Smart Home Security

By The Dark Knight
in Smart Home, Network & Security

 Share

Recommended Posts

Veteran

The Dark Knight

Posted
Posted

So I'm getting into the whole smart home / home automation thing, and I have a few doubts.

 

Amazon has recently launched their Echo devices in my country and I have mine on order, set to arrive next month. Also ordered a few Xiaomi Yeelight LED bulbs from China. Do I need to keep anything in mind when it comes to security? I'm not concerned about Amazon Alexa, more about the Chinese stuff. I did look at Philips Hue and some other brands, but they are way too expensive! I have like 35 light points I intend to replace with Smart LED's! :rofl:

Link to comment
https://www.neowin.net/forum/topic/1345884-smart-home-security/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Forgetting about the wpa2 krack stuff, but these sorts of devices are what need to be patched.. So keep an eye out for that when you get those bulbs.  I don't see any statement from Xiaomi yet that they will be patching any time soon.

 

But in general yes there are some things you should and could do to help secure your network while using these iot devices.  You really should look to being able to segment your iot wireless from your normal network..  This can be done with real AP that supports vlans and switch that does and router that does, etc.  Most of your typical off the shelf soho stuff you pick up at the local computer store is not going to support this sort of segmentation of your network.  The good news there are budget friendly ways to get it done.. You don't have to go spend 1000's on enterprise grade stuff.  AC AP from unifi can be had for 90$, smart switch that does vlans less than 50...  You can run a firewall/router distro on any old pc hardware you have about or pick up a low box for less than $200...  Or a usg 3p from unifi is only 100$ etc..

 

Or really cheap some off the shelf soho wifi routers that can run 3rd party like dd-wrt, or openwrt can support vlan and the ability to segment your wifi and wired networks, etc.  Its a bit more than just enable guest network on your soho wifi router.  But that would be better than nothing that is for sure.  I would not put these sorts of devices on the normal wifi network these home wifi routers turn on where all wired and wireless on the same network.

 

With the right kit you can segment say all your lightbulbs to their own network.. And prevent them from talking to anything else on your network directly.  The way alexa and any other app controls them is not normally via local direct access but via both of them talking to the internet.

 

I would then log pretty much everything they do outbound...  So you can see that what they are doing looks to be legit.. Ie phone home on https vs scan random IPs all over the globe ;)

 

When you start getting different type of iot devices - if possible isolate them to their own segment vs just putting all your iot devices on same network.. This prevents from say one bad device messing with another device like alexa, thermostat, tv, medit stick, your toaster and coffee pot when they go online, etc.

 

Keep in mind that I have started my smart home project as well.. And can do quite a bit via remote and alexa in controlling lights, tv, thermo, etc etc..  Keep in mind that some of these cheaper bulbs and alexa itself don't function without internet..  So if you replace all your lights with these smart bulbs and internet is down ;)  Keep in mind as well these smart bulbs the switch on the wall needs to be on... So when if there is power outage or internet outage it can say turn on all your lights in the house when power comes back or whole house go dark, even when power comes back on.

 

Depending on the makers of the bulbs.. When there is a loss of power like you flip the switch to off or outage... They can loose their settings to how they connect to the wifi and you have to set them up again, etc.  If you have 35 of them that could be a real pain in the you know what!

 

While just the cheap smart bulbs is a cheaper option and makes sense for some lights in the house.. Say a table lamp that has no switch on the wall and is just plugged in and you control if on or off at the lamp itself.

 

If you have lights that are controlled by switches on the wall, or there are multiple bulbs that controlled from the same switch..  It could be better to change out the switch in the wall to a smart switch..  So that if internet is out you can still control these devices with the wall switch.. The smart bulbs normally cycle to on when the power is removed and returned.  So for example if internet out and you need to turn on a bulb and alexa is not working.. You might have to go cycle the switch on the wall to get the light back on -- and it you might have to reset up the bulb again, etc.

