I don’t trust any network. Offtopic in this thread, but how can I trust devices in my network running on closed source software? Some of them have an old OS which isn’t patched anymore. How can I trust my neighborhood; they can capture the wireless traffic between my Homey and Hue?
What’s against more security, no mather if it’s local or public data traffic.
There’s nothing against more security, but local devices typically can’t support HTTPS when you have to access them through their IP-address.
If you want to access your Homey locally over HTTPS, you need to allow DNS rebinding in your local network, with which you open up your network for rebinding attacks. Otherwise, you can only access Homey through the cloud or over plain HTTP (and since your neighbours have cracked your WiFi that isn’t ideal either).
You’re right when it comes to DNS and signed certificates. I’m talking about selfsigned certificates and IP address usage to my Philips Hue. Except a man-in-the-middle attack, a selfsigned certificate encrypts the traffic between the two hosts. By capturing the WiFi traffic -and finding the WPA2 key- they still don’t have my Hue API key.
An extra security is to store the hue-host certificate as trusted to prevent M-i-t-M, but I think this is more related to Homey Core then this app.
Unless you allow DNS rebinding, local traffic to your Homey will also be unencrypted and capturing its WiFi traffic would probably pose a much bigger risk to your home.
To get back more on topic: I understand the usefulness of detecting offline nodes, but isn’t it bad if Zigbee bulbs go off power all the time? Won’t that mess up your mesh? Maybe most devices will find another route, but it sure won’t do response times any good when routers are disappearing and reappearing unexpectedly.
I think you should avoid powering off the devices as much as possible. Found more info (Zigbee V3) here: What Is Zigbee Wireless Mesh Networking? | Digi International
Off course it is better for the mesh to switch off the lights via Homey/HUE or programmable buttons in the home. In my case i replaced (almost) all my bulbs (25+) with HUE bulbs/Tadfri bulbs/Osram plugs/Hue plugs/zwave plugs. (i prefer to include Hue hub to have a dedicated app / keep integration with Apple home.
But we will keep using the physical switches as well, thus the need fro me to create a tool to sync HUE light state based on reachability.
I minimize this ‘risk’ of people turning off the lights physically by using flow cards to auto turn of lights based on time of day/ light level / duration being on / movements / some ip address presence (work laptop for office, ps4 for game room). And i’m thinking to add mb’s downloaded via de router as well. (if that is zero, everybody must certainly be asleep?)
Big thank you for this. I used it as a base to create a Homeyscript to copy what I did earlier in dzVents on Domoticz. Both to get the status of the ligths and also to turn of the lights if they are contiuously unreachable for set time period.
I posted and discussed the code here: topic