3 nerdy things you can do with Telegram except chatting

You might know Telegram as a messaging app (like Messenger, WhatsApp, Wechat and the likes). Seen the increase in terrorist activity, it’s apparently also the preferred method for terrorists to communicate. But this can never be an argument against a free internet! Leaving politics aside: Telegram also has some very unique features, which will be discussed in this article!

Home automation control panel

If you’re an (electronics) engineer, you’ll probably have thought of home automation. And if you’re like me, you’d probably want to make it all yourself! In this utopian scenario where your house is fully equipped by sensors and actuators, you’d still want to control your place remotely. The sporadic mobile programmers (think Android, because Apple doesn’t seem to want hobbyists to mess around with their hardware) know the pain to set up your toolchain, find a template project and some libraries and then get started on simple HTTP communication. You’re not even making a 2 page GUI yet.

Blynk is an app for IoT tinkerers to create a quick GUI

We’re in need of a better solution! Luckily the IoT is a total hype so there are options. Blynk is one of them. This app allows you to place widgets on the app dashboard that can be tied to some IoT functionality (toggle a lamp). 2 downsides: it’s not entirely free (and as I’m always just tinkering, it’s not worth the money) but also, it ties even your IoT devices into their solution. Maybe you can use standard MQTT, but I didn’t dig deeper.

Another solution is a bit more hackerish, but it’s to use cool features in Telegram! The first and most important: You can create a Telegram bot which is an application that can participate and interact in chats. By running a bot on your own Linux server, you have a clean separation between UI (through telegram) and devices (through whatever you want). My preferred language is Python and I had a bot up and running in no time!

 

Telegram’s custom keyboards are pretty awesome!

Hmm, so we can chat with our home appliances now, but that doesn’t seem very convenient right? “/lamp kitchen on”. In comes a second cool feature: Bots can create custom keyboards on your device while you’re chatting with them. This will allow you to create a menu structure and trigger actions. It’s quite easy to define the keyboard, but keeping track of a multi-level menu is something that you’ll have to do yourself. (I never got to it, but it still appeals a lot to me!)

Knock knock?

That was fun, but what else can we do? You might remember my work on a home NAS/download box. One feature I use regularly is remotely logging in through SSH. This also means that port 22 (the SSH port) has to be publicly available. Hackers absolutely love this because it might provide a way in. Once a script passed by my IP address range, I might be marked as a nice target. So how plausible is this?

A quick check in /var/log/auth.log reveals that it happens frequently! Sadly for them I don’t allow password logins from external addresses (click for bigger)

My poor BeagleBone black is a (well protected) sitting duck! Although there’s 1 more thing we can do: a technique called port knocking. In all its variants, it comes down to: access certain ports in a certain order and with a certain delay to enable port 22 (by default all packets get dropped). Something like “knock port 23 3 times” or “port 21, port 23, port 21” is easily implementable. But to me it still feels security by obscurity. Telegram to the rescue!

 

Mockup of what a Knock Knock bot could look like

Building a bot that has control over the firewall rules (it would need root access), would allow you to simply click a button in the menu and you have can log in over SSH! Maybe it’s even possible to parse a log file for a successful login and disable the port again (ongoing connections stay alive). I kind of almost started with this, but then something even more cool popped up so my focus shifted 🙂

2 factor auth

Ok, this is actually pretty much the same as the knockknock bot. Nowadays 2 factor auth (for services like Facebook or Paypal) give you a pretty good extra layer of protection. It’s usually done by sending a text message to your phone with a unique code. Considering that SMS is a very old protocol you might understand why it’s in fact not that secure at all (get yourself an SDR and start cracking away). We’ll soon start moving away from text messages and have to use apps (Google Authenticator) instead. What about integrating it into Telegram (as a bot?). Or if your own little project is in need of simple 2 factor auth?

Considerations

Before we finish the article, some things you should consider:

  • No way to block connections to your bot on Telegram servers. You’ll have to check locally who’s trying to connect to you. This be a risk for DDOS attackes on your bot. Would be nice if Telegram would have something for this!
  • If your bot wants to do interesting stuff, it probably needs root access. Combining public access + root might need some extra measures!
Share this post
Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn20

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe now