Reducing Smart Home Automation Security Risks

Want to reduce the security risks that are related to smart home (domotica)? Then keep on reading to get all the relevant info!

Many people want to use home automation to add more convenience to their lives. For some people, it is also a bit about the fun-factor. What is usually part of the convenience, is the use of Cloud-based services to access devices of your home automation from outside your home. A lot of people nowadays are so used to using Cloud services, that they hardly give it any thought.

The danger here however, is that a lot of very private information can be in those home automation data streams. For example your heating being turned off for a couple of days may give away that you are not at home. When you have security camera’s, that is of course even more privacy sensitive.

DIY (Do-It-Yourself) Solutions

The standard apps that are provided by the vendor for accessing your home automation devices, almost always use their own Cloud services. These are often hosted in other countries and wherever the vendor thought was a good place to host their service. Fortunately, because a lot of the equipment uses standard protocols, we are able to use other, open source software to access and control our devices from a central hub.

Popular software that can be used for this purpose is Home Assistant. This software can be installed on a cheap device such as a RaspberryPi and supports a very wide range of devices and multiple protocols such as Zigbee and Z-Wave.

Control over privacy-sensitive data

By default, those open source offerings just run locally and don’t send the data into the Cloud. The software does provide a nice web based user interface, that is easily accessible from your home network and there are even nice apps to use on your phone.

This brings us back in control over our own privacy-sensitive data, but we lose the ability to easily control or monitor our devices when we are away from home.

Securely Open Up

People with experience in domotica or with accessing devices at home away from home probably know about the issues here;

  • A lot of internet providers don’t guarantee a fixed IP address
  • The use of dynamic DNS can help with that first issue, but is often flakey
  • You need to open up ports to the Internet, which poses a security risk
  • VPN services provided by a number of popular routers can be tricky to configure

Since a couple of years, a new type of VPN software has been increasing in popularity: The mesh network VPN software.

Tailscale is an example of such VPN software, and it is based on the popular and proven WireGuard VPN software for the data plane. It also implements a control plane that makes it extremely easy to configure on your devices and ‘just works’ without having to open up ports in your router. Next to that, you get stable IP addresses in a carrier grade subnet.

For private use, up-to 20 devices, this control plane service provided for Tailscale is free. This makes it an excelent choice for your accessing your home automation web interface, because it is easy to install on your Raspberry Pi and mobile Android or Apple phones.

Conclusion

For the privacy-conscious individuals, who don’t shy away from some DIY, a very secure alternative to the mishmash of proprietary Cloud services provided by domotica equipment vendors is within reach.

The combination of affordable hardware, open source software and a free online service makes for an excellent, central environment to control all your home automation devices:

  • A Raspberry Pi computer (combined with an interface like Zigbee or Z-wave) for running the software.
  • The Home Assistant software as central hub, combining control of all devices.
  • Tailscale mesh VPN software.

Your data no longer travels through shady servers in other countries and you still have the convenience of remote access.

Want to know more about reducing data risks? Get in touch with us!