I was sitting at my desk working on my computer & my wife was cooking when our phones buzzed several times.
It was ST alerts that “Lock single user code management” had been executed!
My door locks had all “Added User 4!” Very Alarming to say the least!
I changed my ST password and deleted that lock user code.
Now the questions:
was I hacked?
was it from my password?
Or, was it from one of the OAuth web services like:
– Rule Engine?
Is there a place to see all the web services I authorized?
Has anyone seen anything like this ?
Thanks for the thoughts and ideas, All!
All Yale YRD120.
Four are on the old custom “Z-Wave Lock Reporting” Device Types.
One is the generic “Z-Wave Lock” Device Type. Ty, if there were anything extra you could see?
The App just exists installed until I need to use it for a guest.
Live Logging has to be on to see what happened.
I looked at the Events in the Devices and all it said was that the App executed and notified me.
– in the IDE list:
-funny, SharpTools shows up twice on each lock.
-garage side door & hall door have two apps to link them. unlock outside, inside unlocks & vice-versa
So, in the events log when I changed the tab to ALL, it adds the command display text.
i.e. instead of saying the command was setCode, it says setCode(4,#####) (mycode).
I now know that no one added a code to me - it lists the code I set in December.
However, we do not know why this happened.
We were_ not_ in the ST App, nevermind in the Apps section, nor editing an app…
I lean back on a stuck event message?
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
I concur that this is quite possible unless SmartThings proves otherwise.
It is much less likely that the alternatives, frankly. Sure … you could have been hacked, but (1) The various end-points you have exposed are not likely to expose Lock Code Management, and (2) We’re actually not yet in a world where hacking of connected home smart locks is more than a trivial likelihood.
Right. Two events may take place.
One on Update that sets the code.
That code spot had an expiration of 12/31/2015.
The expiration could have also either had a stuck event/ reschedule or just now run?
I was wrong about being in the ST app.
I had just explored my lights coming on early
But, I went into the room “Outside” “Porch Light” “Smart Apps” "Lights on at Sunset-SmartLights)
Not the Smart Apps list.
I have to admit that somehow, I could have done this, but it has really, really freaked me out.
Regarding the two instances of SharpTools in your Authorized SmartApps, this is completely normal:
This is expected if you have been using SharpTools for a while. The SmartApp that supports SharpTools was officially published in 2016… as part of that, you may recall going through a migration process in the SharpTools app. What this migration process was doing is moving you from the old unofficially published SmartApp to the new officially published SmartApp.
The legacy SmartApp would have left a slightly grayed out version of the SharpTools logo in your SmartApps list and the new version would be in full color.
You can remove the grayed out legacy version if you have migrated all your mobile devices that use SharpTools.