Garage Door Buddy Monitor

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • atgcpaul
    Veteran Member
    • Aug 2003
    • 4055
    • Maryland
    • Grizzly 1023SLX

    Garage Door Buddy Monitor

    We had an embarrasing moment about a month ago when we returned home from the grocery store and there were 3 security folks parked outside the open garage of our house. I had inadvertently moved my bike in front of the beam, but it didn't trigger until the door was at least 6' closed and I had already driven off. Our door slides left/right to close rather than rolls up and with it being double wide, takes a long time to close.

    I found and ordered a gadget on Amazon called the Garage Door Buddy Monitor that attaches to your garage door and then pairs with your home WiFi to notify you when the door is open or closed through their app. When it was delivered, though, I realized it wouldn't work for my door. Their description didn't indicate it uses a tip sensor to trigger the signal. I incorrectly assumed it would use a nearby magnet to trip the sensor. I was prepared to return it, but I decided to knock something together to make it work.

    Using some scrap wood, screws, zip ties, and a metal can, I came up with this. It seems to be working well enough.

  • twistsol
    Veteran Member
    • Dec 2002
    • 2893
    • Cottage Grove, MN, USA.
    • Ridgid R4512, 2x ShopSmith Mark V 520, 1951 Shopsmith 10ER

    #2
    Brilliant solution.
    Chr's
    __________
    An ethical man knows the right thing to do.
    A moral man does it.

    Comment

    • Carlos
      Veteran Member
      • Jan 2004
      • 1893
      • Phoenix, AZ, USA.

      #3
      I use the $40 garage door controllers and sensors from Best Buy. They integrate with Homekit home automation, so I can just tell my phone "shop time" and it opens both doors. I get a notification on the phone, tablet, and PC if the doors are opened. And I can schedule a closing of all the doors and lights off by saying "good night." Saying "leaving home" closes everything and turns on the alarm. For only $40 you get a lot of functionality.

      Comment

      • furrow
        Handtools only
        • Jan 2021
        • 3
        • TX

        #4
        Originally posted by Carlos
        I use the $40 garage door controllers and sensors from Best Buy. They integrate with Homekit home automation, so I can just tell my phone "shop time" and it opens both doors. I get a notification on the phone, tablet, and PC if the doors are opened. And I can schedule a closing of all the doors and lights off by saying "good night." Saying "leaving home" closes everything and turns on the alarm. For only $40 you get a lot of functionality.
        I'm literally in love with this kind of tech and find it very practical but my wife is an IT professional and she just hates all kind of smart home stuff likes this. She's really paranoid when it comes to automated house tech and stuff like that... So, unfortunately, I can't use such stuff at our house. Maybe you could help me to create some arguments against my dear tin-hat?.. Last year I have bought some smart LED bulbs for our real estate in Budva and we have argued about them for months. I need to convince her somehow that our light bulbs are not going to enslave us or anything in the recent future.

        Comment


        • woodturner
          woodturner commented
          Editing a comment
          She is not wrong, unfortunately. Most of these systems are not very secure and are easily hacked. There is no practical way to make them "hack proof". It provides an easier path for the bad buys to access your property and control the system.

          The capturing and selling of personal information is an even greater risk, and so many devices and apps capture and resell personal information. Security experts tend to avoid the voice activated apps, "Smart" TVs, home automation,and other devices that constantly eavesdrop and monitor, to protect their personal information.
      • Carlos
        Veteran Member
        • Jan 2004
        • 1893
        • Phoenix, AZ, USA.

        #5
        Originally posted by furrow

        I'm literally in love with this kind of tech and find it very practical but my wife is an IT professional and she just hates all kind of smart home stuff likes this. She's really paranoid when it comes to automated house tech and stuff like that... So, unfortunately, I can't use such stuff at our house. Maybe you could help me to create some arguments against my dear tin-hat?.. Last year I have bought some smart LED bulbs for our real estate in Budva and we have argued about them for months. I need to convince her somehow that our light bulbs are not going to enslave us or anything in the recent future.