 

I am using a combination - lamps are just smart bulbs.  I am using tp-link ones.  Also quite reasonable in price.  But also using http://www.lutron.com/en-US/Products/Pages/SingleRoomControls/CasetaWireless/Overview.aspx

 

For some rooms and lights.. Such setups normally require a hub to be installed to control the devices.  The nice thing is with such a setup is when there is a power outage, etc. you do not need to setup these devices.  And when internet is down you can still control the lights just like normal.

 

Suggest you do some good research on what will work best for you and your budget before jumping in and buying 35 smart bulbs for example.. You might make more sense to do the lighting in a few different ways around the house, etc.  So get a few and play with them.. See what happens when power outage, when internet is offline, etc.

  • The Dark Knight
  • Love 1
Veteran

The Dark Knight

Posted
  • Author
Posted

Hey thanks a LOT BudMan for your detailed reply! :)

  1. Yes, I did want to know how to isolate it from my main network, which I will now work on based on your advice.
  2. I have only bought 2 bulbs just now to start with and test out. Was planning to slowly move to Smart LED's, not all at once. :laugh:
  3. But I did NOT know that many of them will not work at all without an internet connection! Here's hoping that these bulbs do work...
  4. Settings resetting after a power outage....crap, crap, CRAP!! Power outages are pretty common here. I have UPS backup, but even that runs out sometimes. :angry:

How do I monitor the bulb internet traffic?

Veteran

The Dark Knight

Posted
  • Author
Posted
32 minutes ago, BudMan said:

Forgetting about the wpa2 krack stuff, but these sorts of devices are what need to be patched.. So keep an eye out for that when you get those bulbs.  I don't see any statement from Xiaomi yet that they will be patching any time soon.

I checked up on this, they seem to be working on it.

http://forum.yeelight.com/t/yeelight-products-and-krack-wpa2-wifi-vulnerability/2421

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Depends on what your using for router.. I run pfsense.. I just have it log the network I have my bulbs on and send it to a syslog server ;)

 

I also run pi-hole so its gives me nice insight to what dns devices are looking up really easy, and allows for simple blocking, etc.

 

Lots of ways to skin the cat to be sure.. Sorry to say moving to a smart home - if you want to do it securely going to most likely require a bit of a learning curve to your network understanding and network setup away from.. Yeah my ISP put in a device and now my phone connects... What is your ssid are you running psk or enterprise - my huh??? Sort of setup.. ;)

 

Happy to help where I can... I think even put in a while back for a smart home section in the forums, etc.  But yes it does tie in very tightly with networking and security anyway.

 

Smarthome tech is changing very rapidly recently.. Security is very very bad in these sort of iot devices.. Hoping to see vast improvement in that area as more people move to such setups.  And demand more from these makers vs just plug it in and it works.. Yes it should do that - but it needs to do it in a secure manner..  These camera's are really bad.. A lot of the makers shared code that was just horrific!!!

 

edit:  Here is where I am at in my smart home setup, ie what I can control via alexa or remote on my phone, etc.

 

Living room lights: caseta switch for ceiling lights and 2 smart bulbs in lamps.  Dimmable

Front port light - caseta switch. Dimmable

TV and audio system (harmony hub tied to alexa).. On Off, change channel, pause, etc.

Garage door - app on phone not yet tied to alexa.. But this is really nice since get alerts when not home when wife comes and goes, etc.  And if forget when leaving can just close with tap on phone.

Nest thermo - alexa access, phone access get temp, set temp, etc. etc.

Nest protect - alerts if via app if detects anyway.  Got alert the other day when wife was burning dinner while still at work ;)

2 remote wall plugs (tp-link).  Normally use for Xmas lights outside and Tree, etc.  They also report on energy usage.. So you can track how much it cost to run your xmas lights ;)  Same goes for the light bulbs in lamps.

 

I think that its it off the top of my head, was actually quite surprised actually how fast my wife started using it all..

