Network Security: A guide to securing your IoT home

greg · May 1, 2015, 7:27pm

I always thought it was “you don’t have to shoot the bear. Just shoot the guy next to you”

tslagle13 · May 1, 2015, 7:28pm

Texan proverbs

matt · May 1, 2015, 7:56pm

Greg, you, uh… might be doing it wrong.

surfous · May 1, 2015, 11:22pm

Adapting this to the topic at hand, a potential intruder isn’t likely to hack your network to use your HA to open the door (to the point where the FBI doesn’t even keep stats on this, if I recall correctly). They probably won’t even attempt to pick the lock. More likely is a bump-key attempt (if they’re going for subtlety), kicking in the door and bypassing the lock entirely, or entering through a window and bypassing the door entirely.

Although if an attacker is dead set on flipping the lamp to the left of your sofa on and off at will, they may go for the more technical means.

JDRoberts · May 1, 2015, 11:36pm

Different criminals, different targets. For example, there is a neighborhood about 5 miles from me where Mail gets stolen out of the mailboxes all the time. Doesn’t happen in my neighborhood. The difference is the other neighborhood is much wealthier, and their mail is more likely to be worth stealing.

The worst neighborhood in terms of hacking is one with affluent bored teenagers. You even see drive by hacking, where they drive around until they find an unsecured Wi-Fi signal and then just play. Maliciously. Clockwork Orange mentality.

Addicts who need to find something to sell are not going to pay any attention to your Wi-Fi network. Techno punks may, and they’ll likely go for targets of opportunity.

So lots of variation.

surfous · May 4, 2015, 6:22pm

True that, @JDRoberts.

Although this is really meandering from the original topic (apologies, @tslagle13, I promise to stop it here), your last post reminded me of this recent article in the NY Times by Nick Bilton about a vulnerability in cars that use transponder fobs instead of keys or traditional remotes for locks & ignition: Keeping Your Car Safe From Electronic Thieves

There are a number of factors that contribute to the phenomenon described in the article, not the least of which is where a person parks in proximity to both where they spend enough time to become a victim and to where someone with preparation and intention to perform this exploit. But clearly some folks’ activity check all the boxes, and, as you said, become a target of opportunity.

JDRoberts · June 21, 2015, 9:09pm

I just wanted to mention also that you can buy additional security simply by using isolated networks.

I don’t use SmartThings for my home security. That’s a completely different system, not connected to my home wifi.

I have one wifi network used for VPN stuff.

I have a completely separate network for unimportant stuff, like Netflix, and, at my house, home automation.

So my hue bridge and SmartThings are not connected to the same computer or same wifi network I do my secure stuff on.

A lot of people don’t care about taking things to that level, and don’t want to hassle with multiple networks.

So I’m not suggesting most people will do that, just saying if you are worried about home automation being a breach point, that one’s easy to fix by putting it on a separate network altogether. There’s a dollar cost, but it’s easy to do.

Jason_Fay · June 23, 2015, 8:19pm

I don’t know a whole hell of a lot about network stuff beyond changing passwords and accessing the router via its IP and whatnot. I’ve never created a VPN, but would there be some value to doing so? Additional security for ST and secure access from remote locations?

My ST hub should get here Thursday and then I get to really play. Stupid Wink is a child’s toy.

tslagle13 · June 23, 2015, 8:24pm

Overkill IMO. Let STs secure your external access and you worry about the other stuff:)

Jason_Fay · June 23, 2015, 9:29pm

Really wish ST was fully offline except for software updates and could be hosted by a home server. I guess 2.0 will do some of that, but not all…

Would you amend your answer in regard to 2.0?

JDRoberts · June 23, 2015, 10:00pm

As yet we don’t know any of the exact details of what hub 2.0 will or will not do with regard to local processing. Just hints. So no way to evaluate it until more is known.

schapper05 · February 12, 2016, 4:24pm

Edit: Sorry for the barrage of links, just trying to get the comments over here in the right topic, but I did it wrong I think =/
Edit 2: Should be in timeline order now.

Continuing the discussion from Bloomsky Weather Station:

Bloomsky Weather Station

The only problem with that idea is your modem. I think the ISP usually has a certain level of access to it; especially if it is an ISP-provided one.

As with anything, there are levels of concern for different things. Sometimes, it’s more hassle than it is worth to act on our privacy concerns. Sometimes, there’s just really nothing we can do about it, and we have to just accept things the way they are. Other times, we figure out a ways of mitigating such risks.

In the case of the ST hub, I hadn’t actually committed to that particular one yet, but I’m thinking about it now. I guess, since everything goes through the cloud anyway (V1), I could have it on a ‘Guest’ network and never see any difference other than knowing that I’m safer (marginally, but it is what it is; one more area where I could improve my firewall). I will be looking into it now. Thanks for the reminder.

Continuing the discussion from Bloomsky Weather Station:

sgnihttrams · February 12, 2016, 4:43pm

@keltymd
I’m not sure if it’s just my brain or your text, but it seems like you said it two different ways here (in the first sentence, the lower one is connected to ‘theirs’, but in the second sentence, you have the ‘upper’ one connected to theirs).
Any chance you could say it again?

keltymd · February 12, 2016, 4:56pm

lets make it visual

sgnihttrams · February 12, 2016, 4:59pm

I assume it depends on what kind of equipment I have as far as whether or not this is even possible, right?
If I do have what it takes, I will do this soon.
If not, I will put ‘Router Replacement’ higher on the priorities list.

keltymd · February 12, 2016, 5:00pm

all you need is two routers in addition to what the ISP give you. Then you can make a DMZ that they dont have access to and anyone wanting on your network from the internet has to crack three total routers Cable companies, your upper and your lower

SBDOBRESCU · March 1, 2016, 4:26am

Hey Tim, I know you recently mentioned this on the BloomSky thread, so I thought I give it a try and to my surprise, disabling the ssid broadcasting made my connection go nuts! How can you explain this? The trend on the left is my undisclosed ssid, once I turned it back on, my connection stabilized instantaneously. Thought I’d share, in case anyone attempts to do this and doesn’t know what caused the wifi to act up…

Smurfkiller · October 24, 2018, 2:48am

Alot of good information on here but i was expecting Security regarding Smartthings.

Does the Smart Home Monitor Security feature arm itself ARMED(AWAY) if everyone is away and does it go to ARMED (STAY) when someone comes home? Or is this meant to be a push/manual item where if your father for example has a key to get in your house…he comes in and Disarms it (within a time period) then arms it again on the way out?

marktheknife · October 24, 2018, 1:52pm

This thread’s pretty old, and there are other more recent ones that discuss smart home monitor.

In the ST classic app, yes you can set it up to do this. I don’t use the new ST app, but I’ve read that it’s not yet possible to arm/disarm SHM based on presence sensors.

But the new app is changing all the time, that’s why it’s best to search for newer threads that might answer your question.

Smurfkiller · October 24, 2018, 11:40pm

Since I’m so fresh I didn’t know that you setup routines for that. Then I found a really good Smart App I think called “Routine Director” So far no false trips. I cannot have my motion sensors on it at all because of my cat.

Network Security: A guide to securing your IoT home

Customers

Developers

Download the SmartThings App