Hello,
I have several Xiaomi Aqara devices, namely in the form of sensors for temp/humidity/pressure and a few door/window sensors.
I saw an issue with Philip’s Hue come to light today, where the Zigbee protocol implementation is hi-jacked to allow for malware to be installed on the Hub.
It made me think of the various Zigbee devices I have. Does anyone know how I can update the firmware on these Aqara devices?
Regards,
Tom
I would also like to know if there is a way via deconz as I no longer use the official Xiaomi or Hue Hubs…but obvioulsy firmware needs to be updated.
Thanks
I haven’t looked into it recently but I don’t think Xiaomi has ever pushed newer firmware to any of their basic zigbee sensors? There were always plenty of updates to the hub itself, but it doesn’t seem to explicitly update firmware for the sensors themselves.
what about other zigbee devices connected to conbee/deconz?
Depends on the manufacturer.
One of the main reasons people buy the more expensive Hue bulbs is the device support - they are generally incredibly stable and get frequent updates. But because they’re the most popular, they’re most likely to be targeted by criminals / intruders.
I use a mixture of xiaomi, tradfri and hue zigbee devices connected to a conbee 2 running deconz, all running on an asus tinkerboard. My setup is relatively unique for my locale so I’m not particularly concerned about drive-by zigbee hijackings (I’m far more likely to be infiltrated over the web due to some hilarious weakness in my own wonky HASSIO setup).
i guess my direct question is…but possibly also a feature request for Deconz is… if we can get firmware ota updates?
I have only one aquara, but 1 is enough. I don’t have faith most of these vendors of cheaper devices will do much if anything to secure through firmware. This vulnerability just made a whole lot of devices much less tasty to me.
Oh right, well deconz definitely supports Ota updating of firmware for ikea tradfri devices, and some other manufacturers too, but unfortunately I believe the hue update files are signed or protected in some way? Haven’t looked into it much
hue update are possible but Philips does not provide a ota link / list like ikea did that. But the dudes out there grab some stuff with wireshark:
See here: https://github.com/dresden-elektronik/deconz-ota-plugin/issues/10
We can share our latest aqara fw’s here. Or?
So the main reason to update firmware is for security reasons? Important, but a risk I am ok with given my setup.
Does anyone have stories of updating the firmware on a zigbee device to get it to work better? More compatibility?
Hue added the ability to configure state after a power cycle event recently for example.
I can confirm that so far Hue smart plug, hue bulb, Osram Smart Plug and Osram Smart bulb all updated well with Home Assistant. No Aquara nor mija device is detected as being able to use OTA.
Does anbody is able to grab/sniff this firmware for the xiaomi / aqara LLKZMK11LM
I had no lumi gateway, if someone still own a lumi-gateway, this could be possible:
I have been trying to understand this too and so far my understanding is:
Here is an issue on github that talks about getting the ota files from some group (?) and potentally bricking devices (!)…
Curious if anyone finds out more
No Aquara nor mija device is detected as being able to use OTA.
That’s not entirely correct, when I connected an Aqara Power Plug to my Z2M gateway, it immediately suggested OTA FW update, which I did successfully.
But when I later connected second hand Aqara Motion sensor, no update dialog exists. So some work, other don’t.