Here at the EFF, we fight hard to ensure that your security and privacy rights are maintained in the digital world. Back when we were founded in 1990, along with the dream of a world united by the internet was an advanced vision of connected devices of all kinds to make our lives more convenient and luxurious. Over the last twenty years the internet has moved from living room and office terminals to our phones, watches, appliances and lighting fixtures. And although so-called smart devices and the Internet of Things (IoT) have allowed us to automate some aspects of our lives, they have also been plagued by privacy and security problems, giving hackers and data miners unprecedented access to our personal and behavioral information.
Examples of large botnets such as very well known Mirai and later Fronton—consisting of Internet-connected IoT devices—have caused significant damage, and IoT has a terrible reputation for security. Governments have begun to notice, and the offspring of The IoT Cybersecurity Improvement Act of 2020 in the United States, while welcome, this issue has only just begun to be tackled. In terms of privacy, our connected devices and appliances deliver could be hundreds of discrete data points per day for companies without any meaningful limitations or insight into what they are doing with this data. And homeowners who want to add smart devices to their homes are often directed to install apps that control these devices, but also deliver data to third parties without notice.
Adding the nuances of automation and connected functionality to the home while preserving its privacy and security seems like a dull and difficult task. Many enthusiastic consumers came otherwise Untold frustration, and fall victim to the failures of a data-hungry industry. Many difficulties have even encouraged users Abandon smart devices at all.
Do not despair, for there is hope. In recent years, numerous projects and protocols have been developed and are actively being developed that bring more privacy and security to the connected home. And it all starts by moving the orchestration of all those devices from the cloud to your own network, with the help of a device called a “hub.”
Coordinate Your Smart Devices Locally With Home Assistant
Ideally, a local hub has two advantages. it
- allows us to remove all the individual applications that control the wide range of smart devices we may have, and
- it ensures that we are not delivering data about our device usage (and therefore behaviors) to third parties or irresponsible companies.
However, not all hubs completely separate the device’s connections from the cloud – this often requires additional steps. Keep in mind that even if you want to disconnect your devices from the cloud, you’ll need some way to regularly update the firmware on the devices – this is often done automatically when these devices are networked.
For any local hub, you’ll need the hardware and a way to connect to it, usually an app on your smartphone. The hardware is usually a small machine that connects to your local network and allows the user to access it. For simplicity, there are commercial products available that just work out of the box. Hubitat offers a local hub for sale in the $100 USD range.
For the technically inclined, Home Assistant (HA) is an open source, community-driven hub software that can be installed on a variety of platforms, such as a Raspberry Pi or an old laptop you have sitting around gathering dust. It doesn’t require much processing power or memory to operate – any Raspberry Pi 3b+ or later will do the job just fine. In this post, we will describe a typical high-end IoT layout that preserves privacy using HA.
After installing HA, you will be able to add devices through an HA concept called “integration”; Each integration allows the user to control a device or an entire category of devices. The IS variety of integration provided They’re huge, and the benefit of community-driven development really shows because even if your device doesn’t have specific support, it’s likely to be available through the unofficial program Home Helper Community Store (HACS).
One nice thing is that HA will show if integration is dependent on the cloud. You can see this by an icon in the top right corner of your integration.
For integration that does not rely on the cloud, you may want to block the device from internet connectivity. While most smart electronics don’t make this easy, if you have a home firewall or configurable router you may be able to limit the connections it makes to your local network. On OpenWRT, for example, you can add firewall rules via the Luci web interface. Here, we have specified the MAC addresses of the devices that we only need to connect to the LAN, not the internet. Your configuration will change based on your device’s MAC addresses and local network configuration:
In particularly bad cases, a device may refuse to work until it is able to access the internet, even if it is able to be controlled locally (through non-cloud integration). In most cases, however, a device will continue to allow local control when its internet connection is broken.
We now have a way to connect our existing smart devices to a local network hub and disconnect it from the internet.
Using Zigbee or Z-Wave to Create a Private Smart Mesh
Zigbee and Z-Wave they are two open wireless protocols developed specifically for smart devices, and operate on a completely different network than your home Wi-Fi network (802.11). This provides a level of separation between Zigbee/Z-Wave enabled smart devices and the internet by design – although that separation is not necessarily maintained when an untrusted hub is used. Many companies provide Zigbee or Z-Wave hubs that will send your device data and status over the internet. That’s why it’s important to use a privacy-focused hub, like the ones mentioned above, to keep your data private.
In addition, Zigbee and Z-Wave create a mesh network of your smart devices, which greatly improves the range of devices. As long as another Zigbee device is within range, a new smart device with Zigbee capability can enter the network through it, without being in range of the hub. This also allows for a theoretically unlimited expansion of the network. Communication between devices and the coordinator (hub) is reasonably secure, using CCM mode and 128-bit symmetric keys to cryptographically secure communicationsbut when devices are added an open trust model that trusts the initial pair (such as First Use Trust) is used. Unfortunately, Zigbee and Z-Wave are separate protocols that do not interact with each other. In this example, we will show a Zigbee configuration, although Z-Wave is similar in operation and both can be used in combination with HA.
In order to communicate with Zigbee devices, a Zigbee USB gateway travelling. Once plugged into the HA machine, the hub can use the Zigbee Home Automation (ZHA) Integration.does not use the cloud, to discover new Zigbee devices, control them, display sensor data on them, etc. – and all this information is kept safe on your local hub.
Instead of connecting the USB Zigbee gateway directly to HA, the USB device can communicate with a versatile piece of bridge software, zigbee2mqtt. The advantage of using zigbee2mqtt is that it switches all your Zigbee device communications to the MQTT protocol, which is an ultra-lightweight protocol for transferring data and managing devices. Therefore, it is fast becoming a universal language for IoT devices. zigbee2mqtt supports a wide range of Zigbee devices, and allows you to control the delivery of OTA firmware updates. It provides a standalone web interface that can be used to control devices, but is often used as a piece of middleware to provide automation software (such as HA) with Zigbee device control. To use it with HA, you can the MQTT integration.
You can refer to the Zigbee Device Compatibility Repository see which devices are supported by ZHA and zigbee2mqtt and choose the option that is right for you.
Back Control for Smart Devices
IoT security and privacy is a very sensitive topic, and manufacturers are generally very liberal with your data and its storage. In addition to cloud control of devices providing potential single points of failure and a lucrative target for malicious hackers, it adds an additional layer of complexity where a user must install (and keep installed) as many apps as device vendors have in their home. . Some of these issues are slowly being discussed by initiatives such as Contentbut convenience and security are the focus of this new standard – user privacy is still delegated to the vendor, not the users themselves.
We hope that we have shown one way to set up your smart home without sacrificing privacy and security for convenience. With a little extra effort, it’s possible to get the most out of our smart devices without falling into the pitfalls and pitfalls of IoT design.