[chbot] Wifi Controlled Power Sockets / Internet of Things

Nick Rout nick.rout at gmail.com
Thu May 21 07:12:24 BST 2015


On Tue, Apr 21, 2015 at 6:51 PM, Volker Kuhlmann
<list0570 at paradise.net.nz> wrote:
> On Tue 21 Apr 2015 18:05:42 NZST +1200, Richard Jones wrote:
>
>> http://www.aliexpress.com/item/EU-AU-UK-US-Smart-plug-WiFi-Smartphone-Remote-control-socket-power/32272099666.html
>
>> I'm still considering the security implications that were raised at last
>> nights meeting.
>
> The plug you mention above is cloud based:
> "use your smartphone to turn off appliances when you're out"
> "Accurate feedback: ... whether you're in LAN or remote network"
> And the giveaway:
> "Double protection and more safety", "LonHand Server"
>
> That means someone somewhere always knows exactly what you're doing in
> your house, whether you're home or not. Assume that this info gets
> stored permanently. Assume that this someone eventually gets bought out
> by google or likewise, including your personality profile. Orwell would
> have a field day.
>
> As I must have said previously, personally I put this kind of thing into
> the class of "consumer junk" with respect to network security.
> Irrespective of what big words their marketroids come up with and how
> many times they mention "password protected", bugs won't get fixed. The
> key is a feel-good instrument if the lock doesn't need it when you look
> at it sideways. For wifi I suspect that that unfortunately is a fairly
> safe assumption. The firmware is complex and made for time to market and
> low cost.
>
> If you have a good firewall and don't allow these things to connect out
> a technically advanced neighbour / passersby may turn your light/fridge
> off. You might not care, assuming the thing still "works", which it
> might not. It still is a gateway for attacks on your home network
> though.
>

Yes I don't know why every home control software has to 'connect to
the cloud' to make it work from outside your LAN. What happened to
running a VPN?


> Volker
>
> --
> Volker Kuhlmann
> http://volker.top.geek.nz/      Please do not CC list postings to me.
>
> _______________________________________________
> Chchrobotics mailing list Chchrobotics at lists.linuxnut.co.nz
> http://lists.ourshack.com/mailman/listinfo/chchrobotics
> Mail Archives: http://lists.ourshack.com/pipermail/chchrobotics/
> Meetings usually 3rd Monday each month. See http://kiwibots.org for venue, directions and dates.
> When replying, please edit your Subject line to reflect new subjects.



More information about the Chchrobotics mailing list