I haven’t looked into it recently but I don’t think Xiaomi has ever pushed newer firmware to any of their basic zigbee sensors? There were always plenty of updates to the hub itself, but it doesn’t seem to explicitly update firmware for the sensors themselves.
One of the main reasons people buy the more expensive Hue bulbs is the device support - they are generally incredibly stable and get frequent updates. But because they’re the most popular, they’re most likely to be targeted by criminals / intruders.
I use a mixture of xiaomi, tradfri and hue zigbee devices connected to a conbee 2 running deconz, all running on an asus tinkerboard. My setup is relatively unique for my locale so I’m not particularly concerned about drive-by zigbee hijackings (I’m far more likely to be infiltrated over the web due to some hilarious weakness in my own wonky HASSIO setup).
I have only one aquara, but 1 is enough. I don’t have faith most of these vendors of cheaper devices will do much if anything to secure through firmware. This vulnerability just made a whole lot of devices much less tasty to me.
Oh right, well deconz definitely supports Ota updating of firmware for ikea tradfri devices, and some other manufacturers too, but unfortunately I believe the hue update files are signed or protected in some way? Haven’t looked into it much
No Aquara nor mija device is detected as being able to use OTA.
That’s not entirely correct, when I connected an Aqara Power Plug to my Z2M gateway, it immediately suggested OTA FW update, which I did successfully.
But when I later connected second hand Aqara Motion sensor, no update dialog exists. So some work, other don’t.