haven icon indicating copy to clipboard operation
haven copied to clipboard

Published 20 hours ago verified publisher icon guardianproject

MQTT

Open evilpin opened this issue 6 years ago • 4 comments

MQTT support would be a very nice feature. It would allow for easy integration with most home automation platforms.

evilpin avatar Mar 07 '18 11:03 evilpin

This makes an even dozen requests for remote service interaction and for good reason: it's something we all want/need in the app. Any remote execution operations (talking back and forth) between devices is open to security issues.

That said, MQTT is super old and easy to hack. A simple search provides recipes (plus it's just too easy to MITM attack anything on the IoT). From my perspective, this project takes a zoomed out approach to security with an emphasis on human intent as well as simple interaction. I do agree though, remote controls are nice and we could start small using additional cameras.

lukeswitz avatar Mar 07 '18 14:03 lukeswitz

That article is pretty much pointing out that people are running open MQTT servers (brokers) w/o encryption or really any authentication at all, but MQTT can be used w TLS.

I do see how this could be kind of useful for someone wanting to check on many aspects of their device's physical status in real time. The paho library for Android might be a good way to implement it.

fat-tire avatar Mar 15 '18 21:03 fat-tire

Right, if built correctly MQTT can be pretty secure. Does adding SSL on our end mean total privacy for the messages lifespan?

Either way, we should consider adding a Snyk badge to the project. It takes minutes and points out things such as: https://snyk.io/vuln/npm:mqtt

lukeswitz avatar Mar 15 '18 23:03 lukeswitz

I second MQTT support.

I also have done a lot of work on getting first-class Tor support directly with your preferred MQTT broker.

https://cdn.hackaday.io/files/12985555550240/Linux%20Tor%20Service%20configuration.txt * https://cdn.hackaday.io/files/12985555550240/Linux%20DNS%20Resolver%20for%20Onions.txt *

The 2 together allows an arbitrary Linux machine to resolve and use Tor natively. If you get a public IP/public DNS address, it goes over the clearnet. If you get a .onion , it goes automatically over Tor.

One sets up the hidden service, for say, Mosquitto. Turn on authentication. No need for SSL. Allow only local network and Tor. Now, your devices can post data to a Torified MMQT broker. And if you use Node-Red, you can then route data back out over TCP to an different .onion .

Tl;Dr. MMQT is uber important. I pair with Tor to grab all endpoints and do stuff.

  • Linked project is a Torified IoT of my own design. https://hackaday.io/project/12985-multisite-homeofficehackerspace-automation

jwcrawley avatar Aug 13 '18 15:08 jwcrawley