You are reading a single comment by @kboy and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
kboy
The hardware is pretty secure, not perfect but definitely good enough against remote hacks. If you have physical access then as always it is game over, plus you could've just turned the oven on 🤷
They do talk to each other on the local network, but I sniffed that and everything is encrypted and a portscan showed very little was open so they've done a reasonably good job at local network security. But in any case I chose to put the kitchen appliances on their own VLAN.
The weak point would be the hosted APIs that drive the mobile app - but I'm ambivalent about those risks because whilst they are real, what they can do is limited by the local hardware controls. i.e. you cannot turn on an oven without MobileStart being enabled locally and physically, and even if you could turn on the hob it isn't going to do anything as the induction won't detect metal on it and won't engage. The worst someone could do remotely without the local physical controls being enabled is to see how much detergent I have left in the washing machine, turn on the extractor fan, or turn on the hob lighting - none of which is bad.
And to be clear, because I don't actually start things on the app I haven't enabled MobileStart locally - which means everything is read-only, the APIs cannot tell the hardware to do anything with the safety switch that is MobileStart not enabled.
So what benefit is there? Well the remote APIs cannot do anything without MobileStart, but locally the hardware does trust the authenticated other hardware, and they co-ordinate together. The hob and extractor hood are entirely different SKUs and yet via WiFi they talk to each other and if you put something on the hob the extractor will turn on at the appropriate speed, with lighting enabled, and after you've stopped cooking it will run for a few minutes to clear the air and then turn off. So there's lots of nice small benefits even if you're not doing remote stuff.