Why no open source IoT Firmware?

Dans les entrailles urbaines / In the urban bowels

The IoT (Internet of Things) is taking off. We’re coming up with all kinds of internet connected devices. Many of these devices are simply computers with interesting sensors and controllers attached. At Sensr.net we think mostly about IP cameras, which are a specific kind of IoT device. But that Nest thermostat or the Amazon Echo speaker are also examples of IoT devices.

These days most IP cameras will connect to your internet via WiFi or Ethernet and allow you to view and control the camera remotely. Many of these cameras include a P2P (peer to peer) feature that allows you to view the camera directly even if you don’t open your firewall. This is a neat trick which is accomplished by having the camera keep open a connection back to some well known server. When you want to connect to your camera, you’re really connecting to some remote server (in China maybe?) that then does some network magic (see STUN) and lets your smartphone app connect to your camera through your firewall.

That nice P2P feature is pretty great, but it also means that there are servers out there on the net that can get inside your home network. Where are those servers running? Who’s job is it to make sure they are secure? Who has access to those servers and thus your network and even your cameras?

All your cams are belong to us

Mostly we’re pretty cavalier about connecting cool new gadgets to our networks. Maybe we shouldn’t be. It seems like there ought to be some way to make sure the devices you trust are actually trustworthy. How can we be sure that our security cameras are actually secure? (Warning: They probably aren’t.)

Truthiness in our firmware?

All these devices run an operating system of some kind embedded down in their firmware. What if we created an open source firmware that we could trust? We could buy fun cheap hardware from our friends in China but then install our own good old open source code on that hardware instead of trusting the glop that came on it. Don’t want your camera connecting out some potentially compromised P2P jumphost somewhere? No problem! Just install your own firmware and configure your own jumphost or maybe one run by a company you trust. (This could be a new business opportunity for Sensr.net maybe…)

You say tomato

There is one successful example of this, the DD-WRT software that runs on a large number of routers.  There are a bunch of open source firmwares out there. Why can’t we have one for cameras? Or more generally IoT devices?

All together now

If you’re interested in joining an effort along these lines, drop me an email or contribute to the project on Github: https://github.com/sensrnet/sensros

There are lots of cool things that could be built into this firmware.  Imagine the machine learning projects or advanced image recognition that could be built into something like this. More basic things could be done too, like reference designs for ONVIF or PSIA.