Making IOT great again
2024-10-24 , Europe - Main Room

We are surrounded, in our daily life, with devices that have a strong link with cloud infrastructure. Those devices, while still completely operational, can become a useless piece of hardware if the vendor stop the infrastructure for any reason.

This aims at discussing how to give a second life to such devices using the practical use case of the EV chargers of the Belgian company PowerDale which went on bankrupt in July 2023.

We will discuss the successes and failures of our journey, how a community of enthusiasts manages to build workarounds and what could be our community contribution.


Agenda

  1. The story of Powerdale EV charger from success to bankrupt
  2. How to regain controls over the devices: success and failures
  3. What all this says to IOT and their (software) lifetime?
  4. Thoughts and conclusions

Powerdale EV charger from success to bankrupt

  • Relatively popular brand of EV chargers in Belgium
  • About 50 000 devices installed in the Belgium
  • Went out of business in July 2023
  • Cloud platform taken over by MyDiego
    • private customers abandoned with no access to their EV charger
    • WIFI connected appliances configuration change to slowest charge speed
    • some installers under heavy pressure to fix unsupported devices
    • ...

Gaining access to device

  • The naive approach (and the failures)
    • open the box search for available ports
    • try to reverse the protocol without a functioning app ;)
    • BLE implementation on PicoW not so easy...
    • ...
  • The success: Google
    • an open-source based on ESPHome was launched by Geert Meersman
    • extend the solution to address needs on a standalone solution
    • build scripts to deploy at scale

What all of this says to IOT?

  • Why the bankrupt was an issue?

    • Authentification on cloud (no cloud, no app, no configuration)
    • No way to configure appliances without mobile application
    • WIFI connected devices could be reconfigured without user consent
  • Is this unique?

    • No... Siemens abandoned its IOT line without notice.
    • Issues with bike in the Netherlands
  • Could we act?

    • Partially...
    • But this shows that a community can bring back to life our devices

Thoughts and conclusions

  • Some idea to avoid such issues
    • Making code to be stored in source code escrow a legal obligation?
    • Forcing vendor to allow local configuration of devices (without cloud authentication)
    • Open APIs
    • ...
See also: Talk slides (2.5 MB)

David Durvaux is active in the incident response field for more than a decade. He has work on many IT security incidents and especially on computer forensics aspects. Since 2015 he is actively preparing the FIRST CTF. David presented in numerous conferences including hack.lu.

This speaker also appears in:

Marc spent his career in the R&D for telecommunication and space systems (mobile networks, optical communications, xDSL...) while working for major companies such as Alcatel and Philips. He held different R&D management positions and retired as CTO of Thales-Alenia Space Belgium. Since them, he is very busy as a volunteer but keeps some free time to tinker with sensors, signal processing and IoT. He is also an expert for EU's European Innovation Council. Marc is graduated in physics from UCLouvain and holds a PhD in electronics and telecommunication from INP Grenoble. He is author or co-author of several patents.