Unless someone wants to access their HA instance from outside their network, which a lot of people do enjoy the ability to do. I, for one, need that ability, because Alexa/Home doesn’t support everything yet.
This is a double edged sword.
On the one hand, it is up to the user to understand the security of their network, which doesn’t necessarily mean it is Home Assistant’s responsibility to hold the user’s hand in this regard. It is up to the user to take on the responsibility to maintaining their network security. Sadly, people love to shout how they want their privacy and security, but don’t want to take the time to learn it.
I’m not sure what else Home Assistant as a project could do to warn people about the real dangers, as it should be expected and understood what the dangers of opening up ANY service to the outside world. How does this fall under HA’s responsibility?
That page is now linked from the Getting Started and the top level of the installation guide. There are also some more warnings now.
However, I’m with @flamingm0e on this - like any other software there’s a limit to what the developers can do to avoid people shooting themselves in the foot. That security page can be improved I’m sure - and you can submit edits yourself
Now, as it reads, your post suggests that you believe that Home Assistant is riddled with vulnerabilities. If you’ve got details of those, please do pass them to the developers (contact details can be found on every page of the web site).
Klogg and flamingm0e highlight the two opposing approaches to security
It should be handled by HA
It is the responsibility of the user
As someone who is trying to make some sense of it all, it would seem that the solution is somewhere in the middle. HA should do what it reasonably can do to provide security and the user must be aware of what is good practice.
I come to HA from an Electrical Engineering background and am comfortable with building sensor hardware for my house, but I have had to get up to speed on how I can make my setup secure as I want to be able to access it remotely. I have also scoured the forums for help and guidance. My current system is a very simple testbed to allow me to iron out issues before I commit to building a full system.
The result is that my simple system sort of works (DUCKDNS, LETS ENCRYPT) but with some errors and some components that now don’t work (UK Met Office and Yr weather components). I’m also getting my single Sonoff controlled lights coming on for no reason. Not sure if this is a glitch on the Sonoff unit or a hack. I haven’t investigated it yet.
I really like HASSIO, with its add-ons, and I think it will allow me to implement significant amounts of home automation. However, like Klogg I have this background worry that I’m building a system with subtle security flaws in it and that I should just abandon the external access capability, which would be a shame.
I suspect that all the information we need is available, but it is scattered about in forums and Github issue pages.
It would be great to get the view of the HA developers on HA security.
You probably won’t get that here (the developers almost never come to the forum), however…
Home Assistant’s primary protection mechanisms are:
It uses aiohttp for the web interface, this is the thing that’s most at risk of introducing a “subtle” vulnerability. If it was an in-house developed interface I’d be concerned, but it isn’t.
The use of an API password for limiting access. There is now work underway to improve this with a proper authentication layer, but it does exist.
The use of SSL to encrypt remote connections to stop people sniffing that password.
For what it’s worth, I’ve been running Home Assistant exposed to the Internet for over a year now using this approach. Maybe some of that needs to make it into the official docs?
Haven’t had to go the capacitor route yet, I did have a couple ghost switchers but then a couple that didn’t. But now I just put them on all my Sonoff GPIO14 wall switch/button installs.
We might need to split this Sonoff talk off into its own thread though.
They could keep the idea that they will only support local network operation.
And you will go somewhere else to learn how to use outside of your network.
I feel it just adds more problems for them to deal.
Like not supporting certain things as components. But these days are long gone.
People would complain about not being supported and people will complain when things like these happen.
It’s a loose-loose situation.
Would that not limit Home Assistant massively. This is one area where HA excels.
The main issue is the end user not understanding the risks associated with exposing anything to the internet.
The devs can only warn them, in the end its up to the end user to either accept the risk or not.
Like what? What components would you remove support for?
Google Assistant? Alexa?
Those 2 things can be mitigated by using the ‘Cloud’ feature.
What other components require opening ports and exposing their system?
I have been down this road with FreeNAS for years. It amazes me that people want to open up their NAS web GUI to the internet because they want to play with it while they are not at home. They ignore all warnings of security and open it up anyway. They do it with their SAMBA shares and they do it with their admin portal, despite being warned. People will do what they want for convenience. You cannot stop stupid.
I think from a simple ‘noob’ point of view it would be nice if HA was built secure to the point that we shouldn’t be at all worried based on:
We have an API password (which should be forced unless only accessing from local network, and even in this case, HA to remain secure to the outside world)
We want to access HA from external to our network and therefore follow a straight to the point tutorial for mapping the port in the router to the HA instance.
HA should be fully secure even with this port forwarded.
My question now (as someone with limited knowledge of network security compared to many on here) now stands at: Is my HA instance at risk if I have both the above items covered?
All this talk about SMB shares being accessible confuses me simply because my understanding was that the SMB share that I have is only being shared to my local network and not becoming available to the rest of the world. I do have a password on my SMB and guest is turned off, but how I am to know that I’m not still at risk. It would be nice to know that HA (from the developers) has this locked up tight for me. That’s the type of assurance the commercial products make us believe we have. I know this is free open source software which I am very appreciative of, however if it is to stand out from the rest I think this needs to be inherent.
I understand that many people have gone to additional lengths with things I know nothing about such as reverse proxies, but these defences shouldn’t be needed for a system like this. It should be secure on its own.
At the moment I hope my HA server is secure…but I really don’t know for sure.
So really the only way to be secure is by using the cloud service…because lets be serious, we want external access, its how we check on things whilst away etc.
I get that I added it etc, but as you have said above, if I haven’t forwarded a port for SMB then I’m all good, which I haven’t. (no port 445 showing up on Shodan)