I apologize if this has been covered as a quick search resulted in no threads.
As I try to build my systems as secure as possible, I am troubled by this video.
http://www.youtube.com/watch?v=gn-amPvX ... ture=share
After watching this I am wondering if the encryption on the EnvisaLink is vulnerable to this kind of hack and and decryption and if so, is there a way to make it not so?
EnvisaLink Encryption
Moderators: EyezOnRich, GrandWizard
Re: EnvisaLink Encryption
I would say no unless you're using Z-wave to do something strange. The envisalink is different from z-wave - it's hardwired, it uses TCP/IP, and as I understand it, it calls out only - no calls can come in - and it calls out only to the eyezon servers directly.
It is possible to hack into the envisalink from inside your internal network so secure your router and cabling, use WPA2 for wifi, and never expose (port forward) the envisalink's web port or port 4025 onto the internet. I've heard tell of people doing that thinking their password & PIN keeps them safe - it doesn't. For remote access use eyezon or an SSH bridge.
That's a pretty glaring security hole in z-wave, someone really dropped the ball there on that design...
Mike
It is possible to hack into the envisalink from inside your internal network so secure your router and cabling, use WPA2 for wifi, and never expose (port forward) the envisalink's web port or port 4025 onto the internet. I've heard tell of people doing that thinking their password & PIN keeps them safe - it doesn't. For remote access use eyezon or an SSH bridge.
That's a pretty glaring security hole in z-wave, someone really dropped the ball there on that design...
Mike
Re: EnvisaLink Encryption
mikep I do not use the eyezon web site to interface with my 2DL. I only use my Vera Lite to interface.
But,......I do rent the home to strangers and they do have access to my LAN. I do have a password set on the VL.
Q. Should I invest in a router that separates guests networks and the homes network?
Q. Knowing that strangers have access to my LAN, is there a way someone could gain access to the VL or 2DL?
Any other tips on how to protect my Control system?
Thanks for your tips.
But,......I do rent the home to strangers and they do have access to my LAN. I do have a password set on the VL.
Q. Should I invest in a router that separates guests networks and the homes network?
Q. Knowing that strangers have access to my LAN, is there a way someone could gain access to the VL or 2DL?
Any other tips on how to protect my Control system?
Thanks for your tips.
Re: EnvisaLink Encryption
These questions start to drift into opinion and I'm no expert... but, if it were me I'd never let anyone other than very immediate family onto my internal network - the one where I have my personal systems including security. So yes, I agree you should set up a separate zone for visitors.
The envisalink card doesn't use encryption for it's communication, so your risk is packet sniffing (the passwords and security PIN is sent in the clear), and dictionary attacks. It would take a relatively sophisticated guest to set up a dictionary attack if they had local access to your LAN. If it were me and I was so inclined I'd probably set up a packet sniffer or a keystroke logger while I was there. Which is why I'd recommend a separate network.
I don't know what VL uses for encryption, but you'd at least want something that uses SSL or HTTPS - if it has a web page, look at the URL or lock symbol in your browser when you access it.
In my opinion IFTTT or other cloud type services are too big of a risk so I'd avoid them too.
Any port that you open/forward immediately becomes a target for the automated hacker programs that originate all over the world and run continuously. They sniff out standard ports to try simple dictionary attacks, so watch what you expose.
Mike
The envisalink card doesn't use encryption for it's communication, so your risk is packet sniffing (the passwords and security PIN is sent in the clear), and dictionary attacks. It would take a relatively sophisticated guest to set up a dictionary attack if they had local access to your LAN. If it were me and I was so inclined I'd probably set up a packet sniffer or a keystroke logger while I was there. Which is why I'd recommend a separate network.
I don't know what VL uses for encryption, but you'd at least want something that uses SSL or HTTPS - if it has a web page, look at the URL or lock symbol in your browser when you access it.
In my opinion IFTTT or other cloud type services are too big of a risk so I'd avoid them too.
Any port that you open/forward immediately becomes a target for the automated hacker programs that originate all over the world and run continuously. They sniff out standard ports to try simple dictionary attacks, so watch what you expose.
Mike
Re: EnvisaLink Encryption
Thanks mikep for your info.
If anyone else has any information on tips or security problems between the 2DL and Home Control and more definitively the Vera platform and more importantly, how to lock it down, please let us know here.
Thanks for your time.
If anyone else has any information on tips or security problems between the 2DL and Home Control and more definitively the Vera platform and more importantly, how to lock it down, please let us know here.
Thanks for your time.