←back to thread

Hacking a Smart Home Device (2024)

(jmswrnr.com)
314 points walterbell | 9 comments | 15 Apr 25 03:12 UTC | HN request time: 0.952s | source | bottom
Show context
jqpabc123 ◴[15 Apr 25 07:15 UTC] No.43689886[source]
The ultimate long term solution --- refuse to buy any home product that defies local control.

If a wifi password is required to make full use of the device, I will return it.

If some users want to sacrifice security and privacy for "convenience", that's on them. But if you want to sell me the product, at least provide the option to decline without loss of functionality. Otherwise, no sale.

As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

replies(7): >>43690116 #>>43690556 #>>43690969 #>>43691012 #>>43691509 #>>43692845 #>>43694018 #
1. mrheosuper ◴[15 Apr 25 09:03 UTC] No.43690556[source]
> If a wifi password is required to make full use of the device, I will return it.

By that logic, you will not buy any "smart" devices

A camera doorbell, in your example, need wifi password so that it can stream video.

A smart lightbuld need wifi connection to change brightness or color.

Without wifi connection, it will lose a part of functionality

replies(5): >>43690594 #>>43690634 #>>43690788 #>>43690889 #>>43691725 #
2. afroboy ◴[15 Apr 25 09:12 UTC] No.43690594[source]
I believe he meant connectinon to the cloud of service provider.
3. pelario ◴[15 Apr 25 09:17 UTC] No.43690634[source]
That's simply not true.

There are plenty of smart devices (including lighbulbs, sensor movements, and what not)t hat use bluetooh, or protocols like Zigbee that enable all kind of functionality without wifi password.

4. marci ◴[15 Apr 25 09:44 UTC] No.43690788[source]
There are camera doorbells with PoE.
replies(1): >>43702964 #
5. zeta0134 ◴[15 Apr 25 10:04 UTC] No.43690889[source]
Philips Hue and many other similar smart light bulbs connects to my zigbee network with no Wi-Fi needed. It's remarkably simple to control them from Home Assistant, which I can run on a fully isolated home network. When my Internet gave out for two weeks (the perils of living in a forest) lots of stuff became inconvenient, but my smart light bulbs continued to work perfectly.
replies(1): >>43702188 #
6. 63stack ◴[15 Apr 25 12:23 UTC] No.43691725[source]
So wrong.

There are protocols like zwave, zigbee, and possibly others that not only not need wifi passwords, they don't even need an IP address.

7. mrheosuper ◴[16 Apr 25 06:37 UTC] No.43702188[source]
The point is not wifi. Wifi is just a protocol, like zigbee, or lora, etc.

Giving something wifi password is different from giving something internet access, they are not inclusive. You just add it to your local network without giving it internet access

In your case, does your smart bulb still have same functionality if you dont add it to your zigbee network ?

8. FloatArtifact ◴[16 Apr 25 08:33 UTC] No.43702964[source]
Thinking that through with PoE and Ethernet. Outside of MAC address white listing, how does one protect one's local Internet from being jacked in from the doorbell, externally?
replies(1): >>43703811 #
9. walterbell ◴[16 Apr 25 10:59 UTC] No.43703811{3}[source]
Wired encryption and auth?

"MACsec (802.1AE) and EAPOL (802.1X)", https://forum.openwrt.org/t/macsec-802-1ae-with-802-1x-eapol...