You've probably heard of the Amazon Echo or Google Home. You may have heard of IP security cameras. You probably haven't heard of The Eggminder. However, these devices all have one thing in common--they're Internet of Things devices. The Internet of Things(IoT) refers to the collection devices that connect to the internet that aren't computers of smart phones. IoT devices are quickly becoming mainstays in homes around the world, by promising additional features that their "dumb" counterparts could only dream of providing. However, the rapid increase of internet connected devices gave us(and our advisor, Jeff) some concerns regarding security. We pondered questions like: Is Alexa listening to me and sending that data back to HQ, even when I haven't said the code word? Who is talking to my various smart appliances? How hard is it for a hacker to gain control of my IP security camera? In an effort to answer this questions, we created the LAN Ranger.
The LAN Ranger is a tool for individuals who want to know more about the security of their IoT devices. This application offers two main avenues in understanding the security of a given device. It provides a glimpse of how susceptible a device is to malicious attacks, and through data aggregation, it helps users determine if their device is infected. To learn more, head to our github repository.
There are three networking components that are crucial to the LAN Ranger: (1) Packet Sniffing, (2) Port Scanning, (3) Host Detection
This is the meat of our application and allows us to listen to specific conversations between devices.
Ports are the communication hubs of a device. Each port sends and receives a specific type of internet communication and it is important to know which ports are 'open' for a given device.
Hosts are devices that are connected to the network that your machine is currently on. Make sure the devices you plan to investigate are on the same wireless connection as your machine!
Note: The LAN Ranger is designed for individuals to use on private networks and should not be used in any public setting.