Dear OpenHAB2 users.
I would like to warn you about the lack of security in the new OpenHAB2. And make you aware of the risks of exposing OpenHAB to the internet. Of course there is the option of using ngnix proxy or my.openhab, but unfortunately I have seen a bunch of people having their OpenHAB2 installation open to the internet without any means of protection.
If you are one of those people and think that your installation will not be found and think that you would need to know your ip address to find you, please think twice because with the shodan.io search engine it is very easy to find open openhab installations.
To test this I have searched for ‘openhab’ in shodan.io and found openhab2 installations and was able to control lighting, sockets and thermostats.
Please do not open you openhab installation to the internet, but rather use the ngnix proxy or my.openhab.
Dennis
P.S. the same goes for unprotected MQTT brokers, regularly used in combination with ‘owntracks’.
