Remote Access

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • meinnit
    Automated Home Lurker
    • Mar 2016
    • 3

    Remote Access

    Looking to get an Evohome heating system and as far as I understand the phone app talks to Honeywell servers to control your system and not connect directly?

    I would like to restrict access so that I can only control the system on my local network and VPN in whenever I want remote control.

    Is this possible or do you have to go via Honeywell servers every time?
  • paulockenden
    Automated Home Legend
    • Apr 2015
    • 1719

    #2
    You could run Domoticz (with an HGI80) on a local server (or even rPi), and control everything from there. But it can be a bit clunky in places.

    P.

    Comment

    • meinnit
      Automated Home Lurker
      • Mar 2016
      • 3

      #3
      This looks interesting.. Thanks! I would have preferred an out of the box solution but that doesn't look likely with the Evohome.

      Comment

      • paulockenden
        Automated Home Legend
        • Apr 2015
        • 1719

        #4
        If my experience is anything to go by, once you're past the initial 'tinker' stage, and once you've got your schedules nicely tailored, you probably won't need the app that much, if at all.

        The whole idea of a properly automated home is that IT does stuff for YOU. You shouldn't have to worry about settings and stuff.

        So perhaps just get your house comfortable then unregister the system from TCC.

        Incidentally, what's your concern about Honeywell's servers having access to your heating?

        P.

        Comment

        • meinnit
          Automated Home Lurker
          • Mar 2016
          • 3

          #5
          Originally posted by paulockenden View Post
          If my experience is anything to go by, once you're past the initial 'tinker' stage, and once you've got your schedules nicely tailored, you probably won't need the app that much, if at all.

          The whole idea of a properly automated home is that IT does stuff for YOU. You shouldn't have to worry about settings and stuff.

          So perhaps just get your house comfortable then unregister the system from TCC.

          Incidentally, what's your concern about Honeywell's servers having access to your heating?

          P.
          Not a bad suggestion however I would like remote access for the occasions where I'm unexpectedly away from home and would like a warm house on my return.

          I want the VPN to be the only point of entry to my network due to security concerns. Don't like the idea of devices being exposed directly to the internet.

          I've also been looking at building a system with Danfoss LC13 TRVs with a Z-Wave controller however the lack of boiler control has put me off this.
          Last edited by meinnit; 12 April 2016, 09:55 PM.

          Comment

          • paulockenden
            Automated Home Legend
            • Apr 2015
            • 1719

            #6
            For me, the remote based stuff (the app, IFTTT, Smartthings, etc.) are a crucial part of my Evohome ecosystem. If there was a security breach what could someone do? Turn my hot water off? It's hardly identity theft!

            If you are overly concerned about security I guess you could create a firewall rule so that you Evohome controller can ONLY talk to IP addresses in Honeywell's Alarmnet range.

            And/or you could put the controller in a DMZ, so that the rest of your network remains secure.

            P.
            Last edited by paulockenden; 12 April 2016, 11:53 PM.

            Comment

            • top brake
              Automated Home Legend
              • Feb 2015
              • 837

              #7
              what is the concern about cloud based remote control?
              I work for Resideo, posts are personal and my own views.

              Comment

              • bruce_miranda
                Automated Home Legend
                • Jul 2014
                • 2307

                #8
                I guess the concern is similar to what Belkin Wemo faced a while ago. I.e. Someone could write a script that turned your evohome devices on and off too many times and destroyed them.

                But I'm with Paul on this one. The gains are too many to be concerned about the potential what ifs.

                Comment

                • rcopus
                  Automated Home Jr Member
                  • Nov 2014
                  • 49

                  #9
                  Originally posted by paulockenden View Post
                  If there was a security breach what could someone do?
                  Ascertain if and when your house is unoccupied.

                  As with most things, in isolation a small piece of information is not much use, but many pieces of small bits of information are very useful.
                  Usually when theres a breach of a companies systems the information leaked is not of much use, but when its added to other bits of information available to them it becomes very useful. Same reason people don't like the idea of smart meters, it becomes possible to tell when a property is unoccupied.