        Hah, funny, usually the people in fear of it are outside the industry, and fear/uncertainty/doubt drives them. I've been in many forms of IT for almost 35 years, started on mainframes. I go out of my way to protect myself from data collection, ads, and the like. I have pretty well zero fear of home automation devices. That's because most are basically so low risk as to be zero risk, particularly those running on Homekit which is totally closed off from even the vendor seeing your data. The Alexa and Google stuff is less private, but not unsecure in any way. Let's explore...what is the risk? That your neighbor will hop on your wifi and control your lights? That someone on the internet will randomly take control of your lights? Nobody who is against this stuff is ever able to tell me the actual scenario that they fear; it's always just a generalized spectre based on not understanding how it works. Targeting your house specifically over the internet is basically impossible. If someone wanted to attack YOU that badly then controlling your light, thermostats, and locks is the least of your worries. IP addresses don't correlate to home addresses in any useful way. Random attackers, even if they were able to gain control, wouldn't know where your house is.

        If you use Apple Homekit then your data is private, period, well proven. If you use Alexa or Google Home then some of your data is being used (as with all Google and Amazon products, YOU are the product), but there are still no known actual risks being exploited in the wild. The fears are just unfounded.

        Today I got a neat little thing called an iBeacon. There was a sale on them at $7 each. It's the size of a half dollar and sticks anywhere. If my phone gets near it, I can do an automation. I can define the distance. So far I have one in the wood shop and one in the gazebo. If I walk out to the gazebo, it detects the proximity and turns on the yard lights, gazebo lights, gazebo fan, and patio lights. If it detects I'm in the shop, it opens the door, turns on the lights, turns on music, etc.

        When both phones leave home, it automatically knows this and arms the alarm. So this is a real security improvement. Oh, also, at night it makes sure both garage doors are closed. I have forgotten one open a couple times. So, real security improvement, again.

        Comment

        • Carlos
          Veteran Member
          • Jan 2004
          • 1893
          • Phoenix, AZ, USA.

          #6
          Oh, I forgot to mention one thing specific to the garage doors. They were actually my very first home automation device, for a variety of reasons. At the time I was also starting to work with a new penetration testing company for one of my customers. So, I told them to try to attack the garage door controllers, which they were interested in since it was a new thing. I even gave them inside info, like my IP address, and their internal NAT IPs. They couldn't do it. These are people who are paid to find anything to exploit. Could they open the doors, turn on the light...anything? Nope, the devices didn't even respond at all to them, whatsoever. Anyone who understands one-way NAT should understand why. It's just a documented feature of NAT. So that's probably a good thing to share with the wife; if she understands how NAT works, then she would know why reaching them from outside the network would be impossible.

          Comment

          • woodturner
            Veteran Member
            • Jun 2008
            • 2047
            • Western Pennsylvania
            • General, Sears 21829, BT3100

            #7
            Originally posted by Carlos
            Let's explore...what is the risk?
            The obvious ones are:
            1. Gives the bad guys a way into the system to unlock doors, open garage doors, etc.
            2. Give the bad guys access to data on your network so they can access information for identity theft, access financial information, install malware, etc.

            The even more concerning part is it no longer requires a high level of technical expertise. ANYONE can buy a box and software on the web to do any of this, basically reduces it to simple button pushing. That's why knowledgeable people in the industry don't use the commercially available home automation systems, there are cheap readily available exploits for all of them.

            Some recent examples from the news:
            - Using Ring to spy on inhabitants
            - Using cameras in laptops and TVs and baby monitors to capture photos of people undressed in their homes and blackmailing them
            - Using a "universal garage door opener" box to open garage doors and burglarize homes
            - Using a box to access control of a vehicle on the highway and drive it off the road. Thankfully that one was a demonstration to show the vulnerabilities in drive by wire systems in cars.

            It's a scary world out there, and even more scary when you know how unsecure it really is and understand why it's not possible to secure it.
            --------------------------------------------------
            Electrical Engineer by day, Woodworker by night

            Comment

            • Carlos
              Veteran Member
              • Jan 2004
              • 1893
              • Phoenix, AZ, USA.

