Photo by Adam Engst
Wireless Sensor Tags Protect Against Freezer Failure
In my garage sits a 20-cubic-foot chest freezer, large enough to hold a side of beef or an entire pig—cut and wrapped, of course—along with frozen fruit, vegetables, and more. We bought the freezer when we moved from Seattle back to Ithaca in 2001, which means, somewhat shockingly, that it’s now 17 years old.
It needed a repair a few years ago, which we learned about after returning from a trip and discovering that some bags of veggies were soft. Luckily, it was as empty as it ever gets at that point, and the few larger cuts of meat were still sufficiently frozen, so we didn’t lose much.
But I have long worried about the freezer. We buy meat in bulk from a local farmer because the quality is excellent, we like supporting both the local economy and farmers who practice sustainable farming, and the price is incredibly cheap—think $5 to $6 per pound for every cut, including prime rib and massive ham roasts. (I’m a tech guy now, but I grew up on a family farm, raising cows and pigs and chickens and turkeys, so this is a familiar Old MacDonald world for me.)
The meat may be inexpensive by the pound, but it’s still a large up-front cost—$500 to $1000. Plus, a lot of work goes into picking and processing all those blueberries, strawberries, rhubarb, and peaches. So we have a lot to lose if the freezer were to fail. Freezers aren’t particularly expensive, and we could probably get it fixed or replaced in a day or two, but how would we know it had lost its cool? And would we discover it before the steaks got soggy?
Monitoring Temperature with the Wireless Sensor Tags
I’m no longer all that concerned, not because of any particular confidence in the freezer’s reliability, but because I’m using the Wireless Sensor Tags system from Cao Gadgets to alert me with an iPhone app if its temperature rises too high. Similar sensors now live inside our refrigerator and its built-in freezer too.
I came across this wonderfully practical solution back in 2016 while searching to see if Apple’s HomeKit technology could help me. It couldn’t then, and I haven’t heard of any such HomeKit-compatible temperature sensors since. But I decided that HomeKit compatibility wasn’t important since I don’t want to trigger automatic actions based on reports from these sensors or have them interact with other devices. All I want are notifications when the temperature gets too high.
(When I asked Cao Gadgets about future HomeKit compatibility, they said that Apple’s Made For iPhone/iPad (MFi) program requirements were prohibitively expensive and that the software approach—the HomeKit Accessory Protocol Specification—is either only for non-commercial products or MFi licensees, which seems to be true.)
The sensor tags are about 1.5 inches (43 mm) square, and they’re made of white plastic, with a hole in one corner. If you pop one open, you can see that it holds just a tiny circuit board and a CR2032 battery. They communicate via radio frequency to a small base station—the Ethernet Tag Manager—that connects to your router and thus to the Internet. It doesn’t use Bluetooth or Wi-Fi, but rather a proprietary frequency with superior range, wall penetration, and power consumption. Battery life is advertised at 1 year, although I think I’ve gotten more like 9 months.
The Ethernet Tag Manager costs $39, and each of the three wireless sensor tags I bought was $26, for a total of about $120. These particular tags can sense temperature changes and motion—if I wanted, I could have them notify me whenever one of our appliances was opened, but since we don’t have a midnight snack bandit, that seems unnecessary. I can’t comment on the motion sensor capabilities, but I suspect they’re generally reliable given my experience with temperature monitoring and the associated app. They can also beep on command, so you could attach one to something small and then use the beep to find the item if it went missing.
Cao Gadgets makes other sensor tags, too, including one that detects moisture. I’m considering putting a couple of those near the dishwasher and in our utility room where all the plumbing for the house and our geothermal system comes in. Although our house is on a slab, so there’s no basement to worry about, it would still be bad if a pipe burst when we weren’t home. A friend’s parents once turned on their dishwasher before leaving for a two-week vacation—a water line failed before they boarded their flight, and two weeks worth of water flowed in, damaging floors, furniture, and even the foundation. To add insult to injury, they also got a huge water bill. Another friend has installed one of these moisture sensing tags next to his basement sump pump pit to alert him if the pump can’t keep up with a heavy rainfall or dies entirely.
Setup & Usage
Setting up the Wireless Sensor Tags system isn’t hard, but it can be a little fussy, since you must first make sure the Ethernet Tag Manager can communicate through your router. I had some problems until I configured port mapping/forwarding for port 6667 in AirPort Utility. Cao Gadgets has a lengthy support document with suggestions like this.
