03-27-2017 12:45 PM
I'm considering buying the Belkin WeMo Switch to control some computers in the house. But I need some questions answered first, pre-purchase inquiries.
First off.. security. I've read in previous threads in the forums here that there is no security what so ever for WeMo devices. No passwords to be assigned for them what so ever to prevent other people from controlling them. Has that changed with recent firmware updates? Do the WeMo Switch devices allow us to set passwords on them yet? Or is this still not possible today in 2017?
Secondly: Offline Use.
I was considering (if we can't set passwords on it) to set up a wemo-only wifi access point that does -NOT- have internet access and just control them at home with an old android phone. Is this possible? Or do the wemo devices absoultely have to have an internet connection to function?
03-27-2017 01:01 PM
The wemos are secure outside of your network - as much as you trust the security of the belkin cloud anway.
Inside your network they are not, so set up a guest network for visitors or isolate a network for the wemos.
Yes you can run them without allowing them outside access, but if you want to add rules that are based on timers or sunrise/sunset times you'll need an after market app 'cause the wemo internal timers will drift.
03-27-2017 01:04 PM
Hrmmm.. you didn't say yes or no about being able to put a password in each switch, and sort of avoided my question.
If I allow a visitor here to use my home network and in to my wifi, can I put a password on my WeMo devices so they can't access the devices? Do the WeMo devices support -ANY- sort of protection from unauthorized use at all?
03-27-2017 01:25 PM
I did answer the question - there is NO local security - not passwords nor account protection. Nothing other than your wifi encryption.
Many newer home automation devices have dispensed with local passwords and focus on online (cloud) accounts instead. The password isn't relevant - it doesn't provide much protection. If someone is inside your home with physical access to your wemos all they need to do is reset and reconfigure (the same is true with most any local device). As I said - isolate the visitor or your wemos on a separate network. If you're really worried about security you should have a separate guest network for visitors anyway whether or not you buy any wemos. And of course don't expose your wemos to the internet, keep them behind your firewall.
My pedantic nature would have me say "Yes, there is a password in each switch - your wifi password!". But I was able to control myself . Oops, until just now!
03-27-2017 03:59 PM
Thank you for your reply.. I've read in an older forum thread on these forums that the samsung devices at least allow us to password-protect our home automation devices. I had hoped something would of changed over the years by 2017... but sadly it seems Belkin still hasn't woken up to allow this basic feature. So I guess I won't be buying Belkin's things.
03-27-2017 04:44 PM
If you are prepared to let people access your nerwork (not using a Guest network) I would have thought that the fact that they can switch a WeMo on and off should be the least of your concerns.
03-27-2017 05:08 PM
Please let us know what you pick. What I've seen is that most devices that collect passwords now-a-days are doing so to control remote access into and via their "IoT" clouds, not to control local access.
Certainly there would be a small benefit to a local password if the devices were physically locked down. But without encryption and strong passwords it's somewhat of a placebo (as many people who put their security cameras online have discovered - or not!). Arguably the safest would be to prevent local access completely (and many are heading in that direction), but to me pure (or in fact any) cloud access from a proprietary cloud is a very bad thing for security and privacy.
In fact belkin does have security and accounts for the wemos back into their cloud. They hide it for usability/simplicity, but it's there. I wouldn't call it a huge success as it caused them other headaches, but it's certainly possible to prevent outsiders from controlling your devices remotely after they leave your wifi network.
But I have to say I'm surprised that you're willing to allow guests onto your private network. You'll find that very few if any of the automation devices support SSL, so anyone on the private network will be able to snoop for passwords anyway.
03-27-2017 05:33 PM - edited 03-27-2017 05:34 PM
What I think all of you are aware of is our living sitiation here. I live in a home with 3 bedrooms, and we have two couples in the other 2 rooms, and me and my friend in my room in our house. Everyone shares the same wifi because we split the bill amung all of us, and I have my computers and my devices and they all have their own. I was looking for a way to turn my computer on and off while away from home, so I could access it remotely. But not let anyone else in the house turn on my computer when I'm not there. (The doors to each rooms lock and no one has physical access to the other people's stuff/room.) In our situation other folks in the house could turn on my computers when I'm not home with Belkin WeMo. I'm sure there are other people in similar situations. Lots of families are moving back home to live with either other sibblings or parents these days, it's a growing trend. In our situation Belkin is not an option. I don't know what I'll choose but it's definitely -NOT- Belkin, I know that now.
03-27-2017 05:52 PM - edited 03-27-2017 05:52 PM
My ASUS router allows for three 2.4 and two 5Ghz Guest networks in addition to the primary 2.4 and 5. These guest networks can be setup to only allow connectivity to internet and nothing else local.
03-27-2017 06:56 PM
Hopefully in that kind of environment everyone has their computer locked down a lot tighter than relying on it being off. If someone wanted it on there's always WOL ('cause you're on the same network). Or they'd simply wait till you turn it on yourself and break in through your local network connection.
If you're really serious, set up a separate router as a bridged subnet off of the shared router. Configure the firewall to shut everything else out. Run an SSH server on it with certificate (rather than password) authentication. Hook your IoT device and your PC to the separate subnet and you'll be much, much safer than a simple password on a remote switch.