System access history

[Shaz]

Hi all

 

We have a recently installed C4 system. Installation is approx 80% complete, but we have moved in and living in our newly built home. We have a concern that someone has accessed the system (could be the installer) remotely during a specific time period. The installer does not have permission for remote access to cameras, lighting etc. How do we access the history/audit trail of log-in/access. We have the specific time period in question, so this may help. 

[thegreatheed]

If you have the allow remote access option un-checked in your customer.control4.com account, they cannot access through Control4. 

[Cyknight]

There's no specific history log available that I know of.

You CAN see who has access to the interface under your customer account (listing devices/users), but that would no include composer remote log in.

That can be blocked all or nothing from your account as well, but not by specific users.

 

Note that if a dealer connects remotely using composer, that does not allow access to live camera images, that's a hard block in composer not allowing that. Recordings aren't viewable in composer at all.

 

[Jack_Ckun]

1 hour ago, Cyknight said:

There's no specific history log available that I know of.

You CAN see who has access to the interface under your customer account (listing devices/users), but that would no include composer remote log in.

That can be blocked all or nothing from your account as well, but not by specific users.

 

Note that if a dealer connects remotely using composer, that does not allow access to live camera images, that's a hard block in composer not allowing that. Recordings aren't viewable in composer at all.

if they use the Camera Compatibility driver for an unsupported you can see live feed in composer.

 

[RAV]

Four ways to access a system:

1. composer remote access controlled in your my.control4.com account.

2. portable device access with 4sight, also controlled in your my.control4.com account under devices.

3. WiFi, in range of the access points.

4. VPN through the router or support hardware.

Be informed and discuss with your dealer. Besides Control4 there's also camera software and support system access possible.

[Cyknight]

2 hours ago, jackstiffer said:

if they use the Camera Compatibility driver for an unsupported you can see live feed in composer.

 

You can see any camera in composer - but only locally.

[Shaz]

On 6/5/2019 at 9:25 PM, RAV said:

Four ways to access a system:

1. composer remote access controlled in your my.control4.com account.

2. portable device access with 4sight, also controlled in your my.control4.com account under devices.

3. WiFi, in range of the access points.

4. VPN through the router or support hardware.

Be informed and discuss with your dealer. Besides Control4 there's also camera software and support system access possible.

Unfortunately it is our dealer who we suspect has logged in. How do we find out if he did conduct a remote log in without our permission?

[RAV]

Very hard to find out if he remoted in.

If it was, shall we say, 'lawsuit worthy', then speak with Control4.

If you unchecked access remotely, and his devices are NOT listed in your my.control4. com account, then he didn't access through Control4's VPN service, assuming you had changed your my.control4.com password, cause in theory, he could 'let himself in' by changing the settings.

Depending on your network equipment, there should be logs for it's VPN or WiFi access logs, mac address last seen etc, in the router and such. You'd need a knowledgeable person and passwords for the router etc to review.

[mstafford388]

There is actually project change log buried in the directories of the director.  Would only let you know if someone made changes though.  As long as you had allow remote access checked in your customer portal you did actually give him permission though.  If something malicious was done you should contact Control4 directly though as others have said.  

[Crustyloafer]

1 hour ago, mstafford388 said:

As long as you had allow remote access checked in your customer portal you did actually give him permission though. If something malicious was done you should contact Control4 directly though as others have said.  

Pretty much my thoughts too. If you have the access permissions box ticked (see screenshot below) under 'My Account' on customer.control4.com website then I regard that as giving permission for them to access the system whenever deemed necessary unless you have some other written and signed contract stating otherwise.

https://www.dropbox.com/s/1j948i8oasc6ems/Screenshot 2019-06-10 18.04.55.png?dl=0

I access my client's system's all the time remotely without consulting them first. Usually for maintentance or servicing purposes such as updating drivers or improving the programming of a particular function and they are usually very grateful for the proactive approach I take to giving them the best experience possible on an ongoing basis.

Obviously if something malicious had been done or access was made at an unsociable hour and caused unwanted lighting, audio or video to operate in a room then that should at first be taken up with the dealer themselves and if you are unhappy with their response/attitude then a discussion could be had with Control4 if deemed necessary.

If you say the installation is not actually completed yet, then there is a good chance the dealer is just trying to get the remaining programming completed in their own time in order to push the project forward and ensure they are not going to be the ones delaying anything.

Bottom line is, going back to my first sentence, is that unless you untick the permissions box on customer.control4.com, then they should be allowed to access for legitimate reasons. If you don't want them accessing it then untick the box when you don't want them getting in and then tick it again when you do.

[blub]

If the project is not completed yet, what's the issue with the dealer working remotely?

[Cyknight]

Here's where the big question can only be, what do you think happened? Camera use? Again not possible via composer, maybe using app credentials, easiest is a camera NVR was setup.

