages outside the home if the user so wishes.)

Let's say you want these devices to make https transactions with that little home server. Well, they'll need a cert so they can trust the server. You can either preshare such a cert with all the devices and put the same private key on all the servers when you program then at the factory (ugh), or you can require that users get a domain name and real cert for their server (ugh), or you can self sign something on the server when you configure it and then relay the cert to the devices when you provision them.

Personally, I think the last case is most appropriate, but if you want to do it using the AP approach, you're looking at a bunch of manual steps that won't make much sense to Joe User. (An app will help here, though)

Which is to say that Intranet-confined, secure, easily configured IOT is very difficult under prevailing models that don't have some out-of-band way (optical, audio, usb, headphone jack, keypad+screen) for trusted device x to talk to new device y.
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #39 on: August 11, 2019, 06:44:02 pm »
It seems inevitable that ease of use and security are inversely proportional. If you want ease of use then security will be bad and if you want security then it will be a PITA.

All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Offline Fire Doger

  • Regular Contributor
  • *
  • Posts: 209
  • Country: 00
  • Stefanos
Re: How do users connect IOT device to WiFi?
« Reply #40 on: August 11, 2019, 07:45:04 pm »
It seems inevitable that ease of use and security are inversely proportional. If you want ease of use then security will be bad and if you want security then it will be a PITA.
No it isn't. It just costs more because :
It's hard to make something usable by average Joe, that's why there are UX designers and they make their living from it.
It's hard to make something secure because networks are very complex and require a lot of knowledge.

You have every tool that you need.
You have company servers which can distribute fw updates, certificates or whatever.
You have a powerfull device with internet, bluetooth, wifi and USB.
You have a device wich can connect and host wifi, bluetooth, USB.

If your implementation sucks in security or usability its your fault.
The problem is that it's not as easy as an arduino board, write code 2 days and sell it. Some things requires development time and knowledge.

And it's a lot easier when you don't reinvent the wheel on things that you are not an expert of because possible issues are already solved by others.

Also you have to understand what your audience finds "hard". You may find easy to connect with it with a terminal, don't assume that this is usable by others!
As already said you can read about UX design to find what is the most user friendly method now. (Accelerometer and vibration motor are not high in list...)

*PS routers don't spam you about updates because they want to be performed by people who have basic knowledge about it and can comunicate in case of something goes wrong.
They are not stupid, they just don't wont to spend money to make it idiotproof.
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #41 on: August 11, 2019, 11:01:38 pm »
No it isn't.

Don't argue with me. I have no dog in this fight. But the OP and many other manufacturers of IOT devices are trying to solve the same problem presented in the OP and it seems very difficult to come up with solutions that are user friendly and secure. If you have better ideas then the OP is looking for your input. I am just an interested bystander.
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Offline KasperTopic starter

  • Frequent Contributor
  • **
  • Posts: 793
  • Country: ca
Re: How do users connect IOT device to WiFi?
« Reply #42 on: August 11, 2019, 11:29:38 pm »
It seems inevitable that ease of use and security are inversely proportional. If you want ease of use then security will be bad and if you want security then it will be a PITA.
No it isn't. It just costs more because :
It's hard [...]

Hard = expensive.  A lot of products have more features than most people want to pay for.

Is this a feature people want to pay extra for?

Will putting "secure and easy to use" in the marketting attract customers?
 

Offline djacobow

  • Super Contributor
  • ***
  • Posts: 1170
  • Country: us
  • takin' it apart since the 70's
Re: How do users connect IOT device to WiFi?
« Reply #43 on: August 12, 2019, 12:26:27 am »
At some point, the whole "will costumers pay for this feature" argument starts to weaken. People who sell stuff know more about the thing they are selling then do customers. There is some responsibility to make a safe, quality product. One day, when some preshared key baked into the firmware of every thermostat or door lock in the developed world is compromised, causing chaos, folks will maybe care about it.

Nobody wanted to pay for seat belts, or collapsing steering wheel stalks, but we have them. It would be nice if industry started to take some responsibility for its products before someone from the government decides to do it for them in a way nobody likes.

 

Offline KasperTopic starter

  • Frequent Contributor
  • **
  • Posts: 793
  • Country: ca
Re: How do users connect IOT device to WiFi?
« Reply #44 on: August 12, 2019, 01:56:34 am »
At some point, the whole "will costumers pay for this feature" argument starts to weaken. People who sell stuff know more about the thing they are selling then do customers. There is some responsibility to make a safe, quality product. One day, when some preshared key baked into the firmware of every thermostat or door lock in the developed world is compromised, causing chaos, folks will maybe care about it.

