I know too little about firewall vulnerabilities to really comment on this.
I simply do not allow ANY communication from outside to my domotica items (fixed IP, so easy filter), only when OTA updates are available. In such case, my assumption is that unless my router gets hacked / cracked my WIFI connected devices can be considered to be more than safe enough.
Well it is sufficient to have one device in your inner net to be reachable and vulnerable (be it IoT devices, your PC, Smart TV or anything else), then any decent bot will install and keep spreading from there.
Plus there’s also attack vectors on non-directly reachable devices using fake DNS or update servers etc.
That just can’t happen to classic HA devices using ZigBee, ZWave, KNX etc - they are not IP devices, and they usually don’t run embedded Linux.
Again, I’m not saying you shouldn’t use it - just make sure you’re aware of the consequences.
I indeed did not take such situation into account. Although I can shield my domotica part completely from the WAN connected part (which makes life more difficult as my WAN connected mobile phone is used as main control device), I guess the point you’re trying to make seems indeed valid. WIFI connected devices are by nature less secure and need more attention to be acceptably safe.
Only if you have a hole in your firewall or introduce malware through it yourself.
If you use a decent WiFi password and keep basic security hygiene, there is no reason for your system to get compromised.
Beware of cheap Chinese connected devices. I always block all outbound connections for these.
My only inbound connection is an openVPN port.
You need to maintain a proper security configuration across all your works throughout time, too.
It happens faster than you think to forget about one or the other configuration or potential vulnerability.
Yes, absolutely. That is what I meant by security hygiene.
Hey, interesting discussion - let me share my 2 cents: if you have automation close to the roller shutter anyhow, consider also a digital input to check if the windows are open
My solution: 2 round self made PCBs underneath the original pushbuttons. 1 with 2 relays, one for communication. The original pushbuttons still acting as local operation.
About the synchronization: the problem is eliminated each time you run to an end position - keeping in mind that the local operation runs through the controller as well.
About size: found a 25mm by 25mm power supply from Aimtec. Idea for in-wall devices.
Last not least: my favourite: 8266 using MQTT protocol
Hey I am using normal sonoff 2 channel Light switches to move the rollershutter up an down. There are rules in the backround based on how long a shutter needs to be opened or closed. You already can trigger them sun or moon phased, control them by alexa and start and stop them manually. I also started with a self made 3d printed switch based on demos d1 mini solution but the sonoff switch looked better and worked fine. So for me the best solution
1 Like
Hey, the problem of sonoff and shelly is that they don’t have two triac relay. The outputs must be mutually locked. A software solution is not enough here. It could be that once a relay is stuck and then the blind is broken. I think the best solution is a KNX System or for developer a Beckhoff PLC. I think the biggest problem is the price. A good solution for me are the fibaro rollershutter 2. These are technically good and have an acceptable price.
One more thing to the security. All systems have vulnerabilities. KNX, ZWave and Zigbee also. KNX biggest problem is that you can sniff all the the adresses and then you can send a “off” or a “on” command to the devices. Many websites are running on linux. Even a lot of knx visualization is running on linux. An example of this is the Gira home server. If the ports are configured correctly and if secure passwords are selected. Then I would not worry about an brutforce attack.
BR, Gogi