I have just started using some ESP8266 boards coupled to DHT22 sensors as room sensors, so far I’m very impressed and hopefully they will be more reliable than the ZigBee devices they are replacing which all magically started failing around the same time (purchased at same time)
I was wondering if these little boards pose any security risk to the home network?
I have them feeding my HA setup via MQTT & NodeRed which uses some of the input for control and passes some of it through top the HA front-end for display and eye-candy
Hint: If you are going to post your code and error logs for us to make suggestions, please use </> forum formatting so it is readable.
Yes, security can be an issue. Yes, the amount of security exposure can be limited with careful design, but any guarantees it is eliminated should be treated with suspicion. Adding more layers can increase your potential exposure area, so keep that in mind when installing add-ons. Is the added burden of NodeRed and MQTT essential to getting DHT22 sensor data into HomeAssistant when an example from the ESPHome cookbook may do the same job?
I would venture there is no conspiracy involved, and you haven’t been hacked. It may (most likely) be related to software or firmware changes. Not enough information to guess as to the underlying issue at this stage.
This is the sketch they are currently running, hopefully it’s a reasonable one
/*
* Maker : DIYSensors
* Project : Temp and Humidity WiFi - MQTT and OTA
* Version : 1.0
* Date : 10-2024
* Programmer : Ap Matteman
* Modified by: Dave Kearley March 2026
*/
#include <ESP8266WiFi.h>
#include <ESP8266mDNS.h>
#include <WiFiUdp.h>
#include <ArduinoOTA.h>
#include <PubSubClient.h>
#include <Adafruit_Sensor.h>
#include <DHT.h>
#include <DHT_U.h>
//#include "arduino_secrets.h"
int iWiFiTry = 0;
int iMQTTTry = 0;
int signalstrength;
String sClient_id;
//DHT22 settings
#define DHTPIN 14 // Digital pin connected to the DHT sensor
#define DHTTYPE DHT22 // DHT 22 (AM2302)
DHT_Unified dht(DHTPIN, DHTTYPE);
unsigned long lPmillis = 0; // will store last time MQTT has published
const long lInterval = 60000; // 60000 ms => 60 Seconds for demo. You can change it to 5 minutes
//Set WiFi details here.....
const char* ssid = "xxxxxx";
const char* password = "xxxxxx";
const char* HostName = "xxxxxx"; // make this unique!
//Set MQTT Subscriptions here - MQTT topic will read as "HostName & _Temperature" or "HostName & Humidity"...
const char* TopicTemperature = "xxxxxx_Temperature";
const char* TopicHumidity = "xxxxxx_Humidity";
const char* TopicWiFi = "xxxxxxx_WiFi";
//Set MQTT broker connection here...
const char* mqtt_broker = "xxxxxxx";
const char* mqtt_user = "xxxxxx";
const char* mqtt_password = "xxxxxxx";
WiFiClient espClient;
PubSubClient MQTTclient(espClient); // MQTT Client
void setup() {
Serial.begin(115200);
while (!Serial) { ; } // wait for serial port to connect. Needed for native USB port only
dht.begin();
Connect2WiFi();
Connect2MQTT();
pinMode(LED_BUILTIN,OUTPUT);
}
void Connect2WiFi() {
//Connect to WiFi
// WiFi.mode(WIFI_STA); //in case of an ESP32
iWiFiTry = 0;
WiFi.begin(ssid, password);
WiFi.setHostname(HostName);
Serial.print("Connecting to WiFi ");
while (WiFi.status() != WL_CONNECTED && iWiFiTry < 11) { //Try to connect to WiFi for 11 times
++iWiFiTry;
Serial.print(".");
delay(500);
}
Serial.println("");
Serial.print("Got IP: "); Serial.println(WiFi.localIP());
// ArduinoOTA.setPort(8266); // Port defaults to 8266
ArduinoOTA.setHostname(HostName);
// ArduinoOTA.setPassword((const char *)OTAPassword); // You can set the password for OTA
ArduinoOTA.onStart([]() { Serial.println("Start"); });
ArduinoOTA.onEnd([]() { Serial.println("\nEnd"); });
ArduinoOTA.onProgress([](unsigned int progress, unsigned int total) {
Serial.printf("Progress: %u%%\r", (progress / (total / 100)));
});
ArduinoOTA.onError([](ota_error_t error) {
Serial.printf("Error[%u]: ", error);
if (error == OTA_AUTH_ERROR) Serial.println("Auth Failed");
else if (error == OTA_BEGIN_ERROR) Serial.println("Begin Failed");
else if (error == OTA_CONNECT_ERROR) Serial.println("Connect Failed");
else if (error == OTA_RECEIVE_ERROR) Serial.println("Receive Failed");
else if (error == OTA_END_ERROR) Serial.println("End Failed");
});
ArduinoOTA.begin();
Serial.println("Ready");
//Unique MQTT Device name
sClient_id = "esp-client-" + String(WiFi.macAddress());
Serial.print("ESP Client name: "); Serial.println(sClient_id);
}
void Connect2MQTT() {
// Connect to the MQTT server
iMQTTTry=0;
if (WiFi.status() != WL_CONNECTED) {
Connect2WiFi;
}
Serial.print("Connecting to MQTT ");
MQTTclient.setServer(mqtt_broker, 1883);
while (!MQTTclient.connect(sClient_id.c_str(), mqtt_user, mqtt_password) && iMQTTTry < 11) { //Try to connect to MQTT for 11 times
++iMQTTTry;
Serial.print(".");
delay(500);
}
Serial.println("");
}
void loop() {
ArduinoOTA.handle();
unsigned long lCmillis = millis();
if (lCmillis - lPmillis >= lInterval) {
lPmillis = lCmillis;
if (!MQTTclient.connect(sClient_id.c_str(), mqtt_user, mqtt_password)) {
Connect2MQTT();
}
//Flash the onboard LED
digitalWrite(LED_BUILTIN,LOW);
delay(500);
digitalWrite(LED_BUILTIN, HIGH);
// Get WiFi signal strength and print its value.
