I thought i was hacked. but ended up with a topic full of usefull information

myip:8300 works.
but it cant be reached from outside, i have UPnp in the router disabled.

and the only open port (443) was routed to 8123 in nginx
i have no clue how, but at this moment i think that could be it.

Opened a issue, PR is welcome.

2 Likes

Hi all, I had a look at shodan.io and scanned for home-assistant, second link i have found and opened showed me this :open_mouth:

Edit: Image removed by @fabaff

There is a configuration of nginx and HA that can basically open you install to web

Do you have any other components in your setup (Alexa, Google Home etc.) that are somehow linked to your emulated hue? Maybe there was just something running on your TV where there was a phrase like “…in Odessa bigfoot hooligans turned on…”, or what ever other language your devices listen to. :laughing:

1 Like

and if there’s a firmware update for your router, apply it. Always make sure you are running latest firmware available for your router. Switching to OpenWrt/Lede, DD-WRT will probably give you better security, as long as you are comfortable messing with your router

lol. yup i have alexa connected to emulated hue.
but there was no tv running and both my wife and i were in the living room and alexa didnt say anything.
the timeframe doesnt fit with 1 action. but i will look into that.

now that i recoqnized that it could be hue, i can look at some other stuff.
thanks for pointing this out for me though.

I found the problem and i must apologize to all that have doubted all along because they were right
special thx to @awarecan that pointed me to the fact that all activated deviced were connected with emulated hue and to @danielperna84 that pointed at alexa.

what did exactly happen?

i had forgotten about the fact that my father also owned a amazon echo that i had given him and that is still in my account. and he did watch TV that morning.
in the Alexa app history i can find an entry that says: “alle lichter an” (all lights on)
listening to it i cant hear why alexa did understand that, but it explains what happened.
probable cause for the different delays in between the actions can be that HA was having trouble and had some lagging. (i have seen that that happens sometimes, but cant find that back because the log is overwritten)

because i was home with my wife and everything was quiet i never thought about the possibility alexa.
and untill awarecan pointed at emulated hue, i didnt realise that those input_booleans were in a kind of group.

my quick response to close down nginx probably happened at the same moment that the lights were all on.
and alexa sees my tv and the beamer also as lights. and that made it more confusing.

I thank all that have taken the time to think with me, and i am glad that i found the cause.
i already learned more about nginx and i now know that a VPN at my side is possible (and i have that active for the moment). and allthough my system was already pretty safe, i have learned some points where i might take extra precautions.

23 Likes

@ReneTode Sorry that you had issues, but I for one have learned a lot.

I have changed my passwords, updated a lot of firmware, started using a VPN, stopped most of the installed addons when I am not using them (especially Samba which I start now only when changing configuration), verified what ports I have open on the router and closed those that I didn’t need open.

All in all it was a good learning opportunity for the community. Have a good day, maybe night for you now.

3 Likes

@ReneTode so I think you will need to write personal apology letters to everyone who read this listing and was freaked out about HA security. :wink: You are going to be busy. Just curious, how did your wife react to this?

hmm, i think ill keep it general, or ill be busy allyear long and i wont be able to help others anymore :wink:
reaction from my wife: “hmm, oke.” :wink:

@carbuthn thx for sharing that you also learned. at least it was usefull then :wink:

I think @ReneTode has behaved properly throughout. I don’t seek an apology, nor should anyone else.

Lesson learned - if you sell or give away a “smart” speaker thingy, or any other device, remove it from your account! Take it back to factory defaults!

6 Likes

thanks nick.
actually the plan was to integrate some automations and alarms at his house in our system, because he is a little bit older. he also has no prime, so he wouldnt have music oppotunity.
but because he uses it so rarely and i didnt get to creating more possibilities for him, it just went of my radar.

and i must say that maybe i would have thought about alexa if there was ever a moment that she had turned on anything without being asked. i am still waiting that they implement the voice recognition here.
then i can make sure that nothing like that happens again.

I’ll also say thanks for your mistake.

It definitely shown the light on several possible weaknesses that most (including me) didn’t know to even think about.

It was instrumental in moving me from a simple password to NGINX then on to a VPN. Which I think that ultimately is the safest route and really easy to implement. If I could do it then anyone can! :smile:

1 Like

No, it is caused (designed) by “stupid” emulated_hue, it calls entities’ turn_on services one by one with blocking=True.

1 Like

so, just to be clear, are we back now to people being hacked that have UPNP active on router or forwarded ports and unsecured Samba or no API password on HA?

Yep, I think that’s the conclusion. Not a single hack has been reported which was caused by a vulnerability in HA.

2 Likes

I too learned a lot from this thread. Glad you found root cause Rene.
While I don’t use HA externally, I am intrigued to implement NGINX or similar for logging. My dumb Fritzbox router is just really poor for logging any history. Would also like to implement VLANs, but not sure my router can support. Maybe there is EdgeRouter or similar in my future.

My current: Internet <-> Fritzbox Router w/wifi disabled <-> Amplifi/Ubiquiti Wifi.

Can somone recommend decent proxy/router setup?

Thanks in Advance,
~Bryan

1 Like

I also use a Fritzbox router (7590) and it doesn’t support VLANS so far as I can see although there is a guest mode you could use if you really needed to.

I’m using Caddy instead of NGINX as it seems simpler to setup and effectively gives you the same functionality for all practical purposes.

I see a lot of overthinking how far you should go and I still think it depends on what you are comfortable with. As I said above, it’s people who indiscriminately forward ports without using passwords that seem vulnerable, not HA itself being intrinsically vulnerable.

There are people here who have been scared off exposing anything at all to the internet which is a reflection of their level of comfort I guess. (and a dose of paranoir)

Thanks David. Will take a look at Caddy. Can I ask where you run it? A virtual machine?