              #8
              Right, so that's a whole lot of factually incorrect stuff, and unrelated stuff. Exactly what I said about fear and doubt when you don't understand it.

              Ring...part of the ecosystem I warned against, Amazon.

              Laptops...not IoT, and totally unrelated. Totally different attack vectors that have to do with the intrinsic problems in Windows, which I also don't recommend using.

              RF attack boxes...also totally unrelated to this. PLUS, if the victims had a connected IoT garage door, it would have warned them. Again, IoT *increases* security by increasing your awareness. If the wife opens a garage door I get an instant notification. I can tap it to see a camera and see that it's her, not a burglar. Increased safety.

              The car attack required physical access and taking the dash apart. So again, totally unrelated. I can take over anything if you give me physical unlimited access to it first. Duh.


              Originally posted by woodturner

              It's a scary world out there, and even more scary when you know how unsecure it really is and understand why it's not possible to secure it.
              It's scary if you completely fail to understand why these supposed hacks aren't a real threat and can be easily mitigated.

              Comment

              • woodturner
                Veteran Member
                • Jun 2008
                • 2047
                • Western Pennsylvania
                • General, Sears 21829, BT3100

                #9
                Originally posted by Carlos
                Right, so that's a whole lot of factually incorrect stuff...

                It's scary if you completely fail to understand why these supposed hacks aren't a real threat and can be easily mitigated.
                Sure, a lot of people don't understand and unknowingly post factually incorrect information, including some of the incorrect information you posted. That is why I was careful to post only factually correct information that can be readily verified by anyone.

                The car attack required physical access and taking the dash apart.
                You are probably thinking of some of the very early attempts some years ago. Recent car hacks were conducted without physical access or direct contact with the vehicle at all. The access was completely wireless and at longer distance than most thought was even possible. The demonstration showed that a person in another vehicle driving a safe distance away could take control of the vehicle and drive it off the road.

                if the victims had a connected IoT garage door, it would have warned them.
                Only if the attackers allow it, it is simple to turn it off or jam it so it does not warn. There are unclassified trade and academic journals that print published public research in these areas, you may find them interesting reading.

                It is scary that some people, even some in the industry apparently, don't understand that these hacks are real threats and essentially cannot be mitigated. No communication system can be made absolutely secure, it's impossible, as Shannon, Oppenheim, and others have repeatedly and consistently shown.

                Each of us has to decide what level of risk we will take, it is a cost/benefit tradeoff. If you or anyone else is comfortable with the risks you are taking, that is fine, but it is important for everyone to understand that they are taking risks and understand the nature and extent of the threat.
                Last edited by woodturner; 01-28-2021, 02:22 PM.
                --------------------------------------------------
                Electrical Engineer by day, Woodworker by night

                Comment

                • Carlos
                  Veteran Member
                  • Jan 2004
                  • 1893
                  • Phoenix, AZ, USA.

                  #10
                  Wow, what a bunch of make-believe and fear. I have to wonder how you convince yourself of these things? It's fascinating, and people in my office are enjoying this thread.

                  Comment

                  • twistsol
                    Veteran Member
                    • Dec 2002
                    • 2893
                    • Cottage Grove, MN, USA.
                    • Ridgid R4512, 2x ShopSmith Mark V 520, 1951 Shopsmith 10ER

                    #11
                    The reality is that most of these systems can be hacked with enough effort and intelligence and many of the early products had little or no security leading FUD and paranoia. Fortunately, criminals, by and large are not very bright, and are unwilling to put out the effort. Locked doors can be compromised with a sledge hammer far more quickly and easily than hacking your home security system and either way they just end up with nothing more than a laptop or tv worth a few hundred dollars. Lex Luthor isn't trying to get at my tools and Superman wouldn't give a crap if he were.

