Home automation is becoming more and more present in our homes, and one of the main interests is to be controlled remotely from their smartphone, the tablet or laptop … We will detail a few safety rules related to the configuration a MyHome automation system from Legrand / Bticino / Arnould, but these tips can also be used for other home automation systems or box (Z-wave, zigBee …)
This can be complicated to manage a complete Installation, is the mix between two very different worlds, that of electricity with that of computing. So it is quite rare to have all the required knowledge in these two areas to properly configure all his house … It is common to see fairly significant security breach, due to configuration problems, leaving the door wide open to persons who may have bad intentions (hacker)!
So we will give you tips for securing your home automation system with your ADSL box to protect you from the risk of piracy.
Test your installation
Above you have a print screen of a computer tool called a “port scanner“ for most of you this will probably tell you anything, but for others it can be very helpful … Starting from an Internet IP address, the software gets to know all the ports that are open on your internet DSL box. By default most DSL box are normally configured with a minimum of security, but according to the configuration you make thereafter it can become dangerous if you do not make the right settings…
The idea today is to secure a MyHome automation system Legrand / Bticino / Arnould, I conducted safety tests on the installation of a client with his consent. It has an OpenWebNet home automation gateway reference F454 by Legrand. As you can see in the screen printing above the port 20000 is open and is accessible from the Internet, the simple command “nc <ip-address> 20000“ returns us a confirmation code of the home automation server. A problem? Yes a big one!
Because if you download an IOS or Android application that manages the home automation system MyHome, or if you use MyOmBox by entering the Internet IP address of the individual it is possible to connect directly with him and manage installation, without a password, without any security !!! You just have to know its Internet IP.
The solution for this problem
To secure your home automation system, it is relatively simple, it is necessary to minimize the ports open to the outside (on the Internet). We designed MyOmBox in this sense, our system has the ability to connect directly to your local network with your home automation gateway, your IP cameras, weather station Netatmo and your connected objects… Therefore you do not need to allow internet access ports for each of your devices, but only that of MyOmBox!
Below is a screenshot of a Livebox, Orange (French internet service provider). MyOmBox only be accessed from the internet on 17235 port, it is then redirected to the secure HTTPS port (443) MyOmBox. reminder only ports 80 (http) and 443 (https / SSL) are available on MyOmBox. Then it is that MyOmBox charge to recover and contact your installation on your local network. With this single configuration MyOmBox is accessible from the Internet and only on the secure SSL port 443 (the data are encrypted)! With the configuration below it is possible to connect from the outside (GSM data connection or WiFi on vacation) this MyOmBox by typing https://MY_IP_ADDRESS:17235.
It is also advisable to set a password at least 8 characters to connect to your system, with letters and numbers. You can also activate the mode “Enhance Security“ to MyOmBox, available in the security menu of your administration. An automatic mail alert inform you if someone tries to connect to your interface after entering 6 times a wrong password… This is to prevent attacks like “brute force” (test several combinations of via a password cracking software).