IoT, or Internet of Things. We’ve been hearing a lot about that lately: how common household devices are becoming connected to the Internet to make our lives easier and costlier.

Of course we’ve also been reading a lot about how insecure these IoT devices can be:

• Are We Creating An Insecure Internet of Things (IoT)? Security Challenges and Concerns
• Schneier on ‘really bad’ IoT security: ‘It’s going to come crashing down’
• Take these 6 security measures to protect your IoT devices from hackers

And many, many more.

So, anyway, ignoring all this I blissfully went about looking for a smart plug that would let me control a power socket via my smartphone. There are quiet a few out there, and most are fairly expensive. Then I stumbled upon the Smart Plug 2 from Hangzhou Konke Technology Co., Ltd:

The base unit is 100¥ (still haven’t found a proper Chinese Yuan symbol) and you can get up to four different adapters (39¥ each) that plug into it that do the following:

1. Light, temperature and humidity sensor
2. Sound Sensor
3. Motion Detector
4. IR Transmitter

You can combine up to two of these at a time and using the App on your smartphone you can monitor your home, remote control IR devices like A/C, TV, etc, automate certain tasks and even use it as a WiFi range extender.

I thought “Wow! Really Cool!”. So I got the base unit and the light, temperature and humidity sensor module. All the instructions, as well as the App, are in Chinese so it was slow going getting it all set up. But once it was all set up, I could control a table lamp from anywhere and monitor the home environment as well. Thor no longer would be left in the dark if we got home late, and I could tell if he was comfortable or not. My next step was to buy the IR Remote so I could turn the A/C on/off from anywhere.

Then I started getting notices from Konke about server upgrades and that the units would be offline during that time. I didn’t realize there was a central system controlling all these devices…hmmmm…. And then got software upgrade requests directly from them and not through the Google Play Store. Upgrades that required names and phone numbers to login. That got me thinking, and worrying…

1. Konke knows when I’m monitoring or controlling my devices, so it has a pretty good idea when I’m not home
2. The device needs your WiFi SSID and password to connect, of course, but now Konke might very well have that info as well
3. If Konke has all this info, then can also control/monitor that device. And what if it does more than they’re saying?
4. What if its sniffing out other devices/computers on your WiFi?
5. What if its connecting to those devices? Like laptops, modems, Internet TV, Storage?
6. What if the security on this device really sucks and hackers can also get in?

So I promptly unplugged it and put it away and changed all my WiFi access passwords.

I’ve been looking for a Raspberry Pi solution ever since. One that I would have complete control over the OS, apps and functions. Alas, its just too expensive and complicated. Sigh

Undaunted (OK, slightly daunted), I thought “What if I could isolate it to its own WiFi network with no other personal devices on it?” Then, if the device was a Trojan Horse, or had crappy security, Konke/hackers would only have access to that device and nothing else.

Most WiFi routers have a “Guest Network” setting. This allows you to give guests in your home access to the internet without access to all your devices on your network. Problem is, this usually requires the user to access a Guest Login page to connect. The Smart Plug 2 has no web interface. Strike One.

Slightly more daunted, I kept digging.

I do have a spare WiFi router (two actually) and could set up one of them to be an exclusive IoT router. But, egads, I already have a modem, 2 WiFi routers and a switch on my home network and my electronics cabinet is getting quite full. That was not a very elegant solution.

One of my WiFi routers runs DD-WRT software, so I looked at what that can do. Turns out it has a feature called “Wireless Virtual Interface”. With it, you can set up a new SSID under a complete different IP Address and Subnet range, with its own Security Mode, Algorithm and Shared Key. You can even set it to isolate devices on that network from each other so they cannot see, hear or talk to each other. And you can isolate the WiFi router from the devices so that they cannot interact with it – other than connect, transmit/receive data. I even found a way to spoof the public IP address so it looks like its in another country!

So, now I have a dedicated WiFi network just for Internet of Things devices that is totally isolated from all my other networks, computers, devices. And as I add more IoT devices to it, they cannot see other IoT devices, interact with the WiFi router, or accurately report where they are installed.

While I’m not a Network Security Guru, I think this goes a long way in securing myself from hackers and suspicious acting IoT devices. And as far as installing the latest version of the App pushed from Konke, I have my phone set to NOT install Apps from unknown sources. If they want me to have the lastest version, then put it in the Play Store like everyone else so it can be properly vetted, damit.

Here’s a link to a page talking about the Wireless Virtual Interface settings in DD-WRT:

How to Set Up a DD-WRT Guest Network