                    I don't have any connected locks on my house not because of paranoia, but because I don't see the benefit. My key has never run out of battery or been damaged by getting wet and I can use it in the winter with gloves on my hands. Of the few things that are connected I'm unconcerned about hackers turning on the oven or tv or going on a malicious vacuuming spree. Considering the vacuum was recently defeated by a shoelace and had to call for help, the robot uprising is a long way off.
                    Chr's
                    __________
                    An ethical man knows the right thing to do.
                    A moral man does it.

                    Comment


                    • woodturner
                      woodturner commented
                      Editing a comment
                      Agree that criminals are often not particularly bright or clever and are usually looking for the easy target. The part that scares me is that people who do have technical skills make products available to anyone willing to pay a few bucks to buy them. The "universal garage door openers" are a good example of that, for under $100 anyone can buy a small device that will operate any and all garage door openers with five to ten minutes of scanning.Key bumping is another example, though a lower tech one, where nearly all home door locks can be opened in under 30 seconds by an unskilled person and leave no sign of tampering. Anyone can easily find those videos on the internet.

                      It's curious that the bad guys seem to communicate as well as they do, even pre-internet. Back in the day when I was designing security products such as home incarceration devices, one or two "clients" figured out an ingenious but simple to implement hack to remove the leg band. Within two to four weeks knowledge of that technique traveled around the world and we had to redesign and replace the leg bands.

                      You are right, though, the most common complaint about the electronic locks is that they fail and won't open the door, locking people out of their homes.
                  • Carlos
                    Veteran Member
                    • Jan 2004
                    • 1893
                    • Phoenix, AZ, USA.

                    #12
                    None of our door locks are connected. The front door is an RFID/NFC lock, which can be used with a card (guests) and both the wife and I have NFC chips embedded in our hands. That's the key to my office doors also, and I used to use it to unlock my PC too (now the Apple Watch does it more easily). I think I might draw the line at having BOTH door locks and alarms on the same system. One backs up security of the other. The garage doors have BOTH a sensor on the garage door system, and separate sensor on the alarm system. Both can alert independently.

                    You make a great point about the sledgehammer. My front door has glass sidelights. Single pane, generic, non-tempered glass. There are rocks in my front yard. I've given them all the tools and opportunity already. My response is to have IoT sensors that alert me to any changes, and an alarm, so two-way protection.

                    I just had a whisky delivery while I was out. The doorbell alerted my phone. I looked at and talked to the delivery guy. He's supposed to confirm an adult is able to receive it and it can't be left outside. I asked him whether opening the garage door would let him meet his legal requirements, and he said yes. Open it, he puts the whisky on the table saw, close it, done.

                    Comment

                    • woodturner
                      Veteran Member
                      • Jun 2008
                      • 2047
                      • Western Pennsylvania
                      • General, Sears 21829, BT3100

                      #13
                      Originally posted by Carlos
                      Wow, what a bunch of make-believe and fear. I have to wonder how you convince yourself of these things? It's fascinating, and people in my office are enjoying this thread.
                      Published research, observed fact, and truth will always be more valid to me than your "bunch of make-believe and fear". You are entitled to your opinions and misunderstandings, but I prefer the documented facts and research.

                      I do find find the varying and variable descriptions of your background and work environment interesting, it appears your reality changes frequently.

                      Regardless, you are entitled to your opinions, and I won't waste any more time educating and scaring you.

                      --------------------------------------------------
                      Electrical Engineer by day, Woodworker by night

                      Comment

                      • Carlos
                        Veteran Member
                        • Jan 2004
                        • 1893
                        • Phoenix, AZ, USA.

                        #14
                        My background has never changed. My work environment and the specific things I'm doing change a lot, as a serial tech entrepreneur. Always tech, networking, telecom, and security though. You've either mistaken me for someone else, or are again just seeing something that isn't there. I had my first paid tech job around 1986 ish (Tandem Nonstop, System/36), and before that, my first mainframe and small computer unpaid work was in 1980 (Vax, Heathkit small computers). I've worked for and done a few startups in networking and video communications/processing. Quite a bit of time contracting to cities and military.

                        For other's education though, you might want to post some links to the things you refer to, so they can learn specific potential threats or the non-threats that people show off as little hacks that have no real-world application.

                        Comment

                        Working...