I’ve email support with a question but my response less than ideal. I asked if they could provide the domain names used to communicate from my hub to the Smartthings cloud. They said they could not for security reasons. I could throw wireshark on my connection to determine some of this information but it could be incomplete. My goal is to filter outbound traffic and thus ensure my hub only communicates with the Smartthings cloud. I understand that, in theory, this may not be necessary but I would like to add another layer of security by filtering on a device that isn’t Smartthings. Defense in depth is always preferred over security by obscurity. Cars were safe until someone plugged into the CANBUS and started playing around. I would like to ensure I have some control or say in the security of my network and remain a good internet citizen in the event the unthinkable happens (i.e. Smartthings hub vulnerability).
Can anyone provide the information I’m looking for?
Not sure why SmartThings thinks this is a security issue. Basic firewalls use domain and IP filtering per device so providing you with this information shouldn’t be a problem.
If you search the forums someone provided a list of ports that SmartThings uses; which I put into my firewall.
E.g. My SmartThjngs hub can only talk out on them ports, if it attempts to make an connection to the internet on another, my firewall lets me know as its doing something it shouldn’t.
The researcher said they had notified Philips of the potential vulnerability and the company had asked the researchers not to go public with the research paper until it had been corrected. Philips fixed the vulnerability in a patch issued on Oct. 4 and recommended that customers install it through a smartphone application.
It also required that the hacker be within about 100 m of the affected device, you can’t sit in Chicago and affect devices in Texas.
I’m also pretty sure it wasn’t really a “ZIgbee” hack, but rather a ZLL hack. ZLL is the only zigbee profile that doesn’t require a coordinator and allows for touch-link to move a device to a new network without having physical control of that device. You put those two things together and ZLL is infinitely more vulnerable than other zigbee profiles, such as the ZHA profile that SmartThings uses.
As much as we complain about having to individually reset zigbee devices to move them to a new network, that is part of the security layer.
I’m not concerned with Zigbee or Zwave. I am concerned with devices running full operating systems that connect to the internet. Think Heartbleed. Most IoT devices rely on linux or open source. The above port 443 connections probably use openssl. That alone has it’s fair share of issues. It’s always a matter of when not if. In the meantime we might as well make it more difficult on the attackers or give ourselves the time to work on detecting malicious activity. I understand that with low hanging fruit like default credentials or no passwords on devices we have a long way to go. If we all ask questions like this of the manufacturers or service providers they may come to understand security is just as important to us as functionality.
I just want to be as secure/safe as possible (network segmentation/firewall/two-factor auth/etc) AND avoid having my systems participate in an attack (outbound filtering).
OrgName: CariNet, Inc.
OrgId: CARIN-6
Address: 170 S Green Valley Parkway, Suite 300
City: Henderson
StateProv: NV
PostalCode: 89012
Country: US
RegDate: 2009-11-17
Updated: 2019-08-28
Ref: https://rdap.arin.net/registry/entity/CARIN-6
CustName: CariNet, Inc.
Address: 8929 Complex Drive
City: San Diego
StateProv: CA
PostalCode: 92123
Country: US
RegDate: 2014-01-03
Updated: 2014-01-03
Ref: https://rdap.arin.net/registry/entity/C04837984
/s