How should we keep our IoT home secure?

spam isn’t a big deal either - just delete it.

The additional aspects of remote hackability, difficult attribution, and access to rich information derived from IOT infrastructures changes these dynamics.

The minute your lights are turned on a 3am by some script monkey just to mess with you and wake up your family, nothing even damaging, tunes will start to change.

Folks try to minimize the risk or even inconveince by saying, go ahead and peruse my plex library - I DON"T CARE…hahaha. security… what a waste.

But the reality is, sirens turned on, cameras being watched, doors unlocked for purposes of theft… they will happen no matter how much effort we put into security because security is not absolute. But we need to make it very very difficult so it is not common place. It doesn’t take much for these issues to quickly overcome the inconvenience of proper security.

Let’s not forget, this is a product that is intended to SECURE YOUR HOME. It should close vulnerabilities and not add additional vectors of attack, by definition.

2 Likes

Ironic…good point!

People DO make light of others attempts to keep their loved ones safe…don’t they?

“the children…a bit over the top don’t you think?”…or something to that effect…sound familiar?

And now here I am the one making light lol. I hope it wasn’t at the expense of anyone’s loved ones.

As with anything there is best case and worst case scenarios…pro’s / cons. What matters greatly for some may be miniscule for others. I suppose it all depends on the application and how it is used.

I agree, some of it is a gamble, to a degree (my words). I’m sure in homes with the elderly, or those with physical / mental disabilities (whom may utilize home security and / or home automation), the reward outweighs the risk.

I was never aware that ST was intended as a home security system first and foremost.

At any rate…let the mouse / mouse trap debate continue on. I won’t be detoured regardless. If I do indeed minimize the risk, seemingly to make myself feel better about it, than so be it I suppose…the odds are in my favor until they are no longer.

1 Like

Marketing will be very disappointed to hear that…:disappointed_relieved:


.

.

2 Likes

I suppose they would be disappointed that i didn’t “buy in” to the Security System pitch :slight_smile:

The point I was attempting to make is that SmartThings is sold as a Home Automation solution where self monitored security is among the benefits.

Under that umbrella (if you will) would be home protection and security…security in the sense of locking you door for example.

Now, does a door lock constitute a Home Security System?..maybe not by itself. How about in combination with contact sensors? I believe together they certainly could be considered Home Security but are Home Automation until they are professionally monitored in my mind.

I suppose the truth is in the eye of the customer. To me, a security system is monitored by a company whom can dispatch authorities in case of emergency. I suppose others read into what marketing intends and translates that into a Home Security System. If someone is over-sold on their pitch than I’m sorry…happens everyday. That doesn’t make it the ereal deal.

Multi-tools are sold as replacing a whole tool.box full.of stuff…yet you don’t see car mechanics and construction workers using them.

Look again: The box that is sold at retail at Sears, Home Depot, and Best Buy says “Home Monitoring Kit.” Not “Home Automation Kit.”

The tagline is “Make sure your home stays safe while you’re away.”

http://www.bestbuy.com/site/samsung-smartthings-home-monitoring-kit-white/4481802.p?id=1219752134292&skuId=4481802

It’s sold as a security offering.

It’s also sold in other boxes and other marketing materials as a home automation offering. But consumers aren’t jumping to conclusions if they’re picking up the box at Sears and thinking it’s primarily to do with home security.

Just sayin’…

2 Likes

It is. SmartThings offers professional monitoring for the security system.

1 Like

So where does Home Monitoring get translated to Home Security System? Here again, it’s all in interpretation.

Correct!..a security offering…not a Home Security System. Here again, some translate that to mean ADT is now in a box.

I understand what you’re saying, and do not disagree with the interpretation, should someone choose to accept it as marketed.

As i said, Multi-tools are marketed the same way, comparatively.

Does this then mean I am to take that as gospel and no longer need specific tools when the use case arises?

When people get upset at SmartThings because it’s a wanna-be Home Security System, it’s because it has been over-sold as such and the customer then (I feel foolishly) has that expectation.

Are we talking about what it actually is or what they say it is?..as I can’t think of much that lives up to “as advertised”.

Works fine for me with no disappointments when it comes to securing my home. I just think better judgement should prevail.

This is really splitting hairs here. It is designed and sold as a Home Monitoring and Security solution. The distinctions being made don’t have weight.

The company’s brand-new 24/7 professional home monitoring service, called ADT Canopy, is one of several new premium service offerings–including the recently announced Scout Alarm–that we’re extending to customers who wish to complement how they secure their home with SmartThings.

Taking this back to the point I made when I brought it up…

This is intended to be a home security solution. It should not introduce new vulnerabilities. It should mitigate existing ones.

We know people can pick our locks. Vulnerabilities such as that don’t excuse away vulnerabilities in SmartThings, nor should they be trotted out to promote a culture of apathy about security within ST. ST needs to be secure. SmartThings agrees.

2 Likes

I hear you and agree on introduction of vulnerability. I’m not sure I understand your reiteration, as I didn’t contradict or dispute.

I stand by my take on interpretation vs. expectation of SmartThings being considered a Home Security System (as I consider them). A solution for some, yes…a solution for all…absolutely not.

To that point, one could maybe get some Home Automation from a Home Security System; however, I wouldn’t have expectations for it to change the channels on my TV.

Heavens…

I’m not debating what they try to sell it as!

Just because they offer professional level service doesn’t mean I’m buying into it…nor should anyone else just because they say so.

My better judgement says otherwise. If anyone wants to keep debating “but they claim” than I don’t disagree with that. I’m not trying to debate ST having responsibility for their advertising.

If I want home security than I’m going with a true home security system and anyone complaining about security vulnerabilities should probably do the same.

Enough said.

I don’t really agree that we should retire ourselves, collectively, to not using ST for things it was intended to do because it has failed to do so reliably or to consumer expectations. That would be a long list of things. Basically, that’s an individual threshold and choice and I sense that when folks say “why use it as a security system” etc they are trying to excuse ST for their failures and also trying to shame the user for using it as it was intended.

My tact is a bit different. I would rather push ST to improve. Improve reliability. Improve security. Improve functionality. So long as ST agrees, and I faith they are trying to do so, and I haven’t completely lost faith that they will eventually execute I will continue down that road.

For the record, I don’t think ST’s security is terrible. There are some things that need improvement for sure, but reliability is a much bigger issue IMO.

What I don’t like to see, however, is the promotion of apathy about security. Especially when fallacious arguments are made to support such apathy.

BTW, I don’t use ST as my primary home security. As I have stated in the community several times. I have a traditional security panel. I also have ST because IoT and IoT security has a much more data rich, and feature rich reality and future. I have layered them on each other. I get rich data from ST and reliability from my old school panel.

When and if IoT is able to provide the reliability the old school panel can/does, then it will be time to consider depreciating it.

For others, it may be a small piece of mind they would otherwise not have at all.If I were in this for security only, and wasn’t willing to install a traditional panel, I would probably look at Abode or Scout - not ST at this time.

I want to see someone try and access my ST home and survive, let alone not get caught.

1 Like

I know you have the creds, but the reality is even organizations with a quarter BILLION (yes billion) dollar budget for security still get breached. Some have multiple CS PHDs working with the CISO office.

BTW, the most likely way your ST system will be breached is not by attacking your home / st hub directly. It will be the ST cloud being compromised then they have control of all the ST hubs, including yours.

You have no way to secure the ST cloud nor prevent such vulns from effecting yours. You don’t have a ST hub / ST Cloud firewall yet do you? If so I want in. :grinning: Most likely your security stack allows the ST hub to talk to the ST cloud on the necessary ports - but beyond that you have no visibility or certainly no control over what the ST cloud tells your ST hub to do over those ports.

1 Like

how to keep your setup as secure as possible…

Also I didn’t necessarily mean the iot environment itself, the way I integrated my home allowed me to compartmentalize different functions and areas so that if one falls the others aren’t left vulnerable. For instance if you are physically able to access my attached garage by somehow hacking in through cloud you still won’t gain access to my house.

1 Like

Similar setup here, cloud only things are on entirely separate lan/switch (segmentation) with their own perimeter security stack. They aren’t even allowed to talk to each other (micro-segmentation).

I don’t trust Vlans, they are not security in and of themselves, so I only use them within similarly positioned security zones but they don’t cross security zones - ex. trusted / unstrusted / etc

The problem is, of course, this is complex and it comes at a cost - and joe consumer will never do this.

Vlans setup on my 2 Asus rt-ac5300s with Asus wrt Merlin using hardware and custom trend micro based firewalls using SHA 2 hash and RSA 4096 bit keys ( might be overkill) .

A counter attack for those that may want to snoop is an “easy” to access video feed that appears to be an ip cam but its really just a looping video embedded with a buffer overload script.:sunglasses:

Its not that pricey or difficult to set up and depending on what you need to protect its well worth it.

Careful. Hack backs are a crime. I doubt your going to get any takers in your active honeypot, but legally you can’t hack computer systems that are not yours. Is script kiddie going to file a complaint? No. Will you ever get in trouble, no.

But some one else’s system could be used to attack you, and that third party might complain depending on the nature of your exploit package. Also, legal interdiction systems that get attacked by such active attack back pot exploits might piss off the wrong fed.

99 percent Neva Gona happen, just pointing out legal issues

Join the NSA and hack with impunity where none of the rules apply. You can work with the chief scientists and become one yourself

1 Like

It doesn’t fall under the legal definition so I am safe ( I just finished that course before thanksgiving, I actually learned something that had a practical application…sort of). Ill pass on working for any agencies like that, already have the clearances from contractor work and see enough of the mans violations of privacy

I appreciate the looking out though!

How does ‘secure’ it?