Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: evohome security with Domoticz/HGI80

  1. #1
    Automated Home Guru
    Join Date
    Dec 2014
    Posts
    149

    Default evohome security with Domoticz/HGI80

    Just a quick question: I know it's possible to read Evohome wireless data via a Domoticz/HGI80 and it seems like it's possible to control the Evohome via this method too (?) From what I can gather there is no setting to allow this in the Evohome setup (?)

    What's to stop a neighbour setting this up and reading/controlling somebody else's system ?

  2. #2
    Automated Home Ninja
    Join Date
    Aug 2016
    Posts
    489

    Default

    Nothing at all. The security is very rudimentary. When you bind a device to the controller, they learn about each other's IDs. The devices will only accept commands from the controller, and vice-versa. But there's nothing stopping a malicious actor from broadcasting radio packets with fake device IDs on.

  3. #3
    Automated Home Guru
    Join Date
    Dec 2014
    Posts
    149

    Default

    interesting - seems a bit lapse IMO. Should have encrypted this

  4. #4
    Automated Home Ninja
    Join Date
    Aug 2016
    Posts
    489

    Default

    Unless you're Donald Trump, I doubt you're important enough for somebody to want to learn enough about the Rameses II protocol and then drive past your house and tamper with your central heating :-)

    Now the actual Evohome Security products, I know nothing about. I assume they're a bit more secure!

  5. #5
    Automated Home Legend
    Join Date
    Sep 2014
    Location
    Scotland
    Posts
    1,828

    Default

    Keep in mind also that the protocol was designed about 15 years ago - it was a very different day and age when it came to security of wireless protocols! (or protocols in general)

    Remember that WEP (which claimed to be a secure encryption method at the time) was still current in 2002 and is now known to be horribly broken and insecure.

    I'm sure my wireless video baby monitor which uses "encryption" is also vulnerable to attack but (not being IP based) would require someone within about a 50 metre radius of my house with malicious intent and considerable technical know how to exploit it. The same could probably be said of the Evohome's wireless protocol.
    Last edited by DBMandrake; 26th January 2017 at 03:16 PM.

  6. #6
    Automated Home Guru
    Join Date
    Dec 2014
    Posts
    149

    Default

    agreed - and I 'm not suggesting that anyone should lose sleep over it, but I'm guessing that most customers wouldn't assume that anybody could so easily tamper with it.

    do we know for sure Donald Trump has Evohome installed ?

  7. #7
    Automated Home Legend paulockenden's Avatar
    Join Date
    Apr 2015
    Location
    South Coast
    Posts
    1,594

    Default

    I think the issues are bigger than being able to turn up someone's heating, but I don't think it's wise to post the details.

  8. #8
    Automated Home Ninja
    Join Date
    Aug 2016
    Posts
    489

    Default

    Quote Originally Posted by orange View Post
    agreed - and I 'm not suggesting that anyone should lose sleep over it, but I'm guessing that most customers wouldn't assume that anybody could so easily tamper with it.

    do we know for sure Donald Trump has Evohome installed ?
    Big ole' draughty 400 year old house? Let's hope so!

  9. #9
    Automated Home Guru
    Join Date
    Dec 2014
    Posts
    149

    Default

    Quote Originally Posted by paulockenden View Post
    I think the issues are bigger than being able to turn up someone's heating, but I don't think it's wise to post the details.
    do honeywell know ?

  10. #10
    Automated Home Legend paulockenden's Avatar
    Join Date
    Apr 2015
    Location
    South Coast
    Posts
    1,594

    Default

    Quote Originally Posted by orange View Post
    do honeywell know ?
    Yes. But let's just leave it there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •