HC2 and google home integration

[Marcusbredenhann 0]

 I have the HC2 and would like to know if anyone was successful in integrating the HC2 with Google home?

[dhanjel 7]

Nope, worked "out of the box"

[ronnyvdb 0]

@Lauri Since Fibaro is lacking any native integration with IFTTT, I like your proposed solution by using web hooks (http requests) to my fibaro hc2.

I do see however the security concern this raises, since it involves opening up your HC2 to the public internet, and also creating a user on the hc2 with access to the devices which should be controlled via IFTTT.

 

From a security perspective there are a few things that we can do to make this more safe:

 

1. Don't open up your hc2 to the whole wide world, but only allow http requests from the IFTTT servers in your firewall towards your hc2:

* This would ensure that attacks only can take place from the IFTTT servers as source.

 

2. The hc2 lacks the ability to secure the web interface with the TLS protocol, hence the username and password which you will be using in the web hooks will be transmitted in http requests in clear text across the internet:

* This can be secured by putting a small reverse proxy device in front of your hc2 which performs tls offloading

 

I have the complete set-up running now, it works blazing fast, and is completely secure.

 

Here's how I did it:

I am lucky since I own a pfsense firewall, which is just an open source firewall based on freebsd which anyone can download and use freely.  Note that this is just a use case with the pfsense firewall, the concept can easily be done with other tools as well.  Like for example a raspberry pi with iptables firewall and nginx reverse proxy.

 

I created myself an account on the IFTTT website, and because it's good practice, I secured my account with two factor authentication.

I installed the HA-Proxy package on my pfsense firewall which is able to perform reverse proxying and tls offloading.    This let's me define a front end HTTPS server, which I can redirect to my hc2 http server.

As a result, I can use secure http requests from the IFTTT platform towards my hc2.   The url which I enter in the web hooks, have a https prefix.  This effectively encrypts the basic authentication which is sent across the internet towards my hc2.  So no clear text passwords across the internet.

 

By using this setup, an attacker would first need to be able to hack my account on the IFTTT platform, which I don't see happening since i'm using two factor authentication for my login there.  

 

The only attack vector left in this story is IFTTT itself ... if an attacker would be able to hack himself into the IFTTT platform, and read out the databases with applet information, they would be able to retrieve the passwords, if these are stored unencrypted in that database off course.  But that would be the same with any native integration with IFTTT.

 

 

 

 

 

 

[Jignesh 0]

On 8/10/2017 at 1:26 PM, grimy112 said:

hello @matt1981 i had try with latest HA bridge and install Jdk8. but can not find devices in my google home. app

 

 

On 8/5/2017 at 4:57 PM, matt1981 said:

yes it is possible.  

Please login or register to see this link.

 here is the video by on the forum users @morpheus75 created that i used to help set up my ha-bridge. his video goes through the whole setup process and the commands to use.  i recommend using the version of ha bridge he uses, as the http commands have changed enough that its quite difficult to find the correct commands. 

 

1.  after you have setup your ha-bridge, you need to install the very first apk verison of google home on your android device, as HUE as changed how the hub is discovered on your network.  

2. once you have the emulated hub paired with google home, you then need to pair your physcal HUE to the emulated HUE.  this is done in the https home page of the emulated HUE. like this diagram below.  

 

all the users that are currently using this with their HC2 like myself and a few others would be happy to help you along the process

 

The Google Home Path looks like this:

Please login or register to see this code.

 

 

@dhanjel Kindly help with set up after installing HAbridge.

I can not search devices in google home.

[dhanjel 7]

You need to manually add the devices/scenes in ha bridge and make sure it is running on port 80, then it should work.

[matt1981 37]

Your lights will not show up in the Google home app like a traditional hue bridge. Once you have everything up and running, everything is edited through the emulated hue bridge ip address via your web browser. 

Edited October 7, 2017 by matt1981
Edit

[Jignesh 0]

@dhanjel  & @matt1981I have done that, My echo is working very fine. but can you guide how to configure for Google home.

[matt1981 37]

You don't "configure the Google home." Once the Google home has been paired with the emulated hue bridge, you have to then add your regular hue bridge 2 through your browser by accessing it via the IP address of the emulated bridge. So the physical hue hub is added like a light. 

[jemichae 2]

On 8/23/2017 at 3:49 PM, ronnyvdb said:

@Lauri Since Fibaro is lacking any native integration with IFTTT, I like your proposed solution by using web hooks (http requests) to my fibaro hc2.

I do see however the security concern this raises, since it involves opening up your HC2 to the public internet, and also creating a user on the hc2 with access to the devices which should be controlled via IFTTT.

 

From a security perspective there are a few things that we can do to make this more safe:

 

1. Don't open up your hc2 to the whole wide world, but only allow http requests from the IFTTT servers in your firewall towards your hc2:

* This would ensure that attacks only can take place from the IFTTT servers as source.

 

2. The hc2 lacks the ability to secure the web interface with the TLS protocol, hence the username and password which you will be using in the web hooks will be transmitted in http requests in clear text across the internet:

* This can be secured by putting a small reverse proxy device in front of your hc2 which performs tls offloading

 

.... 

Thank you for this. 
Currently I have created HC2 users which only have access to the specific device/scene etc which I am calling via webhooks.
Still sending that username/password in cleartext, but at least tries to limit some of the damage..

Not fan of this at all, so will get the reverse proxy up and running quick me thinks.

 

 

 

[Jignesh 0]

@matt1981 sorry brother I am unable to understand your point. can teach me on your preferable time. 

[jompa68 121]

I manage to control same devices from HA-Bridge in my Google Home mini as i do with my Amazon Echo dot. 

I did install and setup Yonomi in my Google home app and when Yonomi scan network it will find the HA-Bridge and all devices are imported.

 

 

Please login or register to see this attachment.

Please login or register to see this attachment.

Please login or register to see this attachment.

Edited April 3, 2018 by jompa68