The rest of the setup and management takes place in the utilitarian WirelessTag iOS app, which provides a sometimes dizzying level of flexibility. Cao Gadgets provides a concise guide to setting everything up that’s worth following, although the basics are simple enough. (There is also a Web app, should you prefer to perform some of the setup and management from your Mac.)
In brief, you associate each new tag with your Ethernet Tag Manager, name the tag, and optionally give it a picture to help keep your tags separate in the app. Once you’ve done that, you’re ready to configure temperature monitoring.
You also want to set how often the tag should update, along with notification options for low battery and out-of-range conditions. You can set these options for each tag individually, in the tag’s own screen, or for all the tags at once from the WirelessTag app’s Home screen.
Once you’ve configured each tag, you can put it where you want. Make sure to position it in a spot where the temperature won’t fluctuate too much merely from the door opening. I don’t recommend attaching the tags permanently because you will need to pull them out to replace the batteries every so often. (If you want to use the tag’s motion-sensing features, you will need to affix it to a door or other object; velcro might be the best approach.)
You may be surprised at how much the temperature in your appliances varies, and the ranges may even change with the season. Our garage freezer cycles between -5ºF and -14ºF (-20ºC and -25ºC), and as the weather has gotten warmer, its temperatures have actually dropped, presumably because it’s working harder for longer. (Although the most commonly recommended temperature for freezers is 0ºF (-18ºC), foods maintain quality longer at somewhat lower temperatures.)
When you first start looking at the WirelessTag app’s temperature charts, which you can do individually by tag or all at once, you also may discover that you need to adjust your appliances’ settings for optimal temperature ranges. Since these settings are often controlled by simple dials marked from 1 to 10, it can take a few days of experimentation to get freezers to around 0ºF and refrigerators to between 34ºF and 40ºF (1ºC and 4ºC).
Luckily, the WirelessTag app lets you set upper and lower ranges—it’s generally easier to tap the numbers and type new ones than to use the sliders—and a threshold window outside which you’ll be notified. It takes some time to get your appliances set properly, and the ranges tweaked, so you’re notified only when appropriate. You don’t want to get a notification every time the fridge is opened and warms up slightly, for instance, since it will cool itself back down quickly. But you do want to know if the door didn’t quite close, leaving the lights on to heat the inside.
(I just bought some LED light bulbs to replace the stupidly hot incandescent bulbs in our fridge. It’s not the door being open a crack that’s the problem; it’s having two 60-watt light bulbs kicking out heat. I almost burned my fingers trying to get one out. The LED bulbs are much cooler and use a tenth of the power.)
After you’ve gotten both your appliances and the temperature ranges set correctly, the Wireless Tag System fades into the background, at least until something goes wrong. Since our fridge door doesn’t close all that reliably, I’ve gotten lots of notifications that tell me it needs to be given a shove. One even came through when we were away and had a housesitter who wasn’t familiar with the door—a quick text message solved the problem.
You may go weeks or months without hearing from the WirelessTag app, assuming everything is working correctly. That’s almost dangerous, since I’ve seen a few situations where something prevented a tag from communicating or where the app ended up in an odd state, such as after switching to a new iPhone. None of these situations were hard to recover from, but they did require checking in on the app. For that reason, I strongly recommend having low battery and out-of-range notifications sent to you via email as well as via the app.
One tag did fail, after about 16 months. I got a low-battery notification and then an out-of-range notification, but replacing the battery didn’t enable it to connect again. After running through all of Cao Gadgets’ troubleshooting suggestions, I contacted the company, and they nicely offered to repair or replace the tag if I sent it back, even though it was out of warranty. The replacement tag has worked fine since.
The Wireless Sensor Tag system may not be the sexiest form of home automation out there, but for my money, it’s among the most useful and practical. And while my usage has focused on temperature monitoring, it’s clear to me that it could do a lot more. So if you have any situation where you want to monitor temperature, moisture, motion, or light, check out the Wireless Sensor Tag system.
We have a large freezer, and its door has been left open more than once. This would be a good solution. Did you look at any competitors?
This could be what I’ve been looking for.
Quick question to which I could not find an answer on their web site: are the data downloadable? I’d like to be able to track temperature etc. and place the data in a spreadsheet for further analysis.
At the time, I didn’t find any competitors. A search now reveals
Which looks awfully similar. There are more dedicated devices for this task, but they tend to be aimed at commercial installations.
I’m not sure exactly how to accomplish this, but their site says: “You can also download the entire captured raw data as one CSV file for custom processing.”
Thanks! I missed this.
