Myopenhab cloud instance compromised


At 6am this morning garage door was opened and an attempt to “switch off” my alarm by toggling the switch to turn on the alarm was made. (im not dumb enough to make a simple switch in Openhab to turn off the alarm).

After 31 years of being a network engineering/architect with oodles of letters after my name - the only attack plane left that this could have sourced from is the Openhab Cloud upon review of logs on all devices.

I have disabled my connector and will VPN in to my home when I need to do something for the house (Android and tasker solve the vpn when Openhab is the open app with focus).

With that said - a logging interface of source of logins and actions to the API would be helpful for at least forensics.

Devils advocate here - do you use wifi in your house? Could somebody have compromised that? If the can get on your local network then openHAB has no security.

How can you be so sure? Sorry but everytime someone begins like this it’s the exact opposite.

I should have posted this as “HELP - need the audit log for the myopenhab related to my instance!”

All of your concerns about the sourcing could be valid but with two kids and a wife and decades of being an internet/networking engineer - I know the level of my security at my house and between my sensors and SIEM for me to restore my confidence in the cloud connector i would have to have access to an audit of where api events were sourced from

I understand your questions. You are definitely a knowledgeable person. I would have a couple suggestions one which would possibly put a little more control in your hands.

I like your idea of having an audit log of sorts in the myopenhab profile. May other services have this. I would suggest opening an issue on github in the myopenhab connector. This would be the place to make a suggested improvement.

The second idea was to stand up your own cloud instance on a vm. There are inexpensive vms out there. If you had your own instance you could be a little more in control.

Sorry to hear about your situation. Things like this definitely can be concerming. I had a few issues at my house i have not figured out either. Lights coming on in the middle of the night was mine. It has happened a few times now while everyone is sleeping. I was unable in all instances to truly track down the source. I dont think it was cloud related in my case, but either way tracking down the true source never happened. In my case it appeared to be my insteon keypad, but no-one was awake to press it.

I wish you the best, sounds like you found a work around for now.

1 Like