←back to thread

Hacking a Smart Home Device (2024)

(jmswrnr.com)
314 points walterbell | 2 comments | 15 Apr 25 03:12 UTC | HN request time: 0.463s | source
Show context
jqpabc123 ◴[15 Apr 25 07:15 UTC] No.43689886[source]
The ultimate long term solution --- refuse to buy any home product that defies local control.

If a wifi password is required to make full use of the device, I will return it.

If some users want to sacrifice security and privacy for "convenience", that's on them. But if you want to sell me the product, at least provide the option to decline without loss of functionality. Otherwise, no sale.

As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

replies(7): >>43690116 #>>43690556 #>>43690969 #>>43691012 #>>43691509 #>>43692845 #>>43694018 #
mrheosuper ◴[15 Apr 25 09:03 UTC] No.43690556[source]
> If a wifi password is required to make full use of the device, I will return it.

By that logic, you will not buy any "smart" devices

A camera doorbell, in your example, need wifi password so that it can stream video.

A smart lightbuld need wifi connection to change brightness or color.

Without wifi connection, it will lose a part of functionality

replies(5): >>43690594 #>>43690634 #>>43690788 #>>43690889 #>>43691725 #
marci ◴[15 Apr 25 09:44 UTC] No.43690788[source]
There are camera doorbells with PoE.
replies(1): >>43702964 #
1. FloatArtifact ◴[16 Apr 25 08:33 UTC] No.43702964[source]
Thinking that through with PoE and Ethernet. Outside of MAC address white listing, how does one protect one's local Internet from being jacked in from the doorbell, externally?
replies(1): >>43703811 #
2. walterbell ◴[16 Apr 25 10:59 UTC] No.43703811[source]
Wired encryption and auth?

"MACsec (802.1AE) and EAPOL (802.1X)", https://forum.openwrt.org/t/macsec-802-1ae-with-802-1x-eapol...