 

It is an on going project.. Will be doing the lights and ceiling fan in my computer room next.. Or maybe the main hall lights.. Not sure yet.. Quite a bit to still.. Camera's coming - but they are not cheap to do it how I want to do it ;)

  • The Dark Knight
  • Like 1
Veteran

The Dark Knight

Posted
  • Author
Posted

Currently using an ASUS RT N56U router, but plan to move to pfSense eventually.

When it comes to networking knowledge, I'm nowhere close to your level, but I'm not at complete beginner level either. :)

 

Thanks, will definitely ping you for help!

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

When you make the move let me know - happy to help.. Your going to want a smart switch and AP that can do vlans!!!

 

Clearly your ahead of the game from the networking aspect.. Or you would not even be here asking the questions ;)

Veteran

The Dark Knight

Posted
  • Author
Posted
20 minutes ago, BudMan said:

Nest protect - alerts if via app if detects anyway.  Got alert the other day when wife was burning dinner while still at work ;)

Camera's coming - but they are not cheap to do it how I want to do it ;)

Ha ha! :rofl::rofl:

3 minutes ago, BudMan said:

When you make the move let me know - happy to help.. Your going to want a smart switch and AP that can do vlans!!!

 

Clearly your ahead of the game from the networking aspect.. Or you would not even be here asking the questions ;)

Thanks! :D

Veteran

The Dark Knight

Posted
  • Author
Posted (edited)

So I was doing some more research on these bulbs....turns out they have 2 servers that can be used depending on your requirement. If you use the Xiaomi Gateway hub, you need to connect to their server in Mainland China. If you want Alexa, Google Home and IFTTT, then you use a server in Singapore. It doesn't connect to both, so it's one or the other.

Even better, they have a Developer Mode, which lets you control it fully on a local LAN! Then there's this open source programme called Home Assistant that you can install on a PC or Raspberry Pi that connects to a big bunch of smart devices. It even lets you extend an Echo device with a lot of neat tricks like custom responses instead of the fixed "Ok"! :D

Can't wait to start playing with all this! :laugh:

Edited by The Dark Knight
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Yeah it can be a time eater ;)  Looking at the home assistant.. Lots of supports for lots of different devices... Very interesting... I can see me installing this to one of my pi's here real soon...

  • The Dark Knight
  • Like 1
This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By Snake Doc · Posted

      So size is the ONLY selling point????? People have been plugging in PC's to TV's in living rooms for 20+ years. I would take a bigger box for more peformance. Also lot and lots of SFF/Mini ITX build guides out there.
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By Snake Doc · Posted

      My point is, if you buying this instead of a console for TV purposes, that you need to understand that you will not be able to play the most popular MP games with Steam OS. Now if you are not into those games, and into some of the perputual alpha/beta games on Steam then this is an option. I would argue a gaming PC would be the better route, more expensive but take the 1k -1.4k you are about to spend on this thing and build a better one. Because it is running Linux you can overide its 1080p settings. However The Verge complained about its 1080p cap and how you would have to get around it at the CLI, so someone buying this instead of a PS5 or Xbox might have a challege on their hands.
    • A review of Synology's BeeCamera software for the BeeStation Plus