I would expect the battery for a device inside a fridge or freezer to not last as long because of the cold. As long as the low battery warning works, it shouldn’t be a problem. And kudos to them for using user-replaceable, common batteries instead of something proprietary and/or in a sealed case.
A sensor for a sump pump may be the most valuable, least sexy smart home product.
For people who are interested in this more for curiosity than to avoid a significant financial loss, I’m sure there are many DIY examples online that combine a sensor, a small microcontroller, wireless communication (WiFi, Bluetooth, or something designed for this use-case like ZigBee), and a battery.
I was excited about this right up until the point you showed having to have an incoming TCP port 6667 mapped on your router. Is this really needed? I read the support FAQs you linked to and none of the articles mentioned having to do this (two said you need outgoing TCP 6667).
From a security perspective I would be very wary of having a <$50 device accepting incoming TCP connections from the Internet - this would allow any security vulnerability to be remotely exploited.
Anything is possible these days with regard to IoT devices, but if you want it to be controllable or able to alert you from the Internet, then it must be able to do so through an open port. Although http port 80 is probably the most common, using a different port doesn’t really make you more or less vulnerable to attack. You have to either trust that the device isn’t doing anything malicious out of the box or not. The rest is mostly up to you to make sure any password required to make changes to the device is strong and changed from default.
Err - I think you misunderstand. The issue is having an open INCOMMING port to the device. Almost all IOT devices work by connecting OUT and thus are protected by the inherent security of your border NAT router. It is very unusual and much less secure to have an open incomming port exposed to the Internet.
According to Trend Mirco’s Network Scanner https://itunes.apple.com/us/app/network-scanner-wifi-security/id1103147103?mt=12 three of my IoT devices have open incoming ports. Two are port 80 and the Smart TV is 3000.
That’s incomming to the device from the LAN - I’m talking about Incomming from the public Internet which would require port-forwarding (if you are using a NAT router).
Hmm, I hadn’t thought about it just being outgoing, since all the port mapping I’ve done in the past has been both incoming and outgoing. AirPort Utility won’t let me click the Save button in that dialog unless both the Public TCP Ports and Private TCP Ports fields are filled out. Is there any way to configure just outgoing in AirPort Utility?
Isn’t default that routers always allow outgoing unless specifically blocked? I thought port forwarding on AirPorts was essentially to open up for incoming traffic. I never opened 80, but my all my devices’ browsers can always reach arbitrary websites.
I can’t remember the details now, since I set this up so long ago, but the port mapping was necessary to make it work. In this case, I don’t think there’s a huge security risk, since the port is only opened to that particular IP, and that device doesn’t have many (any?) other capabilities on the network, apart from hearing from its sensors.
Some routers will let you specify which local IP address traffic from any given incoming port is directed to, so although the port is open, incoming traffic on that port would only go to the tag manager.
I believe that is referred to as a DMZ.
I suppose the specific worry is not that the device itself can do much, but that it can by design access any other clients that are on the LAN since they’re on the same subnet with no firewall in between. Your LAN clients are normally protected from the WAN through the firewall on your AirPort. But if you open up an external port to your device for incoming traffic that means there is now a possibility for an arbitrary WAN machine (the bad guy) to connect to any of your LAN clients through that one open port if that intruder can hack your device. Since IoT devices are usually cheap closed-source hardware it’s difficult to convince yourself that the level of risk you’re exposing yourself to is acceptable.
@Simon has explained the issue clearly.
Port forwarding is when you allow an incoming TCP connection to be initiated from the public Internet to a LAN side device. Almost all NAT firewalls/ routers allow outbound connections - so you don’t do outbound port forwarding. If the sensor hub is not security hardened then an attacker could quite easily exploit a flaw and connect to anything else on the LAN (NAS, Mac etc…).
You should only every have “raw” incoming traffic opened up to devices that are built with good security and receive regular security updates (say a Synology NAS).
My original point was that according to the documentation “inbound” traffic is not required so it should be possible to remove the port forwarding and it still work. If you think about it - the hub just needs to connect out to upload the data, there is no requirement for the cloud service to initiate a connection “in”.
If anyone is interested in seeing what ports they have open to the internet you can run this test:
The scan is done from the GRC server on the Internet so tests what your router has open on the WAN side (i.e. it does not test from the LAN side.
That gives an invalid link for me. A better one is: https://www.grc.com/shieldsup.htm
For what it’s worth, the Shield’s Up test showed port 6667 on my system as “stealth” and not “open” or “closed,” which Gibson claims is the best. In tests of common ports, a few others show up as stealth and most are closed.
