Securing your home automation system with your ADSL box to protect you from risk of piracy

Home automation is becoming more and more present in our homes, and one of the main interests is to be controlled remotely from their smartphone, the tablet or laptop We will detail a few safety rules related to the configuration a MyHome automation system from Legrand / Bticino / Arnould, but these tips can also be used for other home automation systems or box (Z-wave, zigBee )

This can be complicated to manage a complete Installation, is the mix between two very different worlds, that of electricity with that of computing. So it is quite rare to have all the required knowledge in these two areas to properly configure all his house It is common to see fairly significant security breach, due to configuration problems, leaving the door wide open to persons who may have bad intentions (hacker)!
So we will give you tips for securing your home automation system with your ADSL box to protect you from the risk of piracy.

Secure facility port scan Automation
Secure facility port scan Automation

Test your installation

Above you have a print screen of a computer tool called aport scanner for most of you this will probably tell you anything, but for others it can be very helpful … Starting from an Internet IP address, the software gets to know all the ports that are open on your internet DSL box. By default most DSL box are normally configured with a minimum of security, but according to the configuration you make thereafter it can become dangerous if you do not make the right settings

The idea today is to secure a MyHome automation system Legrand / Bticino / Arnould, I conducted safety tests on the installation of a client with his consent. It has an OpenWebNet home automation gateway reference F454 by Legrand. As you can see in the screen printing above the port 20000 is open and is accessible from the Internet, the simple command “nc <ip-address> 20000 returns us a confirmation code of the home automation server. A problem? Yes a big one!

Because if you download an IOS or Android application that manages the home automation system MyHome, or if you use MyOmBox by entering the Internet IP address of the individual it is possible to connect directly with him and manage installation, without a password, without any security !!! You just have to know its Internet IP.

test gateway remote access
test gateway remote access

The solution for this problem

To secure your home automation system, it is relatively simple, it is necessary to minimize the ports open to the outside (on the Internet). We designed MyOmBox in this sense, our system has the ability to connect directly to your local network with your home automation gateway, your IP cameras, weather station Netatmo and your connected objects Therefore you do not need to allow internet access ports for each of your devices, but only that of MyOmBox!

Below is a screenshot of a Livebox, Orange (French internet service provider). MyOmBox only be accessed from the internet on 17235 port, it is then redirected to the secure HTTPS port (443) MyOmBox. reminder only ports 80 (http) and 443 (https / SSL) are available on MyOmBox. Then it is that MyOmBox charge to recover and contact your installation on your local network. With this single configuration MyOmBox is accessible from the Internet and only on the secure SSL port 443 (the data are encrypted)! With the configuration below it is possible to connect from the outside (GSM data connection or WiFi on vacation) this MyOmBox by typing https://MY_IP_ADDRESS:17235.

configuration dsl box security
configuration dsl box security

Conclusion

 The purpose here is not to scare you but to make you aware of the fact that the products are not always involved in piracy, there are also configuration errors… If you use MyOmBox to manage your MyHome automation system,  MyOmBox must be configured in the local IP address of your webserver / home automation gateway, e.g.: 192.168.1.35.In this way you will need to have port 443 or 80 MyOmBox accessible from the Internet. It is strongly recommended to remove the share of the port 20000 of your MyHome automation gateway on the Internet.

It is also advisable to set a password at least 8 characters to connect to your system, with letters and numbers. You can also activate the mode Enhance Security to MyOmBox, available in the security menu of your administration. An automatic mail alert inform you if someone tries to connect to your interface after entering 6 times  a wrong password… This is to prevent attacks like “brute force” (test several combinations of via a password cracking software).

Leave a Reply

Your email address will not be published. Required fields are marked *