Hubitat engineers are able to remotely access hubs, at the very least to retrieve seemingly any logs. Said access leaves no trace and is not under the control of the owner.
How does that give them access to the rest of a user’s LAN?
Read through the chat logs from the reddit post... very concerning. I'd like to see a whole lot more user-controlled capabilities around when and how Hubitat staff accesses my hub.
People want the cloud-connected capabilities for things like upgrading and push notifications... not so that Hubitat staff can snoop on their devices!
If you can access one device, you can use that as a stepping stone to connect laterally. You can either route through the device, launch new connections from it, scan around and collect data, or put it in promiscuous mode to capture data.
In theory? Or do you know this to be the case for the type of access they have to view logs?
Please the chat log attached to the Reddit post; their founder/chairman admitted this access exists.
Yes I’m aware they can access logs and other details of the hub. It’s not exactly a secret. And I can understand how that might bother some people.
I’m still not clear on how that definitely gives them access to do whatever they want on my LAN.
A lot less data than if we were running in the cloud instead of local, but if it worries you, just unplug the hub from the internet. Hub still works…
Yes, that type of elevation of access is theoretical. But even without lateral movement, logs can reveal a lot about privacy.
Straight up, it can easily say “I’m not home right now…”
Yes but you’re changing the subject.
What worries me is companies building devices with back doors.
I’m sharing the information so everyone can be aware and make the best decision for themselves. For many “unplug it” may not be a good option, but certainly not an option at all if they don’t know.
Put the hub and all your IoT stuff on an isolated VLAN.
Already done. That doesn’t stop visibility to logs and what is happening in the house being automated.
I'm just hoping that they don't see some of the dumbass mistakes I make while building some rules. That would be awful.
As I said, I can understand why some people would insist on having absolute control of any type of access to their hub. Personally, it doesn’t bother me. Perhaps they can make it clearer this access exists, and even make it opt-in.
But you have not uncovered a heretofore undiscovered back door. Many people who have worked with support are aware staff were able to view something remotely.
It’s not documented and not widely known; I never claimed a discovery - I’m making the facts known. That’s all.
Everyone can choose their own paths
I prefer the one where I get to choose when and how and what is accessed.
I would like to hear from Hubitat some more specifics about exactly what they can and can't do.
Access to log data is concerning all by itself, but it seems like we don't really know the full breadth of what access they have.
And even if they add a setting to make that visibility opt-in - would you believe them? Northing short of them opening up their source code to third party audit and/or open sourcing it would give people 100% assurance that there were not more unadvertised "backdoors". (And that clearly isn't going to happen)
I'm way more worried about the random white label stuff I connect to my IoT VLAN being malicious vs the Hubitat hub with dedicated developers we can talk to regularly.
I read the forums for about a year before buying my first hub, and if you follow the support threads it isn’t a secret that there is a way to get additional logs to help diagnose an issue. Knew about it when I bought the hub, understood its use and design limits, and don’t have an issue with it.
What we have here is a support function that is incorrectly being portrayed as major security risk. Topic is borderline sensationalism and should be closed…