I love the product and I really hope to get some input from you how I can get my setup to a more secure state. Currently I’m hesitant to add more apps and I’m baffled about those who add locks, alarm systems etc.
Could you please:
Update on the progress of implementing 2FA (maybe use Google?)
Elaborate on how you work with improving the security and what is on the roadmap
Give me some tips on how I can improve the security of my Homey setup (e.g. set up a VPN tunnel)
first of all: Welcome to this forum! Good to see you found your way here.
Second: based on your topic, I would like to clarify that this is not a forum hosted, maintained and moderated by athom itself. It is in fact, a forum made by the community, for the community. Basically everyone, with the expection of Bram, is a Homey user, not a Homey staff member.
I am not a developer or similar, so I can’t comment on https and similar questions, but I would like to point out that:
register, complain about security, post “better” Product…
Sorry, but the Product you linked does the same as the Homey does. He communicates with the devices you add. Some of then also require control via a cloud based solution. Whenever that is not required they (seem, i haven’t tested it) use local control. That is exactly how athom and Homey does it.
For Security i would suggest, you go and remove all your SmartHome stuff again, as all of them which are using an app also punshed holes into your firewall, as all of them will contact the servers of thei manufacturers to link you with your app to your product.
Just checked their website. I guess it depends on your on preferences. The number of devices supported is somewhat limited. I’m missing my 2 TV’s, Chromecast, Xiaomi, some Zigbee devices, a whole lot of KlikAanKlikUit devices. Also, things like spotify, ifttt and such are not supported. I personally love Homey because it doesn’t only support devices, but also connects to other online services. I don’t know what it can do, but you’re free to check it.
I must agree with @carp3-noctem that every smart home product has security limitations, but I don’t feel Homey’s security is bad. You’ve failed to respond to my earlier post. Does that not answer your concerns? Also, I miss that part on the website you mentioned where the high security priority is mentioned and the methods they use (which should be superiour to Homey, given your post).
@romell no, i don’t say that needs to be this way. But it it the best way to have security.
As you may see, all different apps are normaly used to connect to a device that is behind your firewall, so the device has a connection to a server (where a user doesn’t know what data will be send / used and how it is encrypted or not)
So at least for the security thinks (e.g. the mentioned doorlocks) i would (and have) avoided the use of a cloud based soltion (exept the nello device is use for main house entry). For the rest i use Homey with it’s features and can’t complain about an issue.
How would a VPN help, if devices that are connected to their manufacturer servers are sending out data and also let you into your own home.
For me, it makes more sense to just have one open hole (homey) instead of 10. Also the approach athom makes with homey is the same as the linked company:
Providing a translation device that make your tech stuff available via their user endpoint. So Homey itself is also available local and via their app as well from away.
I hope i not have offended you with my post, but sometimes you have a lot of such posts and after that the people never come back and like to discuss (that is what this place is for, right?)
I wouldnt be worried about people ‘hacking’ your home from security holes created in your firewall by third party apps. Not when you can just flood spectrum with a cheap device which will stop all devices communicating as they walk to the door.
Your focusing on the wrong attack vector, but regardless of that if security is really a concern, you prob should not have a smart house.
And invest in window bars, statistically speaking the no chance of someone using an exploit in a Home Automation controller (which is not identifiable from outside the home) to get access to your house … vs the number of bricks thrown through windows each hour.
I’m sorry I know this isn’t answering your question, but I don’t see any major differences between Homey and animus.
As far as I know, homey will still work when you deny it access to the web. It’ll be somewhat limited of course since you won’t be able to contact it from outside your LAN and apps won’t be able to retrieve information from the internet, but it’ll still work. You should be able to control it through a VPN though.
Anyway, whilst I do not see things as B/W as you seem to do, I did take care my security systems are not connected to homey. The alarm system, camera’s and even the central heating system do not share the same network with anything else in my home. If somebody succeeds in hacking the homey, it will be an inconvenience, but that’s it. To me, that’s just common sense.
Regarding the recurring comments about physical security…
Yes I know that people can break into my home. But that is not an argument for not caring about the security around what I expose digitally. You can care about both (also there are a few more attackers in the digital world, incl automated attacks).
With that being said, there have been some valuable input here with regards to discussing VPN, splitting networks, thinking twice about which apps you connect, etc. So happy to hear more on this more productive part of the thread!