Accessing the house, stealing? Not impossible as such.

Messing with the system? Again, possible as such.

I will say, there are easier ways to break into a house than accessing your control4 system, let alone hack into a control4 system...

 

But if that is what you suspect, as mentioned above, you should make contact immediately with Control4 and get them involved.

Logs are available from the main controller and most sub controllers via \\[ip address]\logs

They may or may not show remote access login or not, never really looked, but it's possible -  and it would at least show what commands were used when.

Not an easy way to look for things, and logs don't go all that far back in time, so you'd have to catch them quickly after the event (as in, probably 24 hours tops).

C4 may have other options to look into however, such as their own server logs for remote connections, but only they can answer that for sure.

[Crustyloafer]

Beyond accessing the system itself, you do not say what specifically it is you are accusing the dealer of doing, care to elaborate?

 

[Shaz]

16 hours ago, mstafford388 said:

There is actually project change log buried in the directories of the director.  Would only let you know if someone made changes though.  As long as you had allow remote access checked in your customer portal you did actually give him permission though.  If something malicious was done you should contact Control4 directly though as others have said.  

Access is granted for the dealer as he is still busy with finalizing the system. My issue is that the system may have been accessed after hours ( Saturday afternoon and evening) without our knowledge. We had strange issues with lights being turned off and on-only in rooms we were currently in and televisions being turned off and on with no touching of the touchscreens or remotes. Hence my need for access logs (camera/system) to determine what exactly what happened.

[Crustyloafer]

Why don't you just ask the dealer directly? If they have been accessing the system outside of normal working hours and you would prefer them not to then just say so.

It's not conducive to a good dealer/client relationship if before the install has even been completed you don't feel you can discuss this with them face to face before resorting to trying to find evidence through other channels.

 

[South Africa C4 user]

1 hour ago, Crustyloafer said:

Why don't you just ask the dealer directly? If they have been accessing the system outside of normal working hours and you would prefer them not to then just say so.

It's not conducive to a good dealer/client relationship if before the install has even been completed you don't feel you can discuss this with them face to face before resorting to trying to find evidence through other channels.

 

[mstafford388]

3 hours ago, Shaz said:

Access is granted for the dealer as he is still busy with finalizing the system. My issue is that the system may have been accessed after hours ( Saturday afternoon and evening) without our knowledge. We had strange issues with lights being turned off and on-only in rooms we were currently in and televisions being turned off and on with no touching of the touchscreens or remotes. Hence my need for access logs (camera/system) to determine what exactly what happened.

Lights will do that after a firmware update as well, which is very possible since they were finalizing the system.  If you have a lot of lighting in your project that update process could take hours.  I'm with everyone else, you should talk to you dealer.  There is likely a pretty simple explanation for this.  

[crazybuppie]

3 hours ago, Crustyloafer said:

Why don't you just ask the dealer directly? If they have been accessing the system outside of normal working hours and you would prefer them not to then just say so.

It's not conducive to a good dealer/client relationship if before the install has even been completed you don't feel you can discuss this with them face to face before resorting to trying to find evidence through other channels.

 

100% this. Talk to them about it before presuming there was malicious intent. If the project was not finished, perhaps their programmer was working over the weekend. They may not have realized that it was affecting your home in such a noticeable way. 

 

[RAV]

The lights could be just firmware updates, they do that, normal.

The TVs could have been CEC command issues, embedded control that never works right and should be turned off in menus.

May have been no access at all.

You won't know, until you discuss with your dealer.

[Cyknight]

10 hours ago, Shaz said:

We had strange issues with lights being turned off and on-only in rooms we were currently in and televisions being turned off and on with no touching of the touchscreens or remotes.

Most common cause, wake-up scenes being active.

Second, the mentioned CEC for TVs and firmware updates on lighting.

10 hours ago, Shaz said:

the system may have been accessed after hours ( Saturday afternoon and evening)

Those are after hours? After what, after finishing the other work being done that day, or am I missing something

[blub]

Access is granted for the dealer as he is still busy with finalizing the system. My issue is that the system may have been accessed after hours ( Saturday afternoon and evening) without our knowledge. We had strange issues with lights being turned off and on-only in rooms we were currently in and televisions being turned off and on with no touching of the touchscreens or remotes. Hence my need for access logs (camera/system) to determine what exactly what happened.

Besides, as mentioned above, it could have been pending update which took longer than anticipated I would just ask the dealer if it was him and then ask him to try to avoid it - since the system isn't finalized yet I wouldn't make a fuzz about

[Neo1738]

Agree I wouldn't put the cart before the horse either. A simple email, call, or txt could probably solve the problem without thinking they are up to something nefarious or messing with you after hours. May even ask them to notify you if going to access and see if it's a good time. If you don't approve they don't access. 

[Crustyloafer]

It's all gone strangely quiet on this one.