Exploring ways on how to build a modern IoT device network with modern toolset around Kafka and MQTT.

1. Oto Brglez ft. Andraž Sraka
December 2020
Building a modern, distributed real-time Wi-Fi spying system

2. The General Problem - xkcd #974

5. Source: A Case Study of WiFi Sniffing Performance Evaluation; Li, Sun, Barthélemy, Perez, 2020

6. Capture the data => Visualise the results

7. “In the field of security engineering, an oracle attack is
an attack that exploits the availability of a weakness in
a system that can be used as an "oracle" to give a
simple go/no go indication to tell an attacker whether he
or she has reached, or is nearing, their goal.
The attacker can then combine the oracle with
systematic search of the problem space to complete
their attack.”
- Wikipedia on “The Oracle Attack”

8. 1. Build the device
2. Capture the data
3. Process the data
4. Visualise the results

10. V2
1. Build the devices
2. Capture all the data real-time
3. Process the data anywhere
4. Visualise the results in real-time
+Don’t loose ANY DATA
+Modernise!
+Have fun!!!

12. Device mk1: WiFi Pineapple NANO / hak5

13. • Pluses +
• Easy to setup and
experiment
• Good existing support,
tooling and docs
• Low-power consumption
• System-on-a-chip SoC
• OpenWRT
• Good results!
• Minuses -
• Embedded device
• MIPS architecture
• Not enough space
on the device*
• OpenWRT
• Limited antena
• Outdated tooling

14. • WiFi Pineapple NANO
• Raspberry pi 3B+
• USB Power-hub

19. • 4 “custom made” devices
• 2x Raspberry Pi 3B+
• 1x Raspberry Pi 4
• 1x Intel NUC
• Ability to add N-devices
• 3 Architectures - ARMv7,
ARM and x86_64
• 2 Physical locations
• 2 Different OS-es
(Ubuntu and Raspberry
Pi OS)

21. • Event streaming
• Devices emit events
• State is evil* and hard to
scale
• All components in the stack
are resilient
• Network can be down
• H/W and S/W can and will
fail 💥
• Rapid 🐇💨
• Deployment 🚀
• Development

22. “Your database stores the current state of your data. But the
current state is always caused by some actions that took
place in the past. The actions are the events. Your inventory
table is the state that results from the purchase and sale
events that have been made, bank balances are the result of
credits and debits, and the latency graph for your web server
is an aggregation of the stream of HTTP request times.”
- Confluent Blog

24. • Events are immutable
• Easy to reason about
• Easy to distribute => easy to scale easy to partition
• State can always be rebuild
• Change* is just another event

26. • Written in Akka Streams with Scala
• Packaged as Docker Container
(x86_64 and arm32v7)
• Experimentally compiled to native
image with GraalVM*
• Deployed w/ Ansible* 🐍

33. Kafka Connect, an open source component of Apache
Kafka®, is a framework for connecting Kafka with external
systems such as databases, key-value stores, search
indexes, and file systems.

34. <=== 🦄 🌈 🚀

37. “An event streaming database is a particular kind of
database that helps you build stream processing apps.
It consolidates the many components found in virtually
every event streaming architecture.
Almost all streaming architectures today are piecemeal
solutions cobbled together from different projects.
At a minimum, you need a subsystem to acquire events
from existing data sources, another to store them,
another to process them, and another to serve queries
against aggregated materializations. Integrating each
subsystem can be difficult. Each has its own mental
model. And it’s easy to wonder, given all this
complexity: Is this all worth it?”

46. • Event streaming is incredibly powerful ⚡️
• Kafka should be the modern backbone! 🦄
• Consider putting it into the “core” of your system
• Kafka Connectors are easy to setup!
• Scala can be used for IoT agents ✅ 🚀
• Wi-Fi has some “problems”* 😅
• Privacy Ideas 💡
• MAC address randomisation
• Encrypted management packets (new standards)
• Don’t use “public” Wi-Fis

48. • Andraž Sraka
• Jožko Škrablin
• My family!
• Friends @ Geekatrons!

49. bit.ly/oracle-peak
@otobrglez / otobrglez@gmail.com
December 2020