I’ve been using SmartThings for quite some time and have many devices tied into it. I’ve had a love-hate relationship with it over the past year or so, but lately it’s just too dang unreliable to be useful. The hardware seems okay, but the cloud component is hit or miss from one day to the next.
I think it would be great if SmartThings opened up the platform so that software on the same network (and with proper credentials) could control the hub. As a developer I’d love to be able to write my own software to power my hub without depending on the extremely unreliable cloud service in any way.
Basically I want to be able to write my own SmartThings service leveraging the hardware I’ve already purchased, and host it on my own network. I have a media server running 24x7 already anyway, and something like that could probably run just as well on a Raspberry Pi. Has there been any discussion of this as a possibility?
Even without the blessing of SmartThings it seems it should be possible to fool the hub into connecting to your own server via DNS overrides, then issue commands by mimicking the service. Has anyone attempted this? I realize that things like SSL will present a hurdle, but I’ve seen people get around that on other systems.
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
2
Why would you want to go through all this trouble (with very low probability of success) when there are open source HA systems already available (OpenHAB, among a few others).
Hacking SmartThings is a civil violation of their Terms of Use and probably breaks several cyber crime laws. Of course, once you have successfully hacked it, then you wouldn’t be using their services anymore, technically, but the steps to get there would be grounds for a lawsuit.
Not to mention, the maintenance would be a disaster. SmartThings has a team of people running it and applying patches and feature upgrades. Then throw in the 3rd parties whose APIs are in play and you’re basically talking about reproducing half of the company on your own box.
It’s tough enough with actual professionals maintaining it, amateur hour would be nuts.
I agree with @tgauchat and @vitamincm It seems like a headache to even try this. Why don’t use just OpenHAB if you really don’t like the “cloud” concept.
OP: Even if someone can pull it off, it’s not realistic to think it’s maintainable IMO.
The DMCA and similar ilk are a joke. Not necessarily in their entirety but due to asinine sections that are absolute overreaches, which we can certainly expect to be deemed as such by courts in many cases - some of which has already happened.
It’s also a violation of laws like this to do maintenance on your john deere tractor because they own the code on the computers and it violates the terms of your license to do so.
Hahah… really funny guys… come and get me… see you in court.
SmartThings does not make money selling hubs. Their business model is based on mining data (also known as analytics) that can be monetized one way or another, if not today, then in the future. Therefore, it’s naive to believe that SmartThings will ever allow anybody to bypass the cloud and deprive them from their revenue stream.
If you’re a developer, there’re many other home automation platforms to play with, both open-source and commercial, that don’t rely on the cloud services.
Well I’m not one to shy away from playing Devil’s Advocate though… so if you WERE going to do it, how would you?
I mean, at the end of the day, the whole ST ecosystem is basically just a giant box “on the other side” that listens for commands to send from “Joe Sixpack” to “Hub #3,991,992” or something of the sort. Feel free to insert that disappointing “the cloud is just someone else’s computer” meme here.
The fact that the hub is wired probably makes things easier when you think about it. You’re already authenticated when you use the ST app on your phone, so the command goes to ST’s “cloud” somewhere, where some listener looks you up and knows where to send the “turn light x on/off” or whatever the command is you just sent.
The hub basically does the same thing… listen in for the command to come in from ST and converts that into an actual radio message to send out to the device in your house.
Not that you should – or that it would be easy – but I’m sure you could MiTM the whole setup by getting between the hub and the internet. All it would take is figuring out what the hub is doing now to authenticate that it’s talking to the ST backend, and what these commands / acknowledgements are that pass back and forth between the two.
Probably not a walk in the park, but it doesn’t look that hard when you look at it that way.
Being able to take advantage of the multiple radios in the hub seems like it would be more elegant than having a dongle for Z-Wave and a dongle for Zigbee, etc. (I’m not even sure I’ve ever seen a Zigbee dongle but I’m assuming one exists.) I have multiple device types that I’d need to interact with. I thought if it were possible, I could use this nice clean little hub that I already own.
I’m not saying this would be trivial, or that it isn’t without its TOS grey areas, but the way things are going it’s something I’m seriously considering tinkering with. Disclaimer: I by no means intend to do anything that would impact SmartThings’ own servers. This would all be local to my network. My question was mainly to see if anyone else had already thought of, and tried it.
I realize SmartThings will monetize the data at some point and that this isn’t likely to get their blessing. That said, I could imagine a future where they give up on the service and open-source everything. I know it’s really unlikely… but a man can dream.
Also, don’t get me wrong. When the service works, it’s awesome. I absolutely love it. But it seems like every day brings a new outage of some sort. It’s not unusual for me to say “Alexa, turn on the kitchen light” and have it work, then 10 mins later have the same command fail multiple times. Okay, I so I pull out my phone. Must be Alexa, right? Nope, device isn’t responding at all to the SmartThings app itself. It’s very frustrating. I’ve invested thousands into this system and it lets me down constantly. I really hope it gets better. I’ve been saying that for a while.
