Create Events for IoT Devices

Hi,

I have created a simple smart app that can successfully mange a simulated smart light when a simulated switch is turned on/off. Next, I want to create some particular events for some available IoT devices on the platform, such as a simulated smoke detector, to manage their events through my smart app. Hence, I found the create device events API for such purposes. However, I got noticed that this method works for those IoT devices that have been created by that smart app only. Is there any solution to create events for IoT devices after granting rwx permission to the smart app for a particular IoT device?

There are a number of different ways of integrating devices in SmartThings and if you are integrating a cloud based device, for example, you can do it using a SmartApp. So the SmartApp fulfils a similar function as a device handler or an Edge driver would for other devices. So that is where the ‘create device events’ API call comes in. It provides the equivalent of a sendEvent in a device handler, or emitting an event in an Edge driver.

Thank you very much for the information. I also get noticed that before creating an event by a smart app, the smart app should be able to install the profile of the target device using Install a Device API. Accordingly, I have some key questions for my further research on IoT Security.

There are several security papers that discuss about different types of vulnerabilities and attacks on the SmartThings platform. One of these attacks is the fake event attack, which a malicious smart app publishes a fake event into the platform on behalf of the real IoT device. For example, let assume we have two installed smart apps, including SmartLight and DoorController apps. The SmartLight app is responsible for turning on/off the smart light bulb based on some automations, and also the DoorController app has several automations, which one of them is opening the door if smoke is detected.

In short, SmartLight is the malicious app and publishes a fake smoke event into the platform and finally the DoorController app opens the door. Now, my questions are as follows:

  1. Is it possible to create events for an IoT device from both a device handler and a smart app? and was it the same in the older versions of the SmartThings platform, such as 2018.
  2. Can we have more than one smart app for creating events for a particular IoT device?
  3. Is the device profile installation API a new security mechanism for stopping such fake event attacks? Or has it existed before? Because according to those papers, having the device ID was enough for a smart app to publish some events on behalf of the original one.