ano said:
I believe you are mistaken on how it works, at least SmartThings. The SmartThing app. on a phone NEVER connects to my SmartThings hub in my house. I completely disconnected the hub from my network, and the app. had no problem accessing everything in my account. It also had the last state of every device in my house. Obviously its connecting to the cloud, and the hub connects to the cloud as well, but the app. DOES NOT connect to the hub. My guess is app to cloud and cloud to hub transmissions are very encrypted.
And are you saying your home PC is not connected to the Internet?
I think its a bit unrealistic to assume that a hub and a phone app. both communicating to a known location over an encrypted connection is going to be hacked, but you on a PC communicating with 1000's of web sites, that is secure.
Not having one I do not know how it works precisely, but most such devices establish a persistent (or regular) connection to some remote service (in the cloud, though of course this is just a computer somewhere). Other devices that need to connect to it (e.g. your phone) then use that service as a relay point.
That relay process can be intercepted in many ways, from DNS hijacks to man-in-the-middle attacks between the home device and cloud, or cloud and mobile device. Certificate hijacks are also coming in vogue, as more and more registrars get into the game, and play fast and loose with the rules. IOT devices are particularly vulnerable to those as they may lack robust validation, CA revocation processes, etc. Mobile device use in open wifi environments are a good example where such MITM attacks are easier, but DNS hijacks are becoming more frequent.
None of these require that the cloud server itself be hacked, through that is yet another path.
At issue here for home networks is who initiates a connection. Take my home computer. If I connect out to cocoontech.com, a connection is permitted through my firewall and cocoontech can send any data back on that connection it would like, but ONLY if I initiate it. If I do not initiate it, it can reach my firewall, but not my computer inside the firewall with a Cocoontech initiated connection.
SOME HA devices require port forwarding, upnp or other techniques that DO allow an externally initiated connection to reach inside. To me those are the most dangerous. The mobile apps for Elk M1G for example (at least the ones not from Elk) require that. There is no inside-out connection established, they require a static NAT connection from outside-in to reach the Elk (more precisely PAT but NAT is better known). I am then trusting that app, and the Elk, to not abuse that connection. But they are by no means the only danger.
I have no such provision for my PC or any other device inside except the Elk and my router. So in a very real sense, my PC is not "connected" to the internet, not in a two way connected sense. It's crouched down low, head down, behind my firewall.
An issue with much of the low end HA gear is that the technical details of what it does and how it work are not published. Very knowledgeable end users are basically told "trust us", there is no provision for one to understand and do a reasoned risk analysis on the technology. But probably the biggest risk is age -- IOT devices are simply not updated regularly, and if you look at the last couple of years, with major, widely used vulnerabilities being disclosed in low level security protocols, you start to see the problems IOT vendors have. They have to be simple plug-and-play, cheap devices, but if they are not regularly updated with patches, they are vulnerabilities. So they either need to put a LOT Of effort into such updates, or stay cheap and ignore them, and figure a $100 device is forgotten in a few years, and besides you can't sue China. Guess which most are choosing.