      By Fezmid · Posted

      A review of Synology's BeeCamera software for the BeeStation Plus by Christopher White Synology is leaning into the BeeStation and the BeeStation Plus, and it's easy to understand why. While power users will want something more customizable, the BeeStation and its more powerful sibling, the BeeStation Plus, are great for those who want a device they can simply plug in, click a few buttons, and have it work as their own personal cloud. Until recently, the device was mostly used for the storage of files, photos, and videos, and with the Plus model, you could install and stream media through Plex. Synology recently released a new free application for the BeeStation Plus called BeeCamera, which is basically a stripped-down version of Surveillance Station. First, let's get the confusing naming out of the way. While you might initially think that BeeCamera is a physical device, perhaps a camera that Synology created specifically for the BeeStation Plus, that would be incorrect. BeeCamera is simply the name for the application that runs on the NAS and on your mobile device. I think the marketing team missed the mark here, but it does fit the other naming on the device, like BeePhotos and BeeFiles, I guess. Camera Support As of right now, only Synology-branded cameras are supported, which many will see as a callback to the drive locking the company implemented and then backtracked on. That said, while I 100% disagree on drive locking, I agree that camera locking for a device made to simply plug and play is the right decision. The whole point of the BeeStation line is simplicity. There are currently three camera model lines available, a wireless device for indoor use, and two PoE models for external use. CC400W (Wi-Fi): Plug it into power using the included power adapter, and connect it to your wireless network. This camera is rated only for indoor use and is the one I was provided to review the BeeCamera. $198.36, in line with the Unifi G6 Compact. BC510 (PoE): A bullet-style camera. Connect it to an Ethernet cable that is providing Power over Ethernet (PoE). This camera is rated for both indoor and outdoor use. $240. TC510 (PoE): A dome-style camera. Connect it to an Ethernet cable that is providing Power over Ethernet (PoE). This camera is rated for both indoor and outdoor use. $240. Although this isn't a review of the actual Synology camera, I did want to note that a positive for the Synology CC400W is that it uses a magnetic base. This means you can mount it on any magnetic surface, which is pretty handy. However, a downside to the camera is that it's powered by a built-in USB cable that's about six and a half feet (two meters) long. This means that the cable will probably be either too long or too short, but more importantly, if the cable is damaged at all, you'll likely need to buy an entirely new camera because there doesn't appear to be a way to replace it, unlike many competitors, like the Unifi G6 Instant. Hopefully, this is something Synology addresses in a future revision of the hardware. The BeeStation Plus supports up to four cameras. Setup The setup of BeeCamera is, like everything in the BeeStation family, very straightforward. Simply make sure you're on at least version 1.5 of the BeeStation OS, and BeeCamera is automatically installed on the device. BeeCamera Setup Screenshots Setting up the CC400W was just as easy. Plug it in, open up the BeeCamera app, and follow the on-screen steps to add the camera. During this process, you'll configure the camera name and how many days of retention you want to keep. The system will also automatically update the firmware for you. The whole thing took only a couple of minutes, excluding the time it took for the camera to update the firmware. Once the camera is connected to the BeeStation Plus, you can manage the various camera settings within the app, although there aren't many to choose from. You're able to configure whether the microphone will record audio (some privacy laws may preclude you from recording it), select what codec to use (H.264 or H.265), configure the color and exposure of the camera, and determine what data you want to overlay onto the video. Finally, you can set up AI detections so that BeeCamera will alert you if it sees certain things. These are all of the common detections you would expect in a camera system, such as people, pets, and vehicles. Under people and vehicles, you can also add extra monitoring for lingering and congestion detection, although pets are currently in "Lab" and therefore have no extra features yet. Recording in 4K using H.265 for 30 days will take roughly 300 GB of storage, which is very reasonable for most regular households, as the BeeStation Plus has 8TB of native storage. If you want to set up detection zones, you can. These are areas that BeeCamera will look at for the various detections, and are helpful if, for example, there's a tree in your frame and you don't want to be notified each time the wind makes the branches move around in the frame. Finally, you can also schedule when the camera should and should not be recording, which is a very useful feature. For example, you may want to record only at night when you're sleeping, but not during the day when you're up and about the house, so you can easily shut the camera off between 8 am and 10 pm. Each hour of each day can be configured to record continuously, only upon a detection event, or disabled completely. You can't fine-tune to record at a specific time, though, only hourly blocks on the hour. Daily Use The best part of BeeCamera is that it's easy and just works. If you only care about being notified when things happen, the mobile app sends those