It’s perfectly possible to have a smart home that does not call home. Home Assistant is an amazing piece of software that can allow smart devices from different manufacturers talk to each other without connecting to a cloud service — all done locally.
This is the only way I would go about it. Maybe in the future if I really want it but really, the more tech, the more vulnerabilities. I’m fine with manually turning things on and off even if it’s self hosted.
Ultimately, it’s just a light bulb. If it gets breached for whatever reason then it’ll a minor annoyance with someone blinking lights until you flip the physical switch off….unless you have a light-sensitive condition I guess.
Unfortunately, no. Ultimately it’s a tiny computer that happens to produce light when a certain gpio pin is enabled. The light bulb is the portion you see, but inside, it’s an internet-connected microcontroller. I’ve even seen smart devices that internally run a full Linux distro complete with a shell session you can access if you know what you’re doing.
The problem is that some of these firmwares and/or exploits for these firmwares actively scan your local network and report things. Further, they can be used as a jumping off point for attacks deeper in your network.
At some point you have to define which threat vectors you’re willing to accept. Yes, in theory you’re correct. A device could ship with exploits for wifi targeting most access points or Bluetooth cards I guess.
So this device hops on my network, downloads a payload to break into my computer and finds…. PDFs of my tax returns, where most of the important data is already exposed and associated with my name? Worst case, tries to log into my bank accounts but is stopped by 2FA requiring a hardware token?
The bigger threat is the device wanting on my wifi or wired network, not some Zigbee bulb that has to conceal a wifi radio.
I’d be far more worried about a personal computer getting compromised before believing a Philips (or other mainstream hub) was popped.
Is it possible? Absolutely. We don’t know how secure these place’s software supply chain is.
I’m confident keeping it at “it’s just a lightbulb”, at least Zigbee bulbs, because the attack vector for this would take so much effort for it to be effective.
Sure, if you’re in a high-risk category, like if you live in an authoritarian state and you’re the popular candidate espousing democracy, I’d completely agree and say trash all of your wireless devices.
Put home assistant on a raspberry pi, plug a Zigbee dongle to it, and start connecting smart gadgets to it. Or better yet buy a home assistant Green. You can check the home assistant docs to see if a smart device requires cloud connectivity to work — in general if it connects through Zigbee (or ZWave or Matter) then you’re good, but if it connects through WiFi then it probably is cloud based.
Can confirm. I run Home Assistant and Rhasspy with Sengled bulbs and none of transmits info. The devices themselves aren’t generally the issue, it’s the hub that operates them that would be collecting and sending the info. Remove that, and you don’t have to worry.
You can use microphones wherever with HA and Rhasspy. Rhasspy is just the local voice and intent recognition portion, and HA executes the commands. This means you can have one Rpi in your place managing devices, and then have many different microphone-attached Rpi all over your house forwarding voice recognition intents to do whatever you want it to do. Whatever the mic is attached to will send to the HA instance and tell it what to do. No cloud.
Why do I need a RaspberryPi? I can’t use my regular Linux PC? What is a Zigbee dongle and why is it mandatory? What do I do if he device is cloud based?
Your Zigbee light switches won’t do anything unless the machine running Home Assistant is on. Being able to control your lights while the computer isn’t running is really convenient.
Sure! Click the link at the very top of the page! You know, what this entire conversation is theoretically talking about? It takes you to a Home Assistant page and even has some details on their philosophy and links to even more details about their privacy focused philosophy! I thought saying essentially “read the fucking article” would be pretty asshole-ish and wouldn’t contribute anything to the conversation, but I also thought that your question contributed nothing, so I downvoted.
Yikes… I read the fucking article, and it explained nothing. I read your comment and understand why you down voted. There you go, @b3an it seems that @tjhart85 simply has a stick up their ass
It’s perfectly possible to have a smart home that does not call home. Home Assistant is an amazing piece of software that can allow smart devices from different manufacturers talk to each other without connecting to a cloud service — all done locally.
This is the only way I would go about it. Maybe in the future if I really want it but really, the more tech, the more vulnerabilities. I’m fine with manually turning things on and off even if it’s self hosted.
Ultimately, it’s just a light bulb. If it gets breached for whatever reason then it’ll a minor annoyance with someone blinking lights until you flip the physical switch off….unless you have a light-sensitive condition I guess.
Unfortunately, no. Ultimately it’s a tiny computer that happens to produce light when a certain gpio pin is enabled. The light bulb is the portion you see, but inside, it’s an internet-connected microcontroller. I’ve even seen smart devices that internally run a full Linux distro complete with a shell session you can access if you know what you’re doing.
