←back to thread

Hacking a Smart Home Device (2024)

(jmswrnr.com)
314 points walterbell | 3 comments | 15 Apr 25 03:12 UTC | HN request time: 0.473s | source
Show context
jqpabc123 ◴[15 Apr 25 07:15 UTC] No.43689886[source]
The ultimate long term solution --- refuse to buy any home product that defies local control.

If a wifi password is required to make full use of the device, I will return it.

If some users want to sacrifice security and privacy for "convenience", that's on them. But if you want to sell me the product, at least provide the option to decline without loss of functionality. Otherwise, no sale.

As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

replies(7): >>43690116 #>>43690556 #>>43690969 #>>43691012 #>>43691509 #>>43692845 #>>43694018 #
1. 123pie123 ◴[15 Apr 25 07:53 UTC] No.43690116[source]
I've been doing this for years, but it's hard work trying to get information on how bad these devices could spy on you - before you buy them

I just guess now and make sure the company has a good returns policy

replies(2): >>43691756 #>>43695545 #
2. jqpabc123 ◴[15 Apr 25 12:26 UTC] No.43691756[source]
it's hard work trying to get information on how bad these devices could spy on you

The orange flag is when setup requests my wifi password.

But the big red flag for me is when configuration fails without unfettered WAN access. In this case, the product goes back in the box. If you allow this, you allow anything. Someone else effectively owns the device.

An easy test for this --- simply unplug your network from the WAN modem and see what happens.

3. connicpu ◴[15 Apr 25 16:58 UTC] No.43695545[source]
For the most part I just stick to zigbee devices and I can be sure they're fully under my local control because their only gateway to the network is the zigbee modem attached to my Raspberry Pi running Home Assistant. Sometimes requires messing with some quirks to get the full functionality I need out of them, but the community is pretty good about supporting most devices out of the box.