notifications and lets you click the button to bring up the video and see what's going on. For example, when I went out of town and had the camera pointed at the cat tower in our hallway, it was nice to be able to drop in and check that my furry friends were doing okay without me. Initiating the remote connection to the BeeStation Plus through the app is very responsive, but this will heavily depend on your ISP. In my case, using Xfinity, I'm able to go from starting the app to seeing live video in roughly three seconds, which is about the same amount of time it takes to connect to my Unifi UNVR system that costs much more. If you want to see footage from a specific day and time, you can do so using the calendar icon. You can also scroll through the timeline, looking for detections that are labeled in blue (vs. the normal gray when there's nothing of interest). There are buttons that let you go to the last/next detection on the timeline, which is helpful if you missed the notification on your mobile device. That's where the ease of use stops, though. While you can download clips that are flagged by detection, there's apparently no way to select generic time frames you're interested in, and the only place to download is to your phone. In addition, sharing a video shares the actual video, not just a link back to your BeeStation Plus. While that's good from a security and privacy perspective, it's a little awkward for sharing large videos. Limitations While the ease of implementation is great, there are some things that are lacking from BeeCamera. The most obvious is that there is no way to view the footage on the desktop. You can log in to the BeeStation Plus to see how much storage BeeCamera is using, but unlike BeePhotos and BeeFiles, there is no BeeCamera on the web console to manage or view footage. This means you'll be viewing all of your security footage on your mobile device, which is pretty limiting. In addition, there's no way to download the video to your PC without first using your phone as the intermediary. The one exception to this is that you can use BeeFiles to see the raw MP4 files. They're saved in 5-minute increments, and it's just raw data with no detection information or any other way to identify what any of them are. The lack of a way to interact with BeeCamera on the desktop also makes configuration of the cameras more difficult. For example, trying to set up detection zones using a tiny screen and your finger to draw boxes is more cumbersome than it needs to be. This reinforces the idea that BeeCamera is not made for power users. It's also missing some of the more advanced functionality of Surveillance Station. For example, I couldn't find a way to say, "Alert me if the thing in this zone is no longer there." Another major deficiency with BeeCamera, and a feature I suspect may come out in the future, is that while it can detect generic people, there is no specific facial recognition yet. This is an interesting omission, given the fact that other Synology tools can detect specific individuals, and competitors such as Unifi Protect also do it. This is probably a software limitation, so we will have to wait and see if this feature is added in the future. Conclusion If you need a security guard to monitor surveillance cameras to make sure your property is secure, then BeeCamera is not the solution for you. That said, you probably wouldn't be using a BeeStation Plus as the brains behind the system either. BeeCamera (and BeeStation in general) is clearly aimed at households that want to avoid sending personal data to Google and Amazon, and now want to add some cameras to keep an eye on their home and their pets while they're away. BeeCamera excels at doing this. The target market isn't interested in creating cases, tying multiple views together in a single pane of glass, or the like, and for the intended use case, the system works great. Where it starts to fall apart a bit is with more advanced features. Not being able to use a desktop app is a major compromise in my opinion, and having to do all of the configuration on a mobile device is annoying, but not impossible. If you don't want to have a full-fledged NAS device in your home, but still want control over your data (or maybe want an easy way to backup your data for World Backup Day), and want to add a couple of cameras to keep an eye on your house and your pets, this is a great, cheap, and easy way to go, and I suspect more functionality will come over time. If Synology releases a desktop app or at least a way to configure cameras and view footage on a desktop browser, this would be a near-perfect solution for a general home user. As an Amazon Associate, we earn from qualifying purchases.
    • AI is indeed eliminating jobs, and Oracle just proved it

      By macoman · Posted

      I forgot to add on my comment that when robots will take physical jobs, it's when they become more cheaper to manufacture and sell. That will be the starting point of the end to lanscaping, trash pickup, factory jobs, etc.
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By Snake Doc · Posted

      How many people can actually use a 2.5gig ethernet port? Most people do not have more than a 1gig internet connection, heck most have less than that. Most people at home do not have a switch that has multiple 2.5gig ports either.

  • Recent Achievements

    • One Month Later
      timbobit earned a badge
      One Month Later
    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      476
    2. 2
      +Edouard
      172
    3. 3
      PsYcHoKiLLa
      104
    4. 4
      Michael Scrip
      88
    5. 5
      Steven P.
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!