Do we know anything about Homey’s security? Do they(Athom) have a secure development proces in place, is Homey pentested, is Athom audited?
Is a start, the rest you’ll have to contact Athom directly of course.
Although I have no real insights but for what I have seen the biggest issue is if you have an unsecure password on your account or leak it somewhere.
Athoms response to a question/tip in the alpha testers slack channel was that it was pen tested by a dutch security firm.
Shared with permission!
GDPR is one aspect of security. I know from experience that developing software inevitably creates a vulnerability at some point. The question is then, do they have the processes in place to spot those vulernabilities and fix them ASAP.
Is data encrypted (transport AND storage)? Two-factor authentication? Alerting users when they use an insecure network/password config (that may not be Homey’s job, but devices like Nest do this for example). Is there is a device blacklist for insecure devices? Etc.
And what happens if Athom goes out of business?
The question is: is Homey testen on a regular basis.