Evohome app broken

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • rjtucker
    Automated Home Jr Member
    • Feb 2019
    • 18

    I tried:

    Code:
    $ GET http://<<ip address>>/heaterlist.json
    and not got anywhere.

    Yes, I found the outside/Internet temperature setting on the app. Neither setting got the CH temperature above 45-55℃.

    Comment

    • zxdavb
      Automated Home Guru
      • Jan 2018
      • 106

      Originally posted by rjtucker View Post
      I tried:

      Code:
      $ GET http://<<ip address>>/heaterlist.json
      and not got anywhere.
      Sorry, no ideas here, then.

      Originally posted by rjtucker View Post
      Yes, I found the outside/Internet temperature setting on the app. Neither setting got the CH temperature above 45-55℃.
      Do you know to set the heat curve?

      Comment

      • rjtucker
        Automated Home Jr Member
        • Feb 2019
        • 18

        Originally posted by zxdavb View Post
        Do you know to set the heat curve?
        I've not looked too far into it. The lan2rf device is completely disconnected at the moment, my main concern being the security of the connection. I really want to know how I can be sure that Intergas have made the device secure. I think an IT professional would tell me I'd need to be nuts to connect it now. It needs to be connected, so they can check boiler parameters and need of servicing required for the 12-year warranty I should have with it. I've only paid HomeServe a deposit so far, so it's all a bit worrying how to go on.

        I tried using the app with an old router from a previous ISP not connected to the Internet. Didn't get very far – wouldn't scan the QR code and the connection seemed to keep going down.

        Comment

        • zxdavb
          Automated Home Guru
          • Jan 2018
          • 106

          Originally posted by rjtucker View Post
          I've only paid HomeServe a deposit so far, so it's all a bit worrying how to go on.
          Sorry (maybe I've made a wrong assumption), do you have an InterGas boiler, or a worcester Boiler?

          AFAIK, the two are completely different, and I have been talking about InterGas InTouch Lan2RF.
          Last edited by zxdavb; 26 February 2019, 05:01 PM.

          Comment

          • rjtucker
            Automated Home Jr Member
            • Feb 2019
            • 18

            Originally posted by zxdavb View Post
            do you have an InterGas boiler, or a worcester Boiler?
            I had an Intergas Xclusive 24kW boiler that was installed. It was a package put together between HomeServe and Octopus Energy.

            octopus_homeserbe_deal.jpg
            Last edited by rjtucker; 26 February 2019, 12:21 PM.

            Comment

            • paulockenden
              Automated Home Legend
              • Apr 2015
              • 1719

              I have a lan2rf gateway communicating with my Eco RF 36.

              For me, http://<<ip address>>/heaterlist.json returns:

              {"heaterlist":["id_of_my_boiler",null,null,null,null,null,null,null]}

              You need http://<<ip address>>/data.json to get the actual data.

              More details here.
              Last edited by paulockenden; 26 February 2019, 12:40 PM.

              Comment

              • paulockenden
                Automated Home Legend
                • Apr 2015
                • 1719

                Originally posted by rjtucker View Post
                The lan2rf device is completely disconnected at the moment, my main concern being the security of the connection. I really want to know how I can be sure that Intergas have made the device secure.
                These are the people who wrote the app, so will almost certainly know more about this than Intergas UK.

                From that page, Google Translate says:

                Privacy and security guarantee
                Privacy and security is always a challenge and especially when it comes to boilers that are at home with people. You do not want random people to gain access to your central heating boiler and thus change your thermostat. To prevent this, we have built in several safety checks that ensure that the chance that a central heating boiler is operated by third parties is kept to a minimum.

                Which doesn't really say anything!

                That fact that the device accepts inbound connections with no or known passwords is obviously a security risk. For most users it'll be hidden behind NAT, which offers a degree of firewalling. But if someone gained access to another device on your network they would be able to access the Lan2RF gateway.

                It's a risk I'm prepared to take.

                Comment

                • rjtucker
                  Automated Home Jr Member
                  • Feb 2019
                  • 18

                  Originally posted by paulockenden View Post
                  You need http://<<ip address>>/data.json to get the actual data.
                  Someone on another forum put a link to a filesharing site with the instructions in Dutch.