The problem is that some of these firmwares and/or exploits for these firmwares actively scan your local network and report things. Further, they can be used as a jumping off point for attacks deeper in your network.
At some point you have to define which threat vectors you’re willing to accept. Yes, in theory you’re correct. A device could ship with exploits for wifi targeting most access points or Bluetooth cards I guess.
So this device hops on my network, downloads a payload to break into my computer and finds…. PDFs of my tax returns, where most of the important data is already exposed and associated with my name? Worst case, tries to log into my bank accounts but is stopped by 2FA requiring a hardware token?
The bigger threat is the device wanting on my wifi or wired network, not some Zigbee bulb that has to conceal a wifi radio.
And what about the zigbee hub, assuming you didn’t know enough to use homeassistant or some such?
Or a wifi bulb?
Point is, consumer smart electronics don’t have the same attention to security paid to them.
Fwiw, I’m not anti-smart device. I run HA and have all kinds of smart crap, so clearly I accept at least part of the risk.
But saying “it’s just a light bulb” is disingenuous as best.
I’d be far more worried about a personal computer getting compromised before believing a Philips (or other mainstream hub) was popped.
Is it possible? Absolutely. We don’t know how secure these place’s software supply chain is.
I’m confident keeping it at “it’s just a lightbulb”, at least Zigbee bulbs, because the attack vector for this would take so much effort for it to be effective.
Sure, if you’re in a high-risk category, like if you live in an authoritarian state and you’re the popular candidate espousing democracy, I’d completely agree and say trash all of your wireless devices.
The LIFX bulbs announced your WiFi password to anyone who asked. This is not a breach of the bulb itself, it’s a gateway to your LAN.
Hue bulbs use Zigbee, not wifi.
I don’t want to be annoyed
It opens up another vector for attacking other sensitive devices on my network. I haven’t segregated my network so I don’t feel safe doing this.
How
Put home assistant on a raspberry pi, plug a Zigbee dongle to it, and start connecting smart gadgets to it. Or better yet buy a home assistant Green. You can check the home assistant docs to see if a smart device requires cloud connectivity to work — in general if it connects through Zigbee (or ZWave or Matter) then you’re good, but if it connects through WiFi then it probably is cloud based.
https://www.home-assistant.io/
https://www.seeedstudio.com/Home-Assistant-Green-p-5792.html
https://www.home-assistant.io/integrations/
Can confirm. I run Home Assistant and Rhasspy with Sengled bulbs and none of transmits info. The devices themselves aren’t generally the issue, it’s the hub that operates them that would be collecting and sending the info. Remove that, and you don’t have to worry.
wow so Rhasspy is local voice assistant! do you have microphones places throughout your pad or do you go to a website first to speak or what?
You can use microphones wherever with HA and Rhasspy. Rhasspy is just the local voice and intent recognition portion, and HA executes the commands. This means you can have one Rpi in your place managing devices, and then have many different microphone-attached Rpi all over your house forwarding voice recognition intents to do whatever you want it to do. Whatever the mic is attached to will send to the HA instance and tell it what to do. No cloud.
Why do I need a RaspberryPi? I can’t use my regular Linux PC? What is a Zigbee dongle and why is it mandatory? What do I do if he device is cloud based?
You can use your regular PC if you want, but having an always-on server (the pi) makes it more convenient to use from, say, your phone.
Zigbee is a popular wireless communication protocol used by iot devices. Without the dongle you won’t have any way to talk to them.
If it’s cloud based, buy something else that isn’t.
Your Zigbee light switches won’t do anything unless the machine running Home Assistant is on. Being able to control your lights while the computer isn’t running is really convenient.
Perfectly valid to ask how to protect your data using the tools the other user mentioned. Not sure why you were downvoted for asking simply how.
deleted by creator
deleted by creator
deleted by creator
@tjhart85 care to explain?
Sure! Click the link at the very top of the page! You know, what this entire conversation is theoretically talking about? It takes you to a Home Assistant page and even has some details on their philosophy and links to even more details about their privacy focused philosophy! I thought saying essentially “read the fucking article” would be pretty asshole-ish and wouldn’t contribute anything to the conversation, but I also thought that your question contributed nothing, so I downvoted.
Did that answer your question sufficiently?
Yikes… I read the fucking article, and it explained nothing. I read your comment and understand why you down voted. There you go, @b3an it seems that @tjhart85 simply has a stick up their ass
deleted by creator
If i understand correctly this is Home Assistant saying that Hue is taking away that ability on devices people have already bought and installed.
That’s about the hue hub. The bulbs are still Zigbee and can be controlled 100% remotely with HA and a Zigbee dongle.