We have seen a push in the industry to eliminate hubs in smart home products. I have found this to be a strange goal and I think it may have a significant downside: Security. Anyone have any input on the subject?
Robert Spivack, Smart Home Specialist, had an article that talked about the pros and cons of hubs in smart home set ups.
One thing he does not address is the relative security of using a hub versus a bunch of devices all with WiFi capabilities. I would be surprised if the manufacturers of these little devices spend a lot of time on network security. Having a dozen Wemo devices all attached directly to your WiFi network does not seem as secure to me as using, say, Lutron devices with their proprietary radio signals that all communicate with a single hub wired to my network.
Since those smart crooked people could figure out how to hack into a WiFi smart plug, they could have access to your wireless network. I just think these little devices would not be as secure as your mainstream computers, routers, etc.
I guess a hub could have just as bad security as a WiFi connected switch but at least there would be fewer devices available to hack in a household if hubs are the norm.
One interesting idea for securing a home network against IoT device hacks is to segregate the IoT devices onto their own network. One good discussion about this that I heard is:
Not related to hub/no-hub, but to address the topic of security: I think that keeping on top of security issues is something so far beyond the ability of nearly everyone that unless an IoT vendor specifically addresses it in a manner that automatically keeps their devices patched for the expected lifetime of those devices, people should refuse to purchase them. That’s a hard sell for the home automation enthusiast crowd, but I honestly believe it’s the only way to address the issue(s).
Under those conditions, whether or not a system requires a hub has less bearing on the overall security of the IoT portion of the network; I can make arguments for both sides Likewise, under the absence of those conditions, a reasonable degree of security of home IoT systems is nearly impossible to achieve over the installed base of such systems, though very dedicated enthusiasts may be able to achieve some degree of security.
As the saying goes: “The S in IoT stands for Security. Oh wait…”
Even our normal network connected devices are usually not up to par regarding security. Your home router is probably having a lot of known issues, and possibly, there is a firmware update available, but how would you know? Checking for this reqiures logging in to the router periodically and manually look for it yourself. …and it probably came with UPnP enabled by default - did you turn that off?
Setting up a separate WiFi network is a good concept, but your sister won’t do that. It is a hassle even for enthusiasts like found in this group.
There are countless stories about corporate exposure. One of my favorites is the one about the Vegas casino that got compromised through a “smart” control system for their aquariums.
Manufacturers will ship anything that merely “works” - pushing it hard to find flaws and security holes is less of a priority in the low-margin game the device vendors play.
So, yes - I like the idea of a hub that locally communicates with devices. That is a single point to manage from a security point of view and better than how many devices you install.
Your points are well taken—I particularly like the “S in IoT…”
It is that single point of management that I was thinking about. But you are absolutely right that the manufacturer’s priority is not security—the margin on these products does not afford them the luxury of spending a lot of time on that.
I suppose not having dozens of smart devices chattering away on your WiFi is another consideration…
Hub or not, what bothers me is all IoT (at least what I’ve got) talks to some companies server and my iPhone talks to that. I want all communication local to my network. I want everything (IoT and iPhone) to talk to my Mac without need for an offsite service.
Same here when I bought my Synology, and the last coat I bought too. As my friend said, “Buy quality, cry once.”
To the point though, I think hubs at least give the vendor a better opportunity for security. I can’t imagine you could get much of a firewall into a lightbulb.
Pretty much for all my connected devices. Security is a major criteria in my purchase decisions. I don’t use no-name vendors for home automation devices.
Thanks for the input, Robert. Who’da thought you would be lurking around here?
Your point about the additional physical layer is what I was driving at in my original post. Since these sorts of hubs do not have a WiFi radio, they would be more difficult to hack into than, say, Wemo devices where they are all chattering on our WiFi network.
Maybe it doesn’t matter in the grand scheme of things, but having fewer WiFi devices probably helps our network congestion down…
This is good to know! I don’t use HomeKit because I had nothing that worked with it. Now I feel I need to possibly toss everything I’ve got and start over. It’s crazy not to do things locally if they can.
Likewise, under the absence of those conditions, a reasonable degree of security of home IoT systems is nearly impossible to achieve over the installed base of such systems, though very dedicated enthusiasts may be able to achieve some degree of security.