Review of Qotom Mini PC j1900

Qotom Mini-PC (right), next to AT&T UVerse Router, Phones, and ATA.

Recently, I was running out of processing power on my Raspberry Pi 3.  I was running Asterisk PBX, OpenVPN Server, and several sensor monitoring and MQTT applications.  I wanted to add MySQL Server, but figured that might be pushing things.

My first thought was to run an old desktop PC.  However, I was a bit short on physical space, and didn’t really want a large desktop box.  So I started researching mini-PCs.  I wanted something as powerful as a low-end PC.  Something that didn’t take up much space, and with as few mechanical parts as possible.  After researching what was available, I decided to go with a model made by Qotom.  The model I purchased has an Intel quad-core processor, and 8GB of RAM.  Just like a desktop.  A big plus is that is has 4 Ethernet ports.  That could be useful if I decide to make my own router some day.

This mini-PC consumes a maximum of 10W of power.  This is significantly less than a classic desktop.  I had an old quad-core desktop with comparable specs.  I measured its power consumption – it varied from just over 40W when idle, to over 80W when running CPU-intensive tasks.  The Qotom has no moving parts.  There is a large heat sink in place of a fan, and the hard drive is solid state.  I wondered, though, if a heat sink and no fan would actually keep the device cool.  Turns out, it does.  Here is a thermal picture:

Thermal Image – Qotom Mini-PC (right), next to AT&T UVerse Router and phone.

 

 

 

 

 

 

 

 

 

As you can see, the temperature of the mini-PC (while running Asterisk, OpenVPN, MySQL Server, and several other applications) is around 86 degrees.  This is about 15 degrees warmer than the ambient room temperature, and is comparable to the temperatures of other electronics such as the router and phone.

I created installation media for Ubuntu Light Linux (Lubuntu) using a standard USB thumb drive.  The operating system installation process was almost identical to that of an ordinary PC.  I connected a monitor and Ethernet cable, plugged in the USB keyboard, mouse, and thumb drive, and proceeded with installation.  Because of the SSD hard drive, it actually went faster than on an ordinary desktop PC.  In under an hour, the software, as well as all live updates, was installed.  Initially, the machine booted up to the desktop GUI.  Once I installed OpenSSH to allow me to access the computer through secure shell, I disabled the GUI, and disconnected the keyboard, mouse and monitor.  I then proceeded to install the other software I needed using the command prompt on a remote terminal.

This machine has performed flawlessly for me over the past week and a half.  Not only does it save space over a desktop, but it also saves money on electricity.  If you assume (conservatively, based on my measurements above) that a desktop PC consumes an average of 50W, this setup saves 40W.  That adds up to about 30KWh saved in a month.  If electricity costs 10 cents per KWh, that is a savings of around $3 a month, or $36 a year.

A mini-PC such as this is too specialized to be just walk in and buy at retail stores like Walmart and Best Buy.  It is available on Amazon, for around $200.  If you are an Amazon Prime member, it probably makes the most sense to buy it there, so you can get it in two days.  Actually, in my part of the US there is free one-day delivery for this item.  In fact, I ordered this on Sunday evening and had it by noon on Monday.  If you don’t have Amazon Prime, then eBay may be your best bet for purchasing this.  Some computer specialty stores may also be able to custom-order it, but this would likely be the slowest option.

Disclosure: I am not associated with the manufacturer of this mini-PC, nor any of the retail outlets mentioned above.  I am not being paid by anyone for this blog post – I simply wanted to share my findings and recommendations.

 

How to tell if your IoT devices are vulnerable to hacking

How can you tell if your IoT devices are vulnerable to hacking, despite your best security efforts when setting them up?  There is no way to be 100% sure.  But there are a couple of checks you can do easily that will detect many common issues.

Shodan

First, there is a site called Shodan (shodan.io).  Much like search engines such as Google and Bing do for web sites, Shodan regularly scans the internet for exposed IoT devices, and makes the results searchable from a web page.

To see what Shodan has for your home network, you first need to know your IP address.  For the sake of this article, we will concentrate in IPV4.  Although hacking though IPV6 addresses is possible, it is presently not widespread for technical reasons.  You can get the IP address of your home network by browsing to the following site: ip4.me.  When you visit this site, you will see an IP address in the format “111.111.111.111” displayed.  You should write down this address, or, better yet, copy it to your clipboard.

Now visit the shodan.io site.  Type or paste in the IP address you found above, and click the “magnifying glass” to search.  Hopefully, you will see results that look like this:

 

 

 

 

 

The above shows that no information was found for the IP address entered.  That is a good thing.  If you see something else, such as the following, there may be a problem.

 

 

 

 

 

 

 

 

If you see something like the above, there could be a problem.  I say “could” because there are legitimate reasons that services can sometimes be exposed.  But it’s certainly something that may warrant further investigation.  Talk to your “geek” friend, or someone else knowledgeable about IoT security if you see something like this.

