wifi security

New members questions
Post Reply
User avatar
lnevo
Posts: 5430
Joined: Fri Jul 20, 2012 9:42 am

Re: wifi security

Post by lnevo »

You may still be able to get to it, but without putting the key into the URL you should not be able to execute any commands...

If you restrict it you would increase the security...

The old iphone app used to have an option to relay commands through the portal for this exact situation... and maybe the android has it too where the portal would forward the command from the phone.... you might even be able to hack that functionality by changing the URL to the portal URL with all the arguments required. Curt would have to advise if that's possible...
binder
Posts: 2871
Joined: Fri Mar 18, 2011 6:20 pm
Location: Illinois
Contact:

Re: wifi security

Post by binder »

having the android app forward a command through the portal is not currently possible. I would have to look into how that could work. the best option would for me to implement the portal key ability and then we would not have to worry about it. well.... unless you wanted to lock down communication to only come from the portal.
guess I will need to take a look at how that can be done... the relaying of commands. of course, Roberto will probably chime in on how that is possible.

Sent from my Nexus 7
rimai
Posts: 12881
Joined: Fri Mar 18, 2011 6:47 pm

Re: wifi security

Post by rimai »

I think the patch I made a while ago would use the portal key in the controller too.
I need to revisit it to bring it back to current.
So, every request to the webserver would have to include the key.
For example:
http://ipaddress:2000/r99&key=myportalkey
If the key wasn't included, the command would be ignored.
Roberto.
solasido
Posts: 1
Joined: Fri Jan 17, 2014 9:19 am

Re: wifi security

Post by solasido »

I am still not satisfied with RA security.

It should at least support SSL, and then perform user authentication over SSL.

Generally the motivation to harm someone should be low; but we cannot ignore the possibility of some anti-social people. If someone intend to cause harm to someone or the family, obtain the key (e.g. via network sniffing) and try to overheat the devices by overloading it over and over, causing fire sparks and fire; or cause flooding and hopefully if the wiring is not well designed, it will cause short-circuit by salt-water (marine tank).
wtitb
Posts: 32
Joined: Sun Nov 17, 2013 3:32 pm

Re: wifi security

Post by wtitb »

Hi,

I was also not happy with this. So my solution to secure the access is like this: First, I restrict port 2000 to my local network only. So only at home I can control the RA with the app. For secure remote access, I use connectbot for Android to login at home with a secure SSH connection and portforward 2000 to the RA (no root required!). In the RA app I use the "away" profile for this with address localhost:2000.
One can setup connectbot with a private key file, so connecting with my home network is just one click.

cheers,
Christian
User avatar
lnevo
Posts: 5430
Joined: Fri Jul 20, 2012 9:42 am

Re: wifi security

Post by lnevo »

SSL should not be in play here at all. There is no data here we are trying to protect like credit card or personal data. The only thing that is needed is a better authentication so that the RA cannot be controlled by unauthorized access. Personally I think the portal key is sufficient for this, but obviously more can be done. This is an arduino device. If you want SSL you are welcome to try and implement it. But theres a lot of crypto and effort that would be required. The most effective thing to do would be as wtibib said and lock down who can access port 2000 on your network and access your network via some type of secure VPN. The outbound connection to update the portal for monitoring does not require inbound access.
Post Reply