Weekly Executive Summary for Week November 10, 2017

Scanning Phase:

Netdisco: Python 3 library is used to discover local devices and services. This library is used to power Home Assistant; which is an open-source home automation platform that is used to track and control all Internet of Things (IoT) devices at home and automate certain controls.

[cc lang=”python” width=”100%” tab_size=”4″]

import time
from netdisco.discovery import NetworkDiscovery

netdis = NetworkDiscovery()

netdis.scan()

for dev in netdis.discover():
print(dev, netdis.get_info(dev))

netdis.stop()

[/cc]

Code snippet that will import the netdisco library and scan a LAN for IoT devices

When netdisco scans a network it is using certain requests to test if it is one of many protocols used by IoT devices.

Below are a list of protocols that will be searched for during a scan.

Protocols scanned:

Web OS discovery protocol (LG TVs)
Daikin discovery protocol (HVAC systems)
Logitech Media Server discovery protocol (LMS)
Universal Plug and Play (uPnP)
Plex Media Server discovery protocol (Back-end media server)
mDNS (Multicast Domain Name Service – chromecast, Homekit)
Gdm (Gateway Device Management)
Simple Service Discovery Protocol (SSDP)
Tellstick

The above python script was run on a test network to see what IoT devices could be discovered and to see what data would be provided by the scan.

[cc lang=”text” width=”100%” tab_size=”4″]

Discovered devices:
homekit:
[{‘host’: ‘192.168.18.162’,
‘hostname’: ‘Philips-hue.local.’,
‘port’: 8080,
‘properties’: {‘c#’: ‘5’,
‘ci’: ‘2’,
‘ff’: ‘1’,
‘md’: ‘BSB002’,
‘pv’: ‘1.0’,
‘s#’: ‘1’,
‘sf’: ‘1’}}]

[/cc]

Homekit device was discovered on network; host and port number are  relevant here

[cc lang=”text” width=”100%” tab_size=”4″]

samsung_tv:
[{‘host’: ‘192.168.18.105’,
‘model_name’: ‘Samsung DTV RCR’,
‘model_number’: ‘1.0’,
‘name’: ‘UN55C7000’,
‘port’: 52235,
‘ssdp_description’: ‘http://192.168.18.105:52235/rcr/RemoteControlReceiver.xml’}]

[/cc]

Samsung TV was discovered on network; host: 192.168.18.105 port number: 52235

[cc lang=”text” width=”100%” tab_size=”4″]

philips_hue:
[{‘host’: ‘192.168.18.162’,
‘model_name’: ‘Philips hue bridge 2015’,
‘model_number’: ‘BSB002’,
‘name’: ‘Philips hue (192.168.18.162)’,
‘port’: 80,
‘ssdp_description’: ‘http://192.168.18.162:80/description.xml’}]

[/cc]

Philips Hue bridge was discovered on network; host: 192.168.18.162 port number: 80

[cc lang=”text” width=”100%” tab_size=”4″]

google_cast:
[{‘host’: ‘192.168.18.104’,
‘hostname’: ‘4db2ef75-177c-adc2-ada7-0663cc63489e.local.’,
‘port’: 8009,
‘ca’: ‘4101’,
‘cd’: ‘8312D6CCB6D5822135042D06A8739646’,
‘fn’: ‘Bedroom TV’,
‘ic’: ‘/setup/icon.png’,
‘id’: ‘4db2ef75177cadc2ada70663cc63489e’,
‘md’: ‘Chromecast’,
‘nf’: ‘1’,
‘rm’: False,
‘rs’: False,
‘st’: ‘0’,
‘ve’: ’05’}}]

Discovered 4 devices

[/cc]

Google Cast was discovered on network; host: 192.168.18.104 port number: 8009

As we can see a number of IoT devices can be discovered using netdisco, in this instance a total of four have been discovered on the test network. Below is a list of other devices that can be found using this library.

IoT product discovery:
Amazon echo (Voice home assistant)
Arduino (Microcontroller)
Belkin WeMo (Smart plug)
Nest (Smart indoor/outdoor cams)
Philips Hue (Smart lightbulbs)
Wink (Smart Home Hub)
More…

To test connectivity to smart devices I used python scripts that are designed to be used as a samsung remote control, the code is available on github and uses Python 3 samsungctl(library for remote controlling Samsung televisions via TCP/IP connections), and websocket-client. I connected to the discovered host for the Samsung TV 192.168.18.105 and sent a KEY signal to power it off. 

Once a user has discovered a list of IoT devices on their network they will have the ability to save devices they recognize. These saved devices will be stored in a trusted list which will be monitored for network traffic in other modules of the application.