A very rookie and simple question about ST security


(Luis San Miguel Lopez) #1

If someone steals my ST account, how I would prevent him from turning off my home alarm ?


#2

You can’t.:disappointed_relieved:

If you still have access to the email address that you used to create the account and you don’t think the thief has access to that you can request a password change. But it won’t take affect until the next time the thief logs out and tries to login again. If the thief just stays logged in, they will still be able to operate your account even after the password change.


(Pizzinini) #3

Simple answer… you cant.

I like to set up a notification on my phone when the alarm is turned on or off. THis way I notice if something unusual is happening.


(Mark) #4

Maybe change your password, or unplug your hub. Assuming you know your credentials have been compromised. Taking standard precautions to prevent your info from getting into the wrong hands is most important. Since there are third party services that could potentially have access to your login info, be cautious about which ones you authorize with that info.

People have been asking for ST to support 2-factor authentication for a long time now, considering the potentially catastrophic consequences of unauthorized account access. Unclear if they’ll ever implement that.

Edit: as mentioned above, to some extent, if it actually happens, you’re screwed.


(Luis San Miguel Lopez) #5

Really, thank you very much for your answers.

From what I see, I have no choice but to rely on the security of ST servers.

I work in a company of computer security, ethical hacking, forensic analysis, pentesting … Every day I am facing problems related to the security of the networks and servers of our customers. Most of these problems are due to user bad practices, but this is not always the case and systems considered to be very safe have been violated.

By this I mean that maybe ST is a good solution to automate the lighting of the porch lights at night or the sprinklers when I’m not at home. I just do not want the alarm system in my house to depend on third parties.


(Mark) #6

Many people have come to the same conclusion as you. There are quite a few problems that can crop up when using a mostly cloud-based platform for home security.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #7

You do realize that the odds of a hacker targeting your specific SmartThings account and your home for burglary are extremely small, right?

Currently, an attacker can much more easily just cut the cable, phone, and/or power lines to your home and quite successfully thwart most alarm systems.

Yes … there are ways to be “more secure” and prevent various paths of attack, but realistically, a hack of SmartThings is not high on the risk scale.


(Kirk Hilzinger) #8

I use a different password than I normally do for other things for SmartThings and other related services it uses. That way, if a web page logon gets compromised or E-mail account passwords, that password would not work for ST or any of the other services I use.

It is best if you can use different passwords for every system but that is not necessarily practical in some instances. But, using different passwords for different groups of services, might be easier.