System Light Dark

xentr_theme_editor

xentr_page_setup xentr_appearance xentr_sidebar

  • xentr_page_width

    xentr_toggle_page_width

    xentr_page_width_description

    xentr_color_pickers

    xentr_toggle_color_picker

    xentr_toggle_color_picker_description

    xentr_typography

    xentr_select_the_font_you_want_to_use

    xentr_node_layout

    xentr_grid_layout

    xentr_grid_layout_description

  • Style variation

    xentr_select_the_style_variation_you_want_to_use
    System Light Dark

  • xentr_sidebar

    xentr_toggles_sidebar

    xentr_sidebar_description

    xentr_sticky_sidebar

    xentr_sticky_sidebar_description
    xentr_sidebar_position
    Left
    Right
  • Please do not post any links until you have 3 posts as they will automatically be rejected to prevent SPAM. Many words are also blocked due to being used in SPAM Messages. Thanks!

General Home Automation / Home Assistant thread

I'm going to ask this in case I am missing something.

Best practice, separate your smart IOT devices from your primary network. Makes sense. Simple option suggested in various articles is just to put them on your router's guest network. Also makes sense for some basic separation.

But does that mean that in order to control the devices from say Google Assistant voice commands, or the Google Home app, you need to change to the guest network on your device, phone for example, in order to do that?

And if that is the case, aside from how inconvenient that is, that then puts your phone into the network with the less secure IOT devices... and then isn't that a security risk itself?

And if all that is true... is there a short answer to keeping the automation available while maintaining the separation? For example, I could have a tablet or something that is only on the guest network, but that isn't convenient either. Then I'm wandering around the house trying to find the tablet to turn off my lights or plugs! :) Or am I missing a capability of Google Home and it can actually look into the main and guest networks at the same time for devices? That seems unlikely.

Is there something obvious I'm missing about setting this up correctly or am I right that to maximize the security you have to compromise convenience?
 
I think ideally you wouldn't use WiFi devices at all, stick to ZWave/Zigbee/Matter(?) so that it can run all locally. Then it's really just your "hub" that talks out to the internet, which should be relatively secure if it's from a major vendor that provides frequent patches.

I'm not sure how many WiFi devices actually leverage local communication though, I think most go up to the cloud service provider and back to you. I think it's really just speakers and displays that use local access - so like Chromecast, Sonos, etc.
 
Hmm. Well, I don't have much, a lightbulb in the study, and several smart plugs for Christmas lights and such.

But sound like I am understanding the limitations of the security trade offs correctly, with Wifi devices anyway?
 
I suppose it's more of a design consideration? I wouldn't flip your device between "secure" and "unsecure" networks, that just defeats the purpose. Might as well just keep it all on the same network then.

I think most of us here design HA stuff around either being fully automated (motion sensors and such) or having tactile buttons to perform a set of actions. That way things still work if there's guests over for example. The last thing you want is for somebody to hit the light switch and kill the power to your smart bulbs for example.
 
It has a lot to do with how you have setup your automation. Example I have two wifi bulbs by WiZ but they integrate with Home Assistant.

One reason I don't like wifi stuff for is because you generally need their "app" to get the stuff working.. looking at you Lifx and WiZ.

So since some things can integrate with Home Assistant the "voice" activation stuff can go through that if you want. But generally most people don't care about security and just throw everything up and then wonder why their bedroom shenanigans are hacked for viewing.

The home automation world can go pretty deep.
 
Did a bit more checking on what I've already set up, and I was smart enough last year to at least have the smart plugs connected to the guest network only, so that is good.

However I can control them through Google Home, without switching to the guest network, with didn't make sense to me at first. Checking the settings info for the plugs in Google Home, it states they are "Connected through: Meross" and there is an option to Unlink Meross. And of course the Meross app is on my phone for plug initial installation and control of some features.

Since my phone can't be on two networks at once, my guess is the Google Home requests go from :

Google Home app
-> Meross app
-> Internet (Meross cloud or something)
<- my guest network
-> the connected smart plugs.

The smart plugs should then be isolated from my main network. My phone isn't ever going on guest to control the devices. And the weakest link in that chain is the Meross app on my phone.

Does that all make sense, and opinions on that setup? There is some isolation there.

There was a security risk raised against Meross plugs back in I think 2020, that they were transmitting WiFi passwords unencrypted during initial device setup. They said they were going to release firmware to fix that, but not clear to me if they did. However, at least in this case it would only be my guest network password. Still don't want it floating around unencrypted either, but at least guest is isolated from everything else.
 
Lysrin said:
Google Home app
-> Meross app
-> Internet (Meross cloud or something)
<- my guest network
-> the connected smart plugs.
Click to expand...
Yes basically what I was saying, most WiFi devices go through the vendor's cloud service for control. Your phone isn't talking directly to it.

The Meross app is really just to register the device to your Meross account. I don't think it serves any function if you added the linked service to Google Home as now it's all just APIs being sent back and forth over the internet.

But that's why I'd say WiFi devices aren't ideal, as you're dependant on the security of the vendor's cloud API gateway basically. I think it's Wyze? recently, where people were seeing the video feeds from other customers in their dashboard. So isolating it to your guest network isn't doing much for you in those cases.
 
There are lots of wifi devices that don't need to go through the cloud BUT it is highly doubtful Google Home will actually access said device locally.

In my old setup, all my wifi bulbs would be controlled locally by Home Assistant. I could still control everything via Alexa. It communicated w/ HA only. This does require HA to be exposed and using a DDNS tho.
 
Another idiocy of my garage when they built it in 2000 was no switches in the house for anything garage related.

Installed three Sengled bulbs in my alley fixtures so I can have light out there now.

1702774601581.webp
 
You must log in or register to reply here.

Latest posts

xentr_legal_notice_title

xentr_legal_notice_description

Back
Top