One thing to keep in mind is that Shodan does not scan sites in real time.  Just like it may take days or even a week or more for a new web site to appear on Google or Bing, it may take a similar amount of time before Shodan is updated.  So when connecting a new IoT device to your network, it’s good to check Shodan again in a week or two to make sure it still shows no results found.

HaveIBeenPwned

Another useful site is haveibeenpwned.com.  This site allows you to search for your email address to see if it appears in any publicly released (such as by the company that was compromised) list of addresses. As I mentioned before, you could have a perfectly secure IoT device. But if the company that operates the device is hacked, or another company you do business with is hacked and you used the same password, your device is still vulnerable. Most people have had at least one of their accounts exposed at one time or another. For example, here is what I see for myself when I enter one of my email addresses:

 

 

 

 

 

 

As you can see above, two business sites I have accounts with were hacked.  Fortunately, I never re-use passwords, so the only thing I needed to do was change my passwords on the affected sites.

Good results from the above two sites does not guarantee that your IoT setup is secure.  But it is a good first check.

 

 

Is Microsoft Spying on Word Document Content?

Something Strange

Last fall, I was monitoring outbound traffic from IoT devices on my home network using Wireshark.  When I looked at the captures later, I noticed something strange.  There appeared to be web browsing activity to https sites.  I had deliberately avoided any web browsing during the testing period, so why was I seeing what appeared to be web browsing activity?

When I checked the IP address the traffic came from, I noticed it was my Windows 10 desktop computer.  I knew I had not browsed the web there.  The only thing I had done during the monitoring time was to edit a document with Microsoft Word.  So I decided to investigate whether perhaps Microsoft Word itself was doing the “web browsing”.

I started Wireshark on my desktop PC.  The only traffic I saw was the normal background noise of any network – neighbor solicitation, ARP requests, and the like.  Then I opened up a document using Microsoft Word.  Suddenly there was a flurry of activity, including https traffic!  Here is a screenshot of a portion of what I captured (here is a link to the full-size image):

 

 

 

What is going on here?

This is just a small portion of data exchange that occurs when I open a document in Word.  As you can see, a significant amount of data is being exchanged.  In one packet alone, over 6kB of data is being sent to the site “prod.roaming1.live.com.akadns.net”.  We can’t tell what data is being sent, because it is encrypted with Transport Layer Security, the same technology used to exchange information with secure web sites (those that have a URL beginning https://).

Research reveals that “akadns.net” is Akamai Technologies, a Content Delivery Network (CDN).  Such networks allow for high performance distribution of content.  Companies needing to provide efficient data exchange for high-traffic applications can pay a CDN to host their data, much as an individual or business often pays a third-party company to host their web site.  The “live.com” portion of the site provides a clue as to who this hosting is being done for.  Looking this up using the standard “whois” command (in Linux) reveals the following:

Registrant Organization: Microsoft Corporation
Registrant Street:
Registrant City: Redmond
Registrant State/Province: WA
Registrant Postal Code: 98052
Registrant Country: US
Registrant Phone: +1.4258828080
Registrant Phone Ext:
Registrant Fax: +1.4259367329
Registrant Fax Ext:
Registrant Email: domains@microsoft.com

This makes perfect sense.  I am opening up a document in Microsoft Word, and data is being exchanged with an a CDN that is serving Microsoft.

So is Microsoft spying on me?

I can’t know for sure, because the data being exchanged is encrypted.  I do know that a significant amount of data (measured in kilobytes) is sent every time I open a Microsoft Word document.

There are certainly other valid reasons why data could be being exchanged.  My first thought was a license check.  Microsoft might be verifying that my copy of Word is properly licensed.  However, the data is exchanged each time I open Word.  Presumably, a license check would only need to be run say once a day at most.

Perhaps Word is just checking for software updates.  Data would need to be exchanged in both directions to do this.  However, I would again question why a software update check would need to happen every time Word is opened.  As with a license check, it would seem that once a day would be more than adequate.

Perhaps someone else knows more

I’ve done a fair amount of searching on the web, and have been unable to find much discussion of what data Microsoft Word exchanges over the internet when it is opened.  I have seen a few discussions from network administrators who describe how things break when access to the CDN site is blocked, but that’s about it.

If any of my readers know more, I’d be interested in hearing from you.  Or perhaps you have a different setup, and the ability to capture network data.  I am running Office 365.  It would be interesting to compare notes with someone running, say, the stand-alone version of Microsoft Word.  Please use the comment feature of this blog so others can see the information as well.

Conclusion

I’m certainly not saying that Microsoft is spying on the content of my Word documents.  I don’t know what they are doing, because the data exchanged is encrypted.  I do know that a pretty large exchange of data (many kilobytes sent and received) occurs each time I open Microsoft Word.