Security exposure with internet connected homes
-
Another week has passed and now there is a breach in the Eufy security camera platform and we have seen what has happened to the Colonial pipelines in the US... I wonder who is next. Highly encourage people to be much more deliberate and conscientious with what device you buy and install in your homes...
-
I am still following the events unfolding. It is indeed amazing to me how many people had their NAS open and accessible directly through port forwarding...
-
Another week has passed and now there is a breach in the Eufy security camera platform and we have seen what has happened to the Colonial pipelines in the US... I wonder who is next. Highly encourage people to be much more deliberate and conscientious with what device you buy and install in your homes...
-
@rafale77 it functionality vs usability... if you do not forward specific ports (smtp, ftp, etc) you van not use the device as intendes. And placing it behind a vpn is not workable in that sense...
@sender said in Security exposure with internet connected homes:
@rafale77 it functionality vs usability... if you do not forward specific ports (smtp, ftp, etc) you van not use the device as intendes. And placing it behind a vpn is not workable in that sense...
Well that rather depends on the device. Alexa, for example, requires no port forwarding. A NAS probably would but can be accessed via a VPN.
For example my mail server does need very specific ports (obviously) but they are not forwarded. I connect to my own VPN end point.
The only port I have open is a non-standard SSH port. However Alexa creates her own connections which may be insecure.
So not quite sure what case you're looking at here.
C
-
@CatmanV2 is correct. It's not just about port forwarding. In many case it is the cloud server getting hacked, exposing your credentials and allowing people to access your account. The reason for my post about being careful with the devices you buy... is more related to smart home devices or I would say IOT devices getting hacked from the "I" internet. The latest as of this morning about Eufy cameras is an example. See here
It always blew my mind that anyone would want their cameras to stream anywhere outside their own network besides through a direct VPN but... you see all of these cloud doorbells and cloud cameras services but the same is true for all the other smart thermostats etc... which I have either eliminated or am isolating and aggressively blocking access to/from WAN.
-
@sender said in Security exposure with internet connected homes:
@rafale77 it functionality vs usability... if you do not forward specific ports (smtp, ftp, etc) you van not use the device as intendes. And placing it behind a vpn is not workable in that sense...
Well that rather depends on the device. Alexa, for example, requires no port forwarding. A NAS probably would but can be accessed via a VPN.
For example my mail server does need very specific ports (obviously) but they are not forwarded. I connect to my own VPN end point.
The only port I have open is a non-standard SSH port. However Alexa creates her own connections which may be insecure.
So not quite sure what case you're looking at here.
C
-
@catmanv2 hence I have a separate vlan/sybnet for "tunneling" and outbound session things (mostly IOT). And specific ports forwarded to a nas (compared to a vpc but locally managed)
@sender said in Security exposure with internet connected homes:
@catmanv2 hence I have a separate vlan/sybnet for "tunneling" and outbound session things (mostly IOT). And specific ports forwarded to a nas (compared to a vpc but locally managed)
I should really do the same thing. But I'm not convinced that there's really much benefit. My Alexas still need to talk to HA bridge. I guess I could put HA bridge on a separate machine and then allow only connections from that IP into the main device but that doesn't seem any more robust than the current set up.
Perhaps a better piece would be to separate all my critical services so keep NotVera and HA bridge and Alexa all on a separate subnet.
C
-
Could be a bizarre follow up to a post I made on another thread but it may be more related to this topic so I am posting here. Oddly things are unraveling... It is confirming my own observations that Android devices seem to send a lot of data, a lot more than iOS devices even when you don't them to. This is odd because of how hit and miss geofence on android has been yet I am observing that they update Google about where your device is a lot more frequently and with a lot more "details" than iOS devices do.