I am a security engineer, it's part of my daily job to assess technical risks and provide proper advice on controls and mitigations to these risks, this extends to my personal life as well where I try my best to apply the same principles when dealing with technology. In this post, I will tell you about how I added a couple of smart devices to my home and how I managed some of the risks they pose to my privacy and security.
If you ever thought about buying some smart devices for your house, there is a good chance you read/heard the following joke:
Tech enthusiasts: My entire house is smart.
Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.
Many people both within the security industry and outside it share this sentiment against smart home gadgets and justly. Internet of Things devices are horrible when it comes to security and privacy, and that's putting it nicely.
Any person with a reasonable common-sense and good threat modelling / risk management knowledge will recognize the considerable risks they would be introducing to their homes once they adopted one or more of these smart devices. However, just because a risk exists, don't mean we should all give up on the potential benefits.
I was bored. I have been working from home for the better part of last year, and it was starting to get on my nerves. I needed some new shinty object to distract me from the current depressing reality, and what's more shiny than a light that can change it colours following the music playing on your phone?
So, turns out smart devices aren't cheap by any means which led me to look for the most affordable options out there, here is what I ended up using:
- A Google Nest Mini (got it as a gift from Google but never used it).
- Ikea smart lights and their bridge (probably the cheapest smart lights around).
The setup process for these lamps is quite straight forward, just watch the video below, and you will get a good idea of how it works.
I did a couple of extra steps for the sake of security:
- I forced the traffic from the gateway through my PiHole server.
- I isolated the gateway and prevented it from reach other devices on the network except for my phone.
Once I was done with these things, I coupled the lights to my Apple HomeKit application and started enjoying my new fancy, smart light.
Well, turns out these lights aren't as fun as I expected. They have a limited colour spectrum (I knew that when I bought them). They are a bit unstable and don't work smoothly all the time.
- Do I regret buying them? Absolutely not.
- Will I buy other models that have more colours? Yup.
- Is there any technical value in this post? Most likely not.
One thing I know for sure, I will do some IoT security testing using these lamps just for the sake of learning more about the topic.
PS: I tossed the Google Nest Mini off my network, good sound isn't worth giving Google more information about my activities.