Really? Another light switch?

[apostolakisl]

Putting home automation devices directly on the IP network seems like a security mistake. Every device is exposed if someone outside the house wants to monitor you or control your devices. E.g. turn on your light and see if anyone is there to respond. At the early stages it has security through obscurity but I wouldn't want it to catch on.

If you have a separate network (e.g. Insteon, UPB, Z-wave) with an internet-enabled controller, you only have to worry about security at that one point. And if there is a problem, you only need to update/upgrade that one single device, not every single light switch.

This becomes even more of an issue if you use it for functions other than lighting, of course.

I suspect that that a wifi ip environment would have its security globally controlled by some sort of network coordinating device rather than individually controlled at each item. But, the earlier point about power consumption and cost of each device may superseed, but I could be very wrong. Take for example my eyefi card for my camera. It manages to upload big chunks of data via ip without undue stress on the camera battery. The micro amount of data needed for a light switch controller seems like it should take practically zipo on power consumption. But unlike my wifi card, a light switch (or other HA device) would need to be "listening" constantly. I guess the trick would be to have a standby state that takes a fraction of watt to maintain.

 

[jhdale]

I suspect that that a wifi ip environment would have its security globally controlled by some sort of network coordinating device rather than individually controlled at each item.

To be hacked, at worst the attacker just has to pretend to be that network coordinating device. The connection exists.

It's true that you could have a separate, isolated IP network, with no internet connection, but I doubt that is how it would be typically set up. Especially if some of the devices are wifi, that would require two separate wifi networks in the house potentially in addition to two separate wired networks.

 

[tmbrown97]

Yup - it's completely doable - my house is fully set up for it right now with multiple VLAN's that are routable and an access point that supports VLAN's and multi SSID's - but that's a bit over the average person's head.

 

[apostolakisl]

I don't know why hacking a wifi IP communicating system would be any different than hacking an ISY, homeseer, or anything else that runs on a pc. They all would use the same security configurations. I suppose if you have 100 targets instead of one, your chances of landing a success by random targeting go up by 100, but that would only give you access to one device. Woop to doo! Your geeky neighbor kid can turn your kitchen light on/off. Really funny. h34r:

 

[jhdale]

It's not just 100 targets, it's also 100 devices that need to be upgraded if a security hole is found.

ISY gets updated on a regular basis. If a security problem is discovered I'm sure they would fix it. Firmware in your light switches gets updated how often? Do the devices even support that?

In terms of the actual vulnerability, I think it's not the light itself so much as the opportunity for someone to remotely determine whether anyone is home.

 

[tmbrown97]

OK guys - playing Devil's Advocate as I always like to do... How many people on this forum are important enough for someone to bother to hack them to figure out if they're home or to mess with their lights? Burglaries will continue to be crimes of opportunity.

And whether or not we agree with it or not, some industry people think that the way to go is not just IP enabling every switch, but even enabling individual light bulbs. There are several people working on the technology.

And as for whether or not the devices support remote firmware updates - well, we'll have to see - once the devices are invented! I'm sure the smart manufacturers will have controllers that auto-update and auto-update their slave devices.

I don't think much of IP enabling every single device, but my concerns have nothing to do with hackability!

 

[apostolakisl]

It's not just 100 targets, it's also 100 devices that need to be upgraded if a security hole is found.

ISY gets updated on a regular basis. If a security problem is discovered I'm sure they would fix it. Firmware in your light switches gets updated how often? Do the devices even support that?

In terms of the actual vulnerability, I think it's not the light itself so much as the opportunity for someone to remotely determine whether anyone is home.

That's why I was saying earlier that it would probably have a central device (probably software on a pc) that manages all the devices (like updating/configuring security).

I am not sure what work2play has in mind as the problem with IP, but personally I see the problem as limited addresses and overwhelmed switches/routers. Perhaps with ipv6 start to gain traction things will work differently. Honestly, I just don' know that much about ipv6 but it seems like the main reason it is being implemented is to open up the world to giving damn near everything an ip address.

 

[Automate]

There is already an industry standard for IPv6 with built in security and designed for compute / memory resource limited, low power / battery operated devices.http://en.wikipedia.org/wiki/6LoWPAN. No need to re-invent the wheel.

 

[apostolakisl]

There is already an industry standard for IPv6 with built in security and designed for compute / memory resource limited, low power / battery operated devices.http://en.wikipedia.org/wiki/6LoWPAN. No need to re-invent the wheel.

That's what I was getting at. But I suspect it is a number of years off. My uverse has some level of ipv6 support but since I have nothing that works on ipv6 I turned it off. I have no idea if the ipv6 addressing would work outside of ATT's network. But i suspect most people do not have any access to ipv6 and even if they did it would require them buying new modem's and routers. I suspect that for most people, the ipv6 change will not be a priority and that will probably affect product pricing/availability as the markets of scale won't kick in for a while.

 

[tmbrown97]

I am not sure what work2play has in mind as the problem with IP, but personally I see the problem as limited addresses and overwhelmed switches/routers. Perhaps with ipv6 start to gain traction things will work differently. Honestly, I just don' know that much about ipv6 but it seems like the main reason it is being implemented is to open up the world to giving damn near everything an ip address.

My issues are high overhead, port density, Wifi traffic... Most people don't seem to realize that Wifi has a limit of about 30-50 devices MAX per access point. 30 moderate users, 50 absolute max for low-traffic devices like cell phones checking email, etc. It's because the access points have to slice up their available time to talk/listen to each device and you can only slice that time up so small. Doesn't matter if you're talking about a $35 or a $2K access point - that limitation is still there.

Quite frankly, I don't want to have to run hundred-port ethernet switches or 5 AP's throughout my house. Think about it - I have something like 74 light switches in my house; According to my access point, I already have 17 devices on wifi as I sit here right now; If we go to individual light bulbs, we're talking probably 160 or so devices, then the switches; then there's the A/V equipment, the smart TV's, etc - it gets daunting. How/where does it all get hooked up?

And as for IPV6, actually it is loose in the wild. Even 2 years ago my corporate mail server was talking to Google's hosted services over IPv6, not 4 (long story - we didn't know that, and it caused problems we had to troubleshoot and resolve). Here's a tiny more info: http://www.wired.co.uk/news/archive/2012-06/06/ipv6-launch-day

 

[apostolakisl]

I suspect that in 10 years you'll see ipv6 homes with 100's of devices all hooked up. But the typical technology set available to the home at present would be overwhelmed. The idea with ipv6 was to give everything an IP address, even stuff like your toothbrush. So I suspect that the routing/switching/etc issues have been solved and it is just a matter of time until these devices become routinely installed.

 

[tmbrown97]

I'd give it more like 15-20 years.