I’ll have to see if I can remove that port mapping and continue to have the Wireless Sensor Tags keep working…
And the answer is: yes and no. When I eliminated the port mapping, I lost access to the system via the Web client at https://my.wirelesstag.net/eth/. Not surprising, of course, since it would need to communicate in to the Ethernet Tag Manager, and would thus need port 6667 open.
However, I pulled a tag out of the fridge, warmed it up in my hand for a few seconds, and then forced it to update via the WirelessTag app. It promptly told me that that the tag was too warm. This also makes sense, since the tag is communicating to the Ethernet Tag Manager, which is then pushing the information out to the Internet and back to the app.
So if I had to say right now, without more involved testing, I’d say that the port mapping may be one of those things you need to do right off to get things set up, but once things are set up and working, if you don’t need the Web client, you should be able remove the port mapping entirely.
If I notice any problems going forward, I’ll report back.
In principle you can mitigate the security risk of opening up that incoming port by setting up the router in such a way that it does not allow the IoT device to communicate with any other LAN devices on any ports. That way, even if an intruder were to able to hack it, they cannot then use it against your LAN clients (it could in principle still be used against WAN clients, think botnet).
Alas, I believe this is something AirPort software does not allow you to do. IIRC you cannot set it to pull up a firewall between one LAN client and all the others. You’d actually have to resort to using two entirely separate LANs where one exists only for the IoT device and the other is your actual AirPort network for your Macs, iOS devices, etc.
Couldn’t you just put it on your guest network? That way it would be isolated from the rest of your computers, but still connected to the internet. That’s what I do for my smart thermostat.
I don’t think you can open up a port for incoming traffic to the guest network. I think Adam’s issue is that basically his IoT device needs to be reachable from the WAN. That requires opening up a port to that device.
Indeed. @Simon is right. The Ethernet Tag Manager is on my Ethernet network, and doesn’t do anything via Wi-Fi, so the guest network won’t help here. But using it for IoT devices that do connect via Wi-Fi is a smart security approach. @jcenters—would using the guest network be a good thing to do for your Wyze Cams?
The guest network would need to be protected by a strong WPA2 (soon to be 3) password to prevent it being used to spy on your home, which is generally speaking the biggest abuse observed of such devices. That’s good advice for any guest network, of course.
A 3 router solution might be best. The initial router (often supplied by the Internet carrier) should have Wifi turned off. Then 2 more routers each with Wifi on, one for computers/iOS/smartphones and the other for IoT devices. This is to keep IoT crap separate from your regular network. The reason for this setup is that for many routers the guest network traffic is not kept completely separate from the regular network. There are routers that are good at separating traffic between he different networks they set up and wouldn’t require this 3 router setup.
I was excited about the temperature wireless tag on reading this article and recently bought one of these devices. I subsequently read elsewhere that support is non existent and I have to concur with that. To do anything with this device one needs a serial number yet there is none to be found, not on the device nor on any documentation and to log onto support where I was hoping to ask the question… you need a serial number. So far no response to email and no response to the “chat” on Cao website. Destined for the bin I suspect.
I’m surprised and dismayed to hear about your support experience since I’ve had very good support from them—quick email responses and the offer to replace a dead tag even out of warranty. I’ll see if I can get in touch with them.
Thank you for your quick reply
A quick look at Amazon seems to indicate that I am not alone in my experience
It would wonderful if they could contact me
Looks like I don’t have an email address as such, since I used their online ticket system and heard back promptly. Is that what you’re saying needs a serial number?
My original order message says you can also get into it via [email protected]—it recommends putting your order number in the Subject line.
yes , I need a serial number to create an account to use the app on my iPhone.
I’ll send an email to [email protected] and see how that goes. The original email I received from them said to sent it to [email protected] , no reply to that sent several days ago.
I just checked, and there’s a sticker with the serial number on the bottom of my Ethernet Tag Manager (the base station for the sensors).
I use their outdoor moisture sensors and they just work but it took a while to work out on the website that you needed the base station as well.
It really doesn’t help that you couldn’t order the tags and the base station in the same order, it made it very unintuitive.
Once the packages arrived though deployment was trivial, it would be nice if getting the data out and into other ecosystems was less painful but they have an API and are the only game in town as far as I could see earlier this summer.
My application is for garden irrigation and currently it is mostly being used to check levels manually rather than direct integration into OpenSprinkler, that might happen next year.
Just got email from the Wireless Sensor Tag people with news of a new sensor: a 3D-accelerometer-based tag that’s better at sensing motion. I continue to use and like these sensors.
Join the discussion in the TidBITS Discourse forum