I’m not sure I will try this, but I think if I did you’re on the right track.
Definitely agree on both points.
Thanks for the replies everyone. I didn’t mean to stir the hornet’s nest but I’m getting tired of the issues and looking for ways to make use of what I’ve already purchased. My true hope is that SmartThings figures this out and everything just starts working.
Digi makes a zigbee USB stick which is quite popular. (TI does as well.)
If you just want to cannibalize your hub to take out the Zwave controller and the zigbee Coordinator, it’s not really any different then taking the screws out of a laptop to use them on a DVD player. I can’t say definitively, but I wouldn’t think reusing the hardware pieces is a TOS violation, it violates the warranty, but that’s a separate issue.
But hardware is cheap. The SmartThings cloud isn’t just a means of sending a message from an end device to the hub or vice a versa. If that were true, you wouldn’t need the cloud at all.
What the smartthings cloud has is a software abstraction layer, proprietary to the company, that allows you to do things like have a Z wave minimote’s button press cause a zigbee lightbulb to come on. Or have a whole group of actions take place on devices of different protocols as well as virtual devices and system variables like modes.
That code is protected intellectual property. You didn’t buy it when you bought the physical hub, you just licensed it under their terms. Most of it doesn’t run locally for whatever reasons. So there’s no way to hack the hub And have it work the way the cloud does without writing your own multiprotocol infrastructure.
In which case, yeah, just start from openhab or one of the other open source projects and you’ll save yourself a lot of time.
I think this topic explains single handedly why ST wont make the whole system local and have everything run locally including the core system - risks of replication or modification on a core level is way to higher risk to be a viable solutions for them to carry on…
It would be easier to build your own hardware and software from scratch than modify a purpose built product to become essentially your own new product.
I think it would be interesting though, but you would have to assume that it would be completely unsupported.
And of course it’s entirely too much work for what you would gain out of it, considering that you can just roll out another more hack-friendly solution instead.
With that said, there is something to be said about the stability and message delivery robustness of the ST platform (or lack thereof), even years after its supposed “production” rollout. You could theoretically roll out some kind of local box that simulates the ST “cloud” so that you can control your devices in the event of an outage, for example. And you could turn this theoretical magic box off when everything is working. Assuming of course you could write your own app / web interface to talk to it when ST is down.
I agree with @JDRoberts that ST does all of the heavy lifting with the abstraction, but when you think about it it’s not really rocket surgery. They’re basically doing user / hub / device / capability mapping – either through discovery or when you specify it yourself. Then at specific times – or via input from the app – they’re translating that into a command for the hub to send to that specific device. THAT in itself should be easy enough to replicate.
It’s a ton of work though, but I don’t see any technical reasons why it’s not actually feasible.
While I’m not proposing that anyone should do it, I doubt very highly that such a thing would break any cyber crime law, much less form the basis for any civil action.
I wonder if it would even be considered hacking in the true sense of the word though.
I haven’t looked, and I am not a lawyer, but I would assume that once the data is inside my network, it’s mine to with as I please. I could argue (although I’m probably wrong) that I could sniff the data between the hub and the router and find some degree of information about the communications that ST is having with the device.
Now whether that data is encrypted, proprietary, etc. is another story. But again, if it’s inside my network then who’s to say what I’m allowed to do with it. Maybe I just wanna make sure that ST is not telling the hub to turn on the cameras to watch me shower or something, I don’t know.
Again, all theory and completely overkill, but it’s an interesting thought exercise nonetheless.
There was a lot of attention floating around about packet sniffers and eavesdropping on your own network as part of the CyberSecurity Act of 2015. I’m relatively sure that it’s perfectly legal to run packet captures on your own network “for the purposes of cybersecurity” – again, under the pretense that the ST folks are not watching you shower or using your TV to mine for bitcoins or whatever you wanna say.
“Reverse engineering” is restricted by many EULAs and is in fact something you can be sued for, but it’s not usually a crime unless you turn around and start selling whatever it was that you reverse engineered. It’s a civil issue because you broke your contract/license with the company that issued the terms of service. ( although you are allowed to do some reverse engineering for some purposes. The stuff gets really complicated from a legal aspect.)
Packet sniffing might be done just for diagnostic purposes, but it’s often done for reverse engineering and then you can run into problems.
Whether it would be worth it to the company holding the license to pursue a legal case against you is entirely different issue. That would be their decision.
I think it’s a somewhat gray area… and again I’m fairly sure that I’m legally allowed to sniff traffic in my own network, even if I’m somewhat dishonest about the reasons why. I mean, nobody at ST signed any sort of contract making a pinky promise that they weren’t going to use my TV to mine for bitcoins, so I’m just making sure.
I wonder if anybody actually read the EULA fully before starting to use SmartThings. Does it say anything about any sort of obligations from your end not to poke around the traffic? Or about what happens after you decide not to use their system?