                  I know people will reply and comment how far fetched things like this are, and I don't tend to disagree.

                  Comment

                  • bruce_miranda
                    Automated Home Legend
                    • Jul 2014
                    • 2307

                    #10
                    If an intruder is relying on the Away quick action to determine if we are home or not, they may be surprised to know that we might be using it as an Eco because the house is comfortable enough while we're in :-)

                    Comment

                    • DanD
                      Automated Home Ninja
                      • Feb 2016
                      • 250

                      #11
                      Originally posted by paulockenden View Post
                      For me, the remote based stuff (the app, IFTTT, Smartthings, etc.) are a crucial part of my Evohome ecosystem. If there was a security breach what could someone do? Turn my hot water off? It's hardly identity theft!

                      If you are overly concerned about security I guess you could create a firewall rule so that you Evohome controller can ONLY talk to IP addresses in Honeywell's Alarmnet range.

                      And/or you could put the controller in a DMZ, so that the rest of your network remains secure.

                      P.
                      Building on Paul's suggestions, I had a play with my Evohome to see how it behaves if you block its internet access for an extended period via MAC address. This seemed to work OK and the Evohome controller re-connects immediately once its MAC address is no longer blocked. As the Evohome doesn't require internet access to run normally, you can simply block its MAC address on your router and then re-enable it (via remote access to your router) whenever you want to briefly control the system via the smartphone app. The main point that I wanted to make is that the system runs fine without any internet access. You get a helpful 'internet connection lost' email from the Honeywell server when you block the MAC address and another when you unblock it, but that's all. So if you're particularly concerned about not continually sharing any information with the Honeywell servers you can simply control it in this way and the system runs fine.

                      Dan

                      Comment

                      • bruce_miranda
                        Automated Home Legend
                        • Jul 2014
                        • 2307

                        #12
                        Except you may miss any firmware updates.

                        Comment

                        • Rameses
                          Industry Expert
                          • Nov 2014
                          • 446

                          #13
                          Hi - we don't comment about security or specifics.

                          But what I can say is that the environment you log into, Honeywell takes very seriously, it is the same environment major facilities such as Hospitals, Large Buildings and Emergency services use.
                          getconnected.honeywell.com | I work for Honeywell. Any posts I make are purely to help if I can. Any personal views expressed are my own

                          Comment

                          • DBMandrake
                            Automated Home Legend
                            • Sep 2014
                            • 2361

                            #14
                            Originally posted by meinnit View Post
                            I want the VPN to be the only point of entry to my network due to security concerns. Don't like the idea of devices being exposed directly to the internet.
                            The Evotouch controller is not "exposed" directly to the internet. Not unless you have public IP addresses and no NAT firewall on your network, but that would be very bad for many other reasons...

                            If you try port scanning the controller (yes I have tried) you'll find it has no ports open at all anyway. Zero.

                            It only makes and maintains a persistent outgoing HTTPS connection to the Honeywell servers. The TLS certificate used by HTTPS prevents impersonation or man in the middle attacks on the connection from your controller to Honeywell.

                            When you make changes via the App your phone is communicating with the Honeywell servers (even if you are on the same local network) which then sends push notifications back to the controller via the always active outgoing connection. (Much like an iPhone receiving push notifications..)

                            The only real risk I can see other than Honeywell's servers being hacked is of password guessing of your Honeywell account, that would allow people to see your heating schedule and make changes, so just use a really strong password.

                            From what I've seen the security of the Evotouch system is way better than the vast majority of "internet of things" devices, which typically have hideous security holes like a web server enabled by default with a default (or backdoor) password...

                            Comment

                            • paulockenden
                              Automated Home Legend
                              • Apr 2015
                              • 1719

                              #15
                              Just don't mention the HGI80, eh?

                              Comment

                              Working...
                              X