I would like to ask...what hacker is going to attack your Huibitat? Even if you clicked on that "1 email", what is going to happen to your hubitat? Wouldn't you be worried about your banking information? Stuff that is a little more common for people to have that is worth something to hackers.
Attacking your Hubitat doesn't make anyone money. Other than people looking to screw with people, like the jerks who scared people on their Ring cameras, there really is nothing to be gained by hacking your Hubitat.
Well if you have geo fencing set up they get that however they already have ur internet gateway ip + other stuff so donât think itâs an issue...
so whatâs the real risK?
They lurk in the hub and turn on and off lights ? Not so bad .... delete all your automations .... not so bad at all .... send notifications repeatedly to somewhere hmmmmmm has been done before a few years back With appliances ( I think it was a large DDoS attack - very coordinated and organized - PR disaster for the tech company involved ) again impact is low For us and itâs a stretch to start with anyhow .... gut feeling is that the risk elevates if locks and door openers and or some other thing thatâs really important is connect and automated and that this is the less common exception ( mind u itâs not to hard install a compatible lock and integrate it ... not hard at all and people are doing it - ) + as pointed out above zigbee and Zwave could be compromised all on their own and nothing defeats the ârock thruthe windowâ approach...
in fairness and in most cases itâs going to be an inconvenience... that said we can put things in place to make it a little safer ... itâs like a cars safety belt ... you donât need it until you get in a crash and it does not guarantee survival sooooooo why wear it at all because we rarely get into crashes and itâs inconvenient = it reduces risk and improves survival rates significantly.... on the internet there are people trying to crash into you and take advantage of whatever they can ( generally they target the least secure and most easily accessed systems ( a time and effort equation ) so a key protection is to make a system difficult to break into and less appetizing which makes it much less likely to be successfully attacked ( improves survival rates )
This is not going to happen. Unless you are a famous person, no one is going to hack your Home automation system to get into your house. They are just going to break a door down. This is an old debate. Locks/Security systems are deterrents that keep honest people honest. If someone wants into your house, they are going to get in. Period.
Whether it is an important feature to me (or anyone else) or not is irrelevant. It's important to you, and you've done the right think by making a feature/enhancement request.
My comment is off-topic. "Security through obscurity" is very different than "security through anonymity", which I think is closer to what @Ryan780 referred to.
In the sense that hacking into my Gmail account is a less attractive target than hacking into the account of someone who is well-known/famous/infamous.
My point is, the only way someone is going to break into your home by hacking your home automation system is to target you for a hack specifically. And no one is going to do that unless they have good reason to. It's much easier to break a door down to get into your home.
For the logic to hold up only rich and famous people would get hacked and we would not ...
Did u see the article a few weeks back about the parent who walked into their kids room to find the talking to a stranger on their IP Cam... not famous .... not rich .. just a drive by hacking .( by a journalist as it turn out ) .... the camera was secured but the user used a weak password apparently .... itâs was a cloud service though ... not like what we have here at all ... but the point is that there are best practices and even if their application has less priority than other items ( such as stability ) we should keep them on the table
That is not what I said. People get hacked all the time...but for things that make the hackers money. Credit card numbers, bank info, identity information. Some guy in Russia trying to hack your credit card numbers doesn't care that you have hubitat because it's not going to make him any money. How would he break into your house? He's going to spend more on the plane ticket than he will from breaking into your house. The point is, there's no money to be made hacking into your home automation system so no one is going to bother doing it.
I wouldn't say overly conservative, but possibly a bit paranoid. I just follow best practices.. Unique passwords, traffic segmentation, disabling mDNS, a basic IDS/IPS system. Beyond that, if sh*t happens, it happens. There are too many other distractions in life to worry about.