Nobody wanted to pay for seat belts, or collapsing steering wheel stalks, but we have them. It would be nice if industry started to take some responsibility for its products before someone from the government decides to do it for them in a way nobody likes.

Judging by how many helmuts I see on ski hills now days, people would pay for seat belts even if they weren't mandated.

I'm all for being responsible.  I am looking for a solution that is solid and secure and balances eas of use vs costs.

"will customers pay for this feature" is one of the most common debates in the last 4 places I worked. I often push to release a solid basic version first with only a little consideration for extra features.  There will be plenty of time for extra features later if we make sales before we run out of money.  I've seen how wasteful scope creep can be and this is my chance to do better.
 

Online Jeroen3

  • Super Contributor
  • ***
  • Posts: 4209
  • Country: nl
  • Embedded Engineer
    • jeroen3.nl
Re: How do users connect IOT device to WiFi?
« Reply #45 on: August 12, 2019, 06:05:27 am »
It seems inevitable that ease of use and security are inversely proportional. If you want ease of use then security will be bad and if you want security then it will be a PITA.
There is no motivation to make it secure, average users won't pay for that. Because they have no clue. They'll happily forward port 80 in their home router to their IP cam running embedded linux from 10 years ago.

Unless you want in on the Homekit MFi, then you have a few requirements.
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #46 on: August 12, 2019, 09:41:09 am »
Will putting "secure and easy to use" in the marketting attract customers?

Before that you need to ask if "secure and easy to use" is even possible because so far in this thread we have not seen it.

We have seen secure but PITA and we have seen easier but insecure. So far we have not seen both. Before you discuss whether the cost is justified you need to know whether it is possible. So far we have not seen it is possible.

WPS was supposed to make WPA login easy and secure. It turned out security was non-existent to the point I do not understand how it was even ever released.
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Online Siwastaja

  • Super Contributor
  • ***
  • Posts: 9333
  • Country: fi
Re: How do users connect IOT device to WiFi?
« Reply #47 on: August 12, 2019, 09:51:18 am »
WPS is of course one of those utter failures which try to make a 3-step, 1-minute manual process "easier" and results in a multi-page flow diagram instead. For WPS, four totally different "operating modes" are specified and they all suck.

Sometimes it is just easier to accept some manual work in exchange for predictability and simplicity. The "temporarily join the AP -> enter config page -> enter your network credentials" is the only way which seems to actually work without major pain, or pages long specifications. It took the device manufacturers years to realize such a simplistic and hacky scheme is the way to go: now the sticker is in the device you just bought, and you are not relying on finding a sticker, or a push-button on your 5-year-old home hotspot which may be installed in a hard-to-reach place.
« Last Edit: August 12, 2019, 09:53:51 am by Siwastaja »
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 3595
  • Country: es
Re: How do users connect IOT device to WiFi?
« Reply #48 on: August 12, 2019, 02:34:51 pm »
Not too long ago I was having lunch at a cousin's place and I asked for the WIFI password. She was reading it off the bottom side of the router and it was 20 characters in tiny print which she was having trouble reading. I was trying to type it into a tiny screen of an iphone and with my fat fingers half the time I was getting the wrong character. Each try took quite a while and after three or four unsuccesful tries we just gave up.

I guess that is what WPS was trying to address except it was a shoddy attempt which just created a big hole.

But, getting back to how to connect IOT devices which have no keyboard or other input device, you can say that starting up in AP mode is "easy" and it is, for certain values of "easy". The system that I mentioned my device does where the APP transmits the credentials encoded in packet length is, much easier and much more insecure.

People will generally choose convenience over security and will later bitch and complain when security is compromised.
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Offline KasperTopic starter

  • Frequent Contributor
  • **
  • Posts: 793
  • Country: ca
Re: How do users connect IOT device to WiFi?
« Reply #49 on: August 12, 2019, 03:27:00 pm »
Not too long ago I was having lunch at a cousin's place and I asked for the WIFI password. She was reading it off the bottom side of the router and it was 20 characters in tiny print which she was having trouble reading.
[...]
People will generally choose convenience over security and will later bitch and complain when security is compromised.

I take a picture of it then read from the picture.

I am aiming for as few tech support calls and negative comments online as possible.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf