SmartThings Community

Network Security: A guide to securing your IoT home

security

(Greg) #21

I always thought it was “you don’t have to shoot the bear. Just shoot the guy next to you” :frowning:


(Tim Slagle) #22

Texan proverbs :wink:


((Possibly not the Matt you're looking for)) #23

Greg, you, uh… might be doing it wrong.

:wink:


(Kevin Shuk) #24

Adapting this to the topic at hand, a potential intruder isn’t likely to hack your network to use your HA to open the door (to the point where the FBI doesn’t even keep stats on this, if I recall correctly). They probably won’t even attempt to pick the lock. More likely is a bump-key attempt (if they’re going for subtlety), kicking in the door and bypassing the lock entirely, or entering through a window and bypassing the door entirely.

Although if an attacker is dead set on flipping the lamp to the left of your sofa on and off at will, they may go for the more technical means.


#25

Different criminals, different targets. For example, there is a neighborhood about 5 miles from me where Mail gets stolen out of the mailboxes all the time. Doesn’t happen in my neighborhood. The difference is the other neighborhood is much wealthier, and their mail is more likely to be worth stealing.

The worst neighborhood in terms of hacking is one with affluent bored teenagers. You even see drive by hacking, where they drive around until they find an unsecured Wi-Fi signal and then just play. Maliciously. Clockwork Orange mentality.

Addicts who need to find something to sell are not going to pay any attention to your Wi-Fi network. Techno punks may, and they’ll likely go for targets of opportunity.

So lots of variation.


(Kevin Shuk) #26

True that, @JDRoberts.

Although this is really meandering from the original topic (apologies, @tslagle13, I promise to stop it here), your last post reminded me of this recent article in the NY Times by Nick Bilton about a vulnerability in cars that use transponder fobs instead of keys or traditional remotes for locks & ignition: Keeping Your Car Safe From Electronic Thieves

There are a number of factors that contribute to the phenomenon described in the article, not the least of which is where a person parks in proximity to both where they spend enough time to become a victim and to where someone with preparation and intention to perform this exploit. But clearly some folks’ activity check all the boxes, and, as you said, become a target of opportunity.


#27

I just wanted to mention also that you can buy additional security simply by using isolated networks.

I don’t use SmartThings for my home security. That’s a completely different system, not connected to my home wifi.

I have one wifi network used for VPN stuff.

I have a completely separate network for unimportant stuff, like Netflix, and, at my house, home automation.

So my hue bridge and SmartThings are not connected to the same computer or same wifi network I do my secure stuff on.

A lot of people don’t care about taking things to that level, and don’t want to hassle with multiple networks.

So I’m not suggesting most people will do that, just saying if you are worried about home automation being a breach point, that one’s easy to fix by putting it on a separate network altogether. There’s a dollar cost, but it’s easy to do.


(Jason F) #28

I don’t know a whole hell of a lot about network stuff beyond changing passwords and accessing the router via its IP and whatnot. I’ve never created a VPN, but would there be some value to doing so? Additional security for ST and secure access from remote locations?

My ST hub should get here Thursday and then I get to really play. Stupid Wink is a child’s toy.


(Tim Slagle) #29

Overkill IMO. Let STs secure your external access and you worry about the other stuff:)


(Jason F) #30

Really wish ST was fully offline except for software updates and could be hosted by a home server. I guess 2.0 will do some of that, but not all…

Would you amend your answer in regard to 2.0?


#31

As yet we don’t know any of the exact details of what hub 2.0 will or will not do with regard to local processing. Just hints. So no way to evaluate it until more is known.


(Jason) #32

Edit: Sorry for the barrage of links, just trying to get the comments over here in the right topic, but I did it wrong I think =/
Edit 2: Should be in timeline order now.

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:

Continuing the discussion from Bloomsky Weather Station:


Bloomsky Weather Station
(ocpd+adhd+alz+md+hfa+fms+lol=me :)) #33

@keltymd
I’m not sure if it’s just my brain or your text, but it seems like you said it two different ways here (in the first sentence, the lower one is connected to ‘theirs’, but in the second sentence, you have the ‘upper’ one connected to theirs).
Any chance you could say it again?


(Matt) #34

lets make it visual


(ocpd+adhd+alz+md+hfa+fms+lol=me :)) #35

I assume it depends on what kind of equipment I have as far as whether or not this is even possible, right?
If I do have what it takes, I will do this soon.
If not, I will put ‘Router Replacement’ higher on the priorities list.


(Matt) #36

all you need is two routers in addition to what the ISP give you. Then you can make a DMZ that they dont have access to and anyone wanting on your network from the internet has to crack three total routers Cable companies, your upper and your lower


(Bobby) #37

Hey Tim, I know you recently mentioned this on the BloomSky thread, so I thought I give it a try and to my surprise, disabling the ssid broadcasting made my connection go nuts! How can you explain this? The trend on the left is my undisclosed ssid, once I turned it back on, my connection stabilized instantaneously. Thought I’d share, in case anyone attempts to do this and doesn’t know what caused the wifi to act up…


(Dave White) #38

Alot of good information on here but i was expecting Security regarding Smartthings.

Does the Smart Home Monitor Security feature arm itself ARMED(AWAY) if everyone is away and does it go to ARMED (STAY) when someone comes home? Or is this meant to be a push/manual item where if your father for example has a key to get in your house…he comes in and Disarms it (within a time period) then arms it again on the way out?


(Mark) #39

This thread’s pretty old, and there are other more recent ones that discuss smart home monitor.

In the ST classic app, yes you can set it up to do this. I don’t use the new ST app, but I’ve read that it’s not yet possible to arm/disarm SHM based on presence sensors.

But the new app is changing all the time, that’s why it’s best to search for newer threads that might answer your question.


(Dave White) #40

Since I’m so fresh I didn’t know that you setup routines for that. Then I found a really good Smart App I think called “Routine Director” So far no false trips. I cannot have my motion sensors on it at all because of my cat.