←back to thread

Hacking a Smart Home Device (2024)

(jmswrnr.com)

314 points walterbell | 1 comments | 15 Apr 25 03:12 UTC | HN request time: 0.206s | source

Show context

jqpabc123 ◴[15 Apr 25 07:15 UTC] No.43689886[source]▶

>>43688658 (OP) #

The ultimate long term solution --- refuse to buy any home product that defies local control.

If a wifi password is required to make full use of the device, I will return it.

If some users want to sacrifice security and privacy for "convenience", that's on them. But if you want to sell me the product, at least provide the option to decline without loss of functionality. Otherwise, no sale.

As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

replies(7): >>43690116 #>>43690556 #>>43690969 #>>43691012 #>>43691509 #>>43692845 #>>43694018 #

1. mzajc ◴[15 Apr 25 11:59 UTC] No.43691509[source]▶

> If a wifi password is required to make full use of the device, I will return it.

This is one of my favourite uses of OpenWRT, or any other firmware that gives you proper control over the router - for WiFi-networked IoT devices, I set up a separate wireless network with no WAN/LAN access and client isolation. I can connect to the device, but it can't connect to WAN, any other devices on the IoT network, or my LAN.

Of course this won't work for cloud-tethered devices, but many will expose their functionality directly over network.