There are some evil things out there

[robmac 173]

Worth reading and considering if you are safe.

Please login or register to see this link.

[JanJoh 1]

Worth reading and considering if you are safe.

Please login or register to see this link.

There is a reason why my HC2 cannot connect to the internet at all.

Please login or register to see this image.

/emoticons/default_wink.png" alt=";)" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

[robmac 173]

Not even for upgrades? It is hard to avoid all connectivity.

[rantta 2]

At least there should be firewall on between internet and HCx. Or any device.

But securing your own network is only half of the problem. By attacking against home.fibaro.com you could get access to devices. And even more simple - spoofed DNS-data could get users to install modified firmware with backdoors.

[JanJoh 1]

Not even for upgrades? It is hard to avoid all connectivity.

Whenever i read about a new release, i allow the device access. It is also on a completely separate VLAN from my other devices. Apart from that, i just allow the device to talk to 80 and 443 of some of my other devices for integration purposes.

The same goes for the ethernet-adapter to my alarm system. It too is on a separate subnet, and no traffic to my "internal" networks are allowed from it. Same reason there: I have absolutely no idea what is in that box, or what it can do. All i know is that it runs a SSL-tunnel to a C&C somewhere.

All inbound initiated traffic is either via OpenVPN or IPSec.

[robmac 173]

Good advice to keep it separated and not risk attacks on unprotected ports.

I tend to also limit outgoing to the internet. Not a lot of good to these guys for their evil purposes if the device is trapped in a zone.

[Dalle1985 16]

I use a separate router for all my connected stuff, and none is connected to the internet. I don't use the remote functions anyway and all my controllers are stand alone units not used for anything else. This also means that it doesn't disturb my already busy internet router as 802.11 protocol is actually pretty bad at handling a sea of small packets as is being send between my home control units.

Only stuff that is available for hacking is a weight and a television... And if they want to know what my girlfriend weighs or I watch on the telly, be my guest... No personal information or codes on those devices (well my girl friend might think otherwise, but that is a different discussion).

But in general, I think this is a very good observation and an important thing to consider - especially on components which have some sort of interaction to physical components such as lights, alarms or especially connected deadbolts (which I will NEVER install in my home - access should always require a physical token).