signalstrength = WiFi.RSSI();
if (isnan(signalstrength)) {
Serial.println("Error reading signal strength!");
MQTTclient.publish(TopicWiFi, String(-180).c_str());
}
else {
Serial.print("Signal Strength: "); Serial.print(signalstrength); Serial.println("dBm");
MQTTclient.publish(TopicWiFi, String(signalstrength).c_str());
}
sensors_event_t event;
dht.temperature().getEvent(&event);
if (isnan(event.temperature)) {
Serial.println("Error reading temperature!");
MQTTclient.publish(TopicTemperature, String("-180").c_str());
// MQTTclient.publish("Office/Sensor/TemperatureF", String("-180").c_str());
}
else {
Serial.print("Temperature: "); Serial.print(event.temperature); Serial.println("°C");
MQTTclient.publish(TopicTemperature, String(event.temperature).c_str());
// MQTTclient.publish("Office/Sensor/TemperatureF", String((event.temperature * 1.8) + 22).c_str());
}
// Get humidity event and print its value.
dht.humidity().getEvent(&event);
if (isnan(event.relative_humidity)) {
Serial.println("Error reading humidity!");
MQTTclient.publish(TopicHumidity, String(-180).c_str());
}
else {
Serial.print("Humidity: "); Serial.print(event.relative_humidity); Serial.println("%");
MQTTclient.publish(TopicHumidity, String(event.relative_humidity).c_str());
}
Serial.println("----------------------------");
// If you want to reboot your device when WiFi is not working
if (iWiFiTry > 10){
Serial.println("REBOOTING");
Serial.println(" Reboot in 2 seconds");
Serial.println("");
delay(2000);
ESP.restart();
}
}
}
My whole system runs on Node Red, no HA automations etc, all done in NR so adding these to an already running MQTT setup made sense.
I think the failure of the little Aqara sensors might be by design, they are just cheap chinese junk really and for them all to start getting the same issue at around the same time points to planned obsolesence to me
By “failing”, is the hardware not working, or are they not communicating reliably ? If the latter and you have been adding more zigbee devices, maybe you need to also add some more routers (aka repeaters) ? There have been several discussions on improving zigbee performance over the years which are well worth the search.
The failure mode has been consistent - they worked fine and a pair of AAA batteries lasted about 6-9m which was ok, then the battery life started falling ( i log replacement dates) until it reached about 2 weeks which is totally useless.
They were purchased in two batches, the first batch has all failed now and I am expecting the next batch to start failing very soon.
Or to look at it a different way … maybe they are having trouble communicating, and so having to stay awake longer waiting for free-air, or re-transmitting their data packets - and the longer they are awake the more power they use.
Consider also that zigbee uses the same radio frequency range as wi-fi, so that can also add complications and interference.
I’m no expert, but most of the zigbee problem threads I’ve seen (including my own) ended up being not enough routers.
The devices are all near powered ones i.'e routers so I’m not sure thats an issue. I have many powered zigbee devices - bulbs, switches and also other battery powered ones like door sensors and Hue controls - these seem ok.
It is an interesting point though, not sure how i can check the network out though, I currently have 2.4g WiFi and Zigbee at opposite ends of the range as I read that was best??
The IoT device hardware itself rarely poses any security threat - it is the way it is programmed which is questionable - particularly the firmware built into the device; such as the cases of smart light bulbs being hacked, as reported on tomshardware in 2023.
HA and ESPHome are designed to operate locally behind your router’s firewall - and your router firewall should block any opportunity for a hacker to contact them. Being Open Source, you can check the program code to verify this for yourself.
However some HA Integrations or add-ons require internet (eg Tuya, weather, streaming media); which provides hackers with a possible attack vector. It then depends how much you trust the manufacturer and programmer … but that’s no different to whether you trust your router and PC Operating System and browser add-ons.
This also assumes that the hacker is not already inside your LAN - eg by a security flaw in your router, or malicious software installed on a PC, smartphone or browser.
Personally I accept that there is some risk, but am not too worried about it. Some people do take security more seriously, including placing all IoT devices on a separate VLAN.
