About code arm required / code disarm required: idea is great but for now there is no sense in this setting. Reason: if I have access to hass, I can reconfigure integration not to ask for code and then I can easily disable alarm. Reconfiguration is not asking for code.
I think there should be some kind of safeguard against such situations.
dont leave your HA open then, secure it with an rfid or nfc ?
I would love to have hass fully secure. But I think it is better to be secure on all levels in this business.
I might have best hass security but if it fails, then believe me I do not want to give risco so easily.
I use this risco component, especially for binary sensors to turn on spotify and lights in the morning
And also nfc tags in the car, so when I am arriving home, I swipe with Android over the tag to disarm the alarm … Just for fun
+1 for that, talk about it to onfreund?
Security is a BIG issue here.
Anyway , you guys willing to share your frontend what you do with the alarm panel?
I don’t see the security risco here, you need to secure your HA… So people can’t use your instance… If they can’t access your instance they can’t control your integrations.
Anyway, I don’t use the frontend anyway, I only use the binary sensors, and I have exposed risco to Google assistant, so I can turn the alarm off with my smart watch with voice
That’s not entirely accurate - you need to be an admin user in HA to be able to configure an integration, so this is only a concern if the attacker gets a hold of an admin user (at which point they can do other crazy things to your system). If the attacker only has access to a regular user, they’ll need the code.
You are right. Only admin can reconfigure.
But whole system is as secure as its weakest link. I do not think this is bad idea just to further limit how much we can do with risco.
Over last years I heard lots of stories where someone was able to get admin or root priv. to mess around with system. I know it can happen to risco cloud as well. Or to nabu casa.
But assuming hass was compromised: attacker can do lots of crazy things but not really harmful. They can mess around with my light, delete everything. So what!
I added my gas heater to hass lately. It is in RO so they can’t kill me with heat or cold
If risco can be disabled, if they see my location (made for presence detection), there is nothing to stop them from robbing my home.
So as long as I understand your point of view, I still believe there should be some better safeguard.
Well, then use 2fa ? That’s secure, and complex passwords for your root… No one can get in, and for sure not burglars
I do.
Banks do use it. And still, the most critical part of their infra is separated. I consider alarm system to be that kind of stuff.
But eot from my part. Let’s leave it. Maybe someone will back me up
Still anyone willing to show their frontend using this?
I agree. That’s why great measures are usually taken to secure admin credentials, and to make sure that if any credentials leak, they are for an unprivileged user.
Yes, I agree that enabling this integration increases the attack surface, but with proper security for admin credentials, the weakest link will be elsewhere.
Hi,
Hope, this is not off topics, but this thread seems to be the only one active about Risco.
Since I am planning to change my alarm system, I’m thinking to go with Risco.
I’d like to know if it works with any of these products:
Risco LightSYS™ 2;
Risco ProSYS™ Plus;
If I understand I need to have Risco Cloud enabled, is this done by default? or do I have to pay extra money for this?
One last question, I see that this integration creates binary_sensor for each zone, but does it create a binary sensor also for every physical sensor such as windows sensor, barrier motion detection?
Thanks in advance for any reply.
Marco
i too have lightsys , yes , riscocloud is a payed service, but only once … its not a subscription
its like you can pay a sim card module, or voice , …
the binary sensors are coming from indeed hardware …, so i have for each pir detecor a binary sensors, and also for each fire detector…
but pay attention, the polling time < 5 is a no-go, so if you want to create automations to turn on light in a speficic room , thats not ideal
also note, risco is changing their riscocloud, there is something happening early 2021 , so it might be possible that this integration will go down or needs to be redeveloped , cause its now using a reversed engineered API
Fabio thanks for your answer which is really helpfull
Hi
I have a question concerning the risco integration
I have a button showing the state of the alarm and if u press it pops up the control panel to give in the code
This is the code using homekit button card
cards:
- type: custom:button-card
entity: alarm_control_panel.risco
name: Alarm
show_label: false
size: 40%
icon: mdi:shield-off
state:
- icon: 'mdi:shield-on'
styles:
icon:
- color: var(--sidebar-selected-icon-color)
value: 'on'
styles:
icon:
- color: var(--primary-text-color)
tap_action:
action: call-service
service: browser_mod.popup
service_data:
card:
entity: alarm_control_panel.risco
states:
- arm_home
- arm_away
type: alarm-panel
deviceID:
- this
title: Alarm
I got 2 problems:
- the button doesnt change icon when its armed, so there might be something wrong there?
- when pressed and i give in my code, the alarm state doesnt change
Any idea?
I made an automation depending on my binary sensor state.
However, when i move in front of it, it doesnt change?
Any idea?
Can you show the code? Make sure you set a correct polling interval, mine is 4 sec
Not sure why you need t he code…
As long as the state doesnt change, the automation (code) wont work
Anyway here it is
- id: '1578251418685'
alias: Lichten inkom aan bij beweging
description: ''
trigger:
- entity_id: binary_sensor.det_inkom
platform: state
to: 'on'
condition:
- condition: state
entity_id: sun.sun
state: below_horizon
action:
- data:
entity_id: light.inkom
service: light.turn_on
But you do mention something, you say your interval polling is 4 sec?
Mine is 30
Maybe thats the reason
edit: changed it to 5 now, and was running around for min 10 sec but state of the binary sensor still doesnt change
No problem here, do you see the binary changing? Do you see it changing in risco app?