An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#41743 - 09/15/16 11:35 AM Do I have Network Security Paranoia?
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
I have implemented the use of a single, WiFi smart electrical plug which can be turned On / Off through an iPhone app, downloaded from the iOS App Store.

The smart plug was purchased through Amazon Prime and is a ToFuture WiFi Smart Plug Socket Outlet ($19.99). [I would have felt more at ease using a  Home Kit compatible product; but this ToFuture product was so cheap, I thought I'd use it as a beta test.]

The hardware is a China manufacture, but the product box didn't provide any typical, manufacturer logos other than the iOS app's logo on the User Manual. ToFuture was the seller and has good profile on Amazon. The corresponding iOS app ships under the name of "UCsmart Home" - developer being Ping Kwong Yip - but, no reference to anything corresponding to the hardware other than the iOS app's name (v1.1.0) & app icon.

I setup the smart plug on 9/14/16; and as of this writing (about 24 hours later), it's working very well.

So, what's my concern?

My home network, which is governed by my 4th Gen Airport Extreme, is a WPA/WPA2 hidden network. My Network normally requires the Network name and password, which both are very unique, be entered into the wireless device before the wireless device can see & get onto the Network. And since I'm using WPA/WPA2, I additionally have to enter the wireless device's MAC address into the AE Utility.

The product set-up, all done within the iOS app, was 2 steps...

First, the iOS app requested a "registration" that was completed by either entering the iPhone's number, or an email address, along with a created password. [I used my Mac Dot Com email as well as a unique password - not used anywhere else on my Network.] ...When this step was completed (it was not evident where that information went - I assume it was stored as data within the iOS app), but the app began auto searching for my WiFi Network.

Secondly and to my chagrin shocked , my 2.4GHz WiFi Network was discovered without any Network name having to be entered. ...Well, as the iOS app had discovered my Network correctly, I was presented with a password entry and upon entering / submitting, the smart plug outlet connected to my WiFi Network (the outlet's On / Off button lit up). laugh ...Once this step was completed, the iOS app successively presented a screen that simply was visual On / Off button, which when pressed turns the plugged-in lamp On or Off. smile

As I subsequently began thinking about this quick and easy setup, meaning seeing my Network, I began wondering how did the unit discover my Network without any prior device details being entered into AE Utility. confused ...Moreover not having any prior experience with such a device, I'm now feeling a bit paranoid about whether this device might be compromising (somehow allowing inbound access - an ET call home scenario) my Network. tongue

Any thoughts about whether this smart plug may be sniffing?
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.15.6, iPhone X & iPadPro 11 WiFi, Watch4

Top
#41745 - 09/15/16 01:56 PM Re: Do I have Network Security Paranoia? [Re: pbGuy]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I am unfamiliar with the device you have or its manufacturer but since this is an iOS app you had to get it through Apple's App Store which means that it has been pretty thoroughly vetted by Apple for all possible security issues. That does not mean some previously undiscovered exploit could not get through the screening, it has happened at least once or twice. However when it has happened, the offending app was quickly removed from the App Store and a patch to iOS was almost immediately forthcoming to prevent anyone else from trying the exploit. So in all likelihood you are safe.

The app, of course, discovered your WiFi network because it "sees" the network connection on your iPhone/iPad. As to the controller device itself, since you had to link with the device in some manner in order to send the ID and password to it, and that process did not include a physical cord connection, I would assume it connected via Bluetooth. At least that is the way that was handled by all my various remote devices. The Phillips light control hub and August Lock required pushing a button on the device to confirm the initial pairing, but the Apple TVs, and Rachio sprinkler system did not, the controller and app simply detected each other and paired.

My oldest remote devices, Nest thermostats, required manually entering the network userid and password from the thermostat itself. I like the newer devices and apps a lot better, but not enough to buy new thermostats.
_________________________
joemikeb • moderator

Top
#41747 - 09/15/16 02:30 PM Re: Do I have Network Security Paranoia? [Re: joemikeb]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
Thanks for your reply, particularly about how the device / iOS app saw my Network. Seeing it through my iPhone makes sense. ...I feel more confident about letting the device remain in place, since it's working (presently) as I wanted.

One thing I've done in my AE, is to limit the device's access to the Network for specific hours of the day/night. This was mainly a test and during the period the smart plug has no access, it's power - connection light is Off (the iOS app showed the device offline). smile ...Once the device was again on the Network (and connection light back On), the iOS app saw it and made the On / Off screen available. cool ...That's mainly the AE's doing, but between it & the iOS app, it's nice to have this communication working smoothly.

For $20, I'm happy. ...So far.
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.15.6, iPhone X & iPadPro 11 WiFi, Watch4

Top
#41748 - 09/15/16 02:56 PM Re: Do I have Network Security Paranoia? [Re: pbGuy]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: pbGuy
For $20, I'm happy. ...So far.

I have looked at a lot of different devices and $20 is absolutely the least expensive I have seen, even for a single device. Is it Apple Home compatible? It would have the Apple Home logo on the box if it is. Apple Home devices have to have an Apple Home chip but supposedly they will all can be controlled through Apple's Home app. So far I have one device that is working through the Home app.
_________________________
joemikeb • moderator

Top
#41750 - 09/15/16 03:10 PM Re: Do I have Network Security Paranoia? [Re: joemikeb]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
Originally Posted By: joemikeb
... Is it Apple Home compatible? ...


No, it is not  Home Kit compatible.

The device's iOS app is for the iPhone, which I've not even attempted to install in my iPad.
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.15.6, iPhone X & iPadPro 11 WiFi, Watch4

Top
#41752 - 09/16/16 06:38 AM Re: Do I have Network Security Paranoia? [Re: pbGuy]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
Originally Posted By: pbGuy
...No, (ToFuture WiFi Smart Plug) is not  Home Kit compatible. ...


In the interest of further curiosity, testing and comparison, I've now ordered (from Amazon for $34.99) a "Koogeek Wi-Fi Smart Plug for Apple HomeKit with Siri Control Electronics Monitor Energy Consumption Indoor on 2.4GHz Network."

When it is set-up on my Network, using the iOS 10 Home app, I'll update about any noticeable differences (other than price) between this product and the ToFuture (UCsmart Home) smart plug.
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.15.6, iPhone X & iPadPro 11 WiFi, Watch4

Top
#41900 - 09/23/16 06:38 AM Re: Do I have Network Security Paranoia? [Re: pbGuy]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
Originally Posted By: pbGuy
... I've now ordered (from Amazon for $34.99) a "Koogeek Wi-Fi Smart Plug for Apple HomeKit with Siri Control Electronics Monitor Energy Consumption Indoor on 2.4GHz Network."
...I'll update about any noticeable differences...


I've now used both the ToFuture WiFi & Koogeek WiFi Smart Plugs enough to provide some initial impressions. ...joemikeb started a Thread, about Home Kit, in the Lounge; so if one is interested in my comments about the WiFi outlets mentioned above, please go to this Thread on home kit compatible products
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.15.6, iPhone X & iPadPro 11 WiFi, Watch4

Top

Moderator:  alternaut, dianne, MacManiac