iCloud binding security

Hello to all,

i am interested to use the iCloud binding, but for the moment I am a bit concerned about security issues.

In order to use the Binding I need to save my Apple ID and password without any encryption on the openhab system (RSB PI 3 with openhabian) ! With this Password and ID someone would have access to a lot of private data ( Fotos, Documents, Addresses, Passwords …)
How do you handle this ?

I was thinking about having a separate iCloud account for openhab, but it seems that Apple is not allowing on iOS parallel accounts.
Am I a litte bit too concerned? Is the openhabian system secure enough ?

Looking much forward to some comments to my thought,

I don’t use apple stuff, but basically you’re right, if you don’t restrict your openHAB instance, someone could read your credentials, but:

  • normally your openHAB runs in your home Network
  • while running it on a Pi using openHABian, which tightens the already pretty secure Stretch raspbian Linux
  • I assume, you don’t have your home Network exposed directly to the Internet without any router/Firewall/…
  • you don’t have open ports directed to your Pi
  • you use a secure password for the openhabian user and don’t have the standard openHABian password anymore

if all of the above is in place for your installation, I don’t see some security issues, having your credentials stored in a secured Linux System, which is not directly opened up to the Internet.

This is a question only you can answer. Below I’ll outline how a computer security professional would answer the question.

To answer the question you need to do a risk analysis.

What are the threats?

  1. someone with access to your RPi can obtain your ID and password
  2. someone who manages to crack OH can potentially obtain your ID and password

There may be more.

What is the likelihood for both of these threats?

What is the impact? Could be pretty significant and expensive.

For a given threat the risk is the likelihood that a threat is realized times the impact. You can put your thumb in the air and come up with numbers or just use your gut feel for the risk. The below numbers are made up but are probably reasonable.

Risk access to the RPi = 5% * $10,000 = $500
Risk crack on OH = 1% * $10,000 = $100

OK, now you have a feel for the risk you are facing. Now you can start to look at mitigations.

  1. Using a secure firewall that does not allow computers from the Internet to directly access the computers on your network

  2. Physically control access the RPi (e.g. locked doors, locked case to store the RPi, etc)

  3. Keep up to date on your security patches for the OS’s and software running on your LAN (not just the RPi)

  4. Use myopenhab.org to access your OH outside your LAN; it only proxies OH’s REST API which lowers the attack surface

  5. Don’t store sensitive information on iCloud in the first place.

  6. Don’t use the same password for more than one service.

  7. Only allow the openhab user to read the file the ID and password are stored in.

and so on.

Each of these mitigations will have a cost and cause a reduction to either the likelihood or the impact. Again, you can apply numerical values and apply them to the risk calculations above, or just use a thumb in the air gut feel.

In the end, you need to look at the risk and decide if it is low enough to be acceptable. If so you have your answer. If not you need either more mitigations or to not use the binding.

Like Thomas, I don’t use Apple devices and do not use the iCloud binding but because my OH server is not directly exposed to the internet, I keep my OS’s up to date, and I keep my house locked (i.e. physical access is controlled) I would accept the risk and use the iCloud binding.

The risk is never brought down to zero short of not using the service. But I would argue that the risk of putting your Apple ID and password on your RPi, assuming you do not do stupid things to your network (e.g. open a port to the internet without a password or encryption) I’d say the risk is no more than the risk of saving your sensitive documents to iCloud in the first place.

1 Like

I have the same concern. While Rickoshak’s post is a good introduction intro risc management, it is about taking countermesure’s to secure a situation that is insecure from its base (storing plain text password). I’d rather look to a secure-by-design approach.
A common practice is to use oauth (authorization code flow flow), but i’m, not sure if Apple supports this. If supported, you would only have a key stored, not your password, and that key would only give access to the parts you setup. Homeconnect and some other bindings use this instead of passwords.

The absolute minimum should be an encrypted password. Maybe not 100% secure, due to the decrypt key needs to be available too from openHAB. But it atleast prevents other users to read it ‘by accident’ from the config files or from backups, github or wherever you sync your config files.

Seems Apple doesn’t support oauth.

Use 2FA. You don’t need to disable it to use openHAB’s iCloud binding. Most services/APIs need that so even knowing your password wouldn’t hurt that much…