Pocket Science Lab Kit
Summary
The Pocket Science Lab Kit is a small USB-based hardware extension for an Android device or PC, which allows the use of different instruments / functions that are already integrated in the board or can be expanded via external sensors. It is aimed at everyone whether teacher, pupil, hobbyist, student, professor or scientist. The name Pocket Science Lab says it all. The user has a small scientific laboratory in the size of a pocket. The aim of the Pocket Science Lab project is to perceive one's environment better and to digitize the analog world.
Description
This board allows you to measure all kinds of things, assumed you have the right sensor, and it is supported. Basic connectors/sensors are USB, GPIO Connector, UART, Wi-Fi, Bluetooth, I2C and ICSP Programmer. A full list of technical specifications can be found on the datasheet as well as on the PS Lab website. A built-in Oscilloscope, Power Source, Multimeter, Accelerometer, Sensors, Logic Analyzer and Wave Generator can be used right out of the box. A Temperature Sensor, Compass, Barometer and Lux Meter are not included and need to be bought separately.
Functionalities
To control the PS Lab Kit an Android App and PC application are available. From the user-friendly interface a list of various functions can be selected. The functions are listed in the section described above. Each function can record the received input. Therefore, a Rec-Button will appear in the top right corner. The recording can be started by clicking on it and stopped by clicking it another time on it. The menu has a section called: ”Logged Data”. In this section the recording can be found and exported as .CSV file.
Instrument View
Oscilloscope
Multimeter
Sensors
Notable sensors are the temperature sensor, gas sensor and moisture sensor.
Currently the functionalities of these sensors is unavailable for the PS Lab Kit. The Pocket Science Lab Project provides a list of compatible sensors.
LM35: Temperature Sensor
MQ135: Gas Sensor
FR-04: Rain Sensor
Wi-Fi
ESP8266-DevKitC is a small-sized ESP8266-based development board produced by Espressif. All the I/O pins of the module are broken out into the female pin headers on both sides of the board for easy interfacing. Developers can connect these pins to peripherals as needed.
The Pocket Science Lab Kit can be extended with such a Wi-Fi module. Normally an ESP8266 chip would be soldered to the back of the kit to create network connectivity between the board and the Android phone or PC. The documentation for this is currently not available.
Use Cases
The following list consists of some basic use cases of the kit.
Multimeter
Multimeter text.
Oscilloscope
Oscilliscope text.
Exploits
According to the CVE Mitre (Common Vulnerabilities and Exposures) the following four exploits are known for the ESP8266.
CVE-2019-12586
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266-NONOS-SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
CVE-2019-12588
The client 802.11 mac implementation in Espressif ESP8266-NONOS-SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
CVE-2019-12587
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266-NONOS-SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.
CVE-2020-12638
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266-NONOS-SDK devices through 3.0.3, and ESP8266-RTOS-SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.
Attack
The vulnerability CVE-2019-12587 was found in SDKs of ESP32 and ESP8266 and allowed an attacker to take control of the Wi-Fi device in an enterprise network. This was achieved by sending an EAP-Fail message in the last step during the connection establishment of the device and the access point. It was discovered that ESP32/ESP8266 devices update their Pairwise Master Key (PMK) only when they receive an EAP-Success message. By sending an EAP-Fail message to the target device before it can receive the EAP-Success, the device skips updating the PMK received during a normal EAP exchange (EAP-PEAP, EAP-TTLS or EAP-TLS). If the PMK is not updated the target device uses a zero PMK which allows an attacker to hijack the connection between the access point and the target target within radio range. Even in such a situation, the device normally accepts the EAPoL 4-Way handshake which in turn establishes a session key based on this PMK.
Scenario