                  It's the filedropper link on this page:
                  Other Examples: Coffee : https://github.com/sirchia/pimatic-intergasincomfort Domoticz : https://www.domoticz.com/forum/viewtopic.php?t=7745
                  Last edited by rjtucker; 26 February 2019, 01:29 PM.

                  Comment

                  • rjtucker
                    Automated Home Jr Member
                    • Feb 2019
                    • 18

                    Originally posted by paulockenden View Post
                    Thanks for the info.

                    Originally posted by paulockenden View Post
                    That fact that the device accepts inbound connections with no or known passwords is obviously a security risk. For most users it'll be hidden behind NAT, which offers a degree of firewalling. But if someone gained access to another device on your network they would be able to access the Lan2RF gateway.
                    According to my email provider, smtp messages are often used to send information to these devices. Since these only send information, that my email account accepted them is not unexpected. Web logins, which were the first two logins, are more suspicious, and why did it go for my email account?
                    Last edited by rjtucker; 26 February 2019, 01:44 PM.

                    Comment

                    • paulockenden
                      Automated Home Legend
                      • Apr 2015
                      • 1719

                      You've completely lost me with that last paragraph!

                      I don’t think many IoT devices contain an SMTP server! I suspect someone is confused about PCs becoming infected because someone opened an attachment in an infected email.

                      Comment

                      • rjtucker
                        Automated Home Jr Member
                        • Feb 2019
                        • 18

                        Originally posted by paulockenden View Post
                        You've completely lost me with that last paragraph!

                        I don’t think many IoT devices contain an SMTP server! I suspect someone is confused about PCs becoming infected because someone opened an attachment in an infected email.
                        A screeenshot of a reply I got from Fastmail:

                        fastmail_ticker.jpg

                        Comment

                        • paulockenden
                          Automated Home Legend
                          • Apr 2015
                          • 1719

                          Without knowing the background it's hard to understand that. Especially "logins via SMTP".

                          P.
                          Last edited by paulockenden; 26 February 2019, 06:53 PM.

                          Comment

                          • rjtucker
                            Automated Home Jr Member
                            • Feb 2019
                            • 18

                            Originally posted by paulockenden View Post
                            Without knowing the background it's hard to understand that. Especially "logins via SMTP".
                            The boiler was installed on 12th February 2019. An electrician set up an account on/via the lan2rf (as I didn't have a smartphone at that time) on 14th February. Later that day, I discovered I could install Android on VMware and found I could get some functions of the Android app to work that way. On Monday 18th, I took delivery of a smartphone and accessed the lan2rt device with it. I completely disconnected the device from the mains power and Internet on 21st February. I have never been able to access it with a browser or GET command.

                            On Monday 18th, it became obvious I was not receiving mail on my Fastmail account. It would receive a test mail I sent from my Yahoo email account, but not from elsewhere. Here are some screenshots of my logins log on Fastmail:




                            Maybe I can upload the full .csv if necessary.

                            There are no successful logins before the U.S.ones on Feb 17th. There are no successful ones but mime after 20th February.

                            Comment

                            • gordonb3
                              Automated Home Ninja
                              • Dec 2016
                              • 273

                              Don't really know how that SMTP stuff is supposed to be related to Evohome, but SMTP is the internet mail transfer protocol. This starts with your client and ends with the mail server that hosts your email address and from which you collect your email using reader protocols like IMAP or POP3 (or MAPI, the horror!). Emails may be handed through several mail transfer agents (MTA) before reaching their destination postbox (which is an MTA itself) but this never includes sending login credentials. The only point in this chain where credentials are sent are at the source, so if you see successful logins from external sources on your email server (i.e. MTA) that means that someone else is using your server to send emails - which will most likely be spam.

                              Comment

                              • rjtucker
                                Automated Home Jr Member
                                • Feb 2019
                                • 18

                                Originally posted by gordonb3 View Post
                                Don't really know how that SMTP stuff is supposed to be related to Evohome
                                Nor me, not even after reading and trying to understand this:
                                IBM Developer is your one-stop location for getting hands-on training and learning in-demand skills on relevant technologies such as generative AI, data science, AI, and open source.


                                I guess what I might need to try to do is to play around with the lan2rt connected to the Wi-Fi and Internet using my smartphone but with my desktops shutdown – only they hold sensitive passwords. But until Intergas get in touch to say the apps are fixed (and supply me with a lan2rf with a readable password?), I'm not too sure it's worth doing that.

                                Comment

                                Working...
                                X