Jump to content
c4forums | The Control4 Community

Smart Home networks are easy to hack


Recommended Posts

I recently read an article published by a company called Simius on How to Prevent your smart home from being Hacked. I read about it and actually used their product to scan my network and it should a password breach and I had to update my firmware. I want my home smart home experience and still feel safe because i cannot be connecting them to a vlan for the sake of security when I to check in on my loved ones remotely while I am away.

How to Prevent your Smart Home from being Hacked – An Expert Opinion. | Simius AI

Link to comment
Share on other sites


simius ai

Every single related google hit is advertising for their product, via links to the webiste, or social media. Only exception is an AVS forum post that is a direct copy of OP.

Sigh.

Link to comment
Share on other sites

Just now, chiuu said:

Okay Guys. But did you all get the message these devices are easy to hack ? Whether simius or any other company ?

but that is like saying cars are easy to crash.....not all smart home devices are created the same and you don't understand the security model of Control4 at all...

Link to comment
Share on other sites

Tell me what is the security model for control4 please enlighten me compared to the rest. I do not know, anything that is connected to internet which is a public domain can be penetrated, now you have devices with literally at one port connected directly to the internet. Internet of things don’t you see the new danger coming. I am not well versed in control4 please break it down to me.

Link to comment
Share on other sites

Just now, chiuu said:

Tell me what is the security model for control4 please enlighten me compared to the rest. I do not know, anything that is connected to internet which is a public domain can be penetrated, now you have devices with literally at one port connected directly to the internet. Internet of things don’t you see the new danger coming. I am not well versed in control4 please break it down to me.

Nah I'm good. I don't gain anything with what it would actually take to explain it...but you shouldn't sell a product based on fear uncertainty and doubt

Link to comment
Share on other sites

Fear , uncertainty and doubt , have you read up countless stories of smart devices being hacked also I have a background in computer engineering and I wrote a piece about this in my operating systems class years ago about these things. You know anything  that is connected to the internet and has a signal can be breached by scrambling it, bluetooth, self driving cars, if you can remotely unlock your door best believe someone else can do the same. It is not uncertainty. It is a Fact! Your point about  cars being easy to crash, I am lost 😠. What makes control4 different. Think about it Facebook had 534 million breaches recently now those passwords were leaked and  a lot of times people do not know and they use the same passwords to log into their devices. Does control4 check to see where things are being logged in from ? 

Link to comment
Share on other sites

14 minutes ago, chiuu said:

Tell me what is the security model for control4 please enlighten me compared to the rest. I do not know, anything that is connected to internet which is a public domain can be penetrated, now you have devices with literally at one port connected directly to the internet. Internet of things don’t you see the new danger coming. I am not well versed in control4 please break it down to me.

He can't tell you.  In fact nobody here can.  Control4 has multiple patents on their security technology and unless you've worked on it you don't know the ins and outs.  While nothing on the internet is "unhackable" I've never heard of someone's system getting compromised, and you can't really find any evidence of it happening if you do a google search.  However if you google something like ring doorbell hack you'll see loads and loads of stories.  So while their security may not be perfect, because nobody's is, it seems to be really good, and certainly much better than your run of the mill smart device. 

Link to comment
Share on other sites

45 minutes ago, chiuu said:

Fear and uncertainty and doubt , have you read up countless stories of smart devices being hacked also I have a background in computer engineering and I wrote a piece about this in operating systems class years ago about these things. You know not just connected to the internet, but anything that has a signal can be breached by scrambling it, bluetooth, self driving cars, if you can remotely unlock your door best believe someone else can do the same. It is not uncertainty. It is a Fact! Your point about a cars are easy to crash, I am lost 😠. What makes control4 different. Think about it Facebook had 534 million breaches recently now that same password is that was leaked a lot of times people do not know and they use the same password to log into your device. Does control4 check to see where things are being logged in from ? 

Oh stop selling the crappy product already.

Link to comment
Share on other sites

How many control4 systems have your scanned for $29.99 a month? you should be able to tell us the security vulnerabilities then...but with your "impressive" #'s 7,000 scans across 1.400 systems you don't have any to show....

Link to comment
Share on other sites

40 minutes ago, msgreenf said:

How many control4 systems have your scanned for $29.99 a month? you should be able to tell us the security vulnerabilities then...but with your "impressive" #'s 7,000 scans across 1.400 systems you don't have any to show....

Alright why don't you scan your network I think there is a free scan and give feedback ? if you think it is a crappy product put it to the test.

Link to comment
Share on other sites

2 minutes ago, chiuu said:

Alright why don't you scan your network I think there is a free scan and give feedback ? if you think it is a crappy product put it to the test.

that would mean i have to give you oauth to my google account and trust you with access to my data.  Please detail your security posture so i can make that decision....

Link to comment
Share on other sites

Alright , We do not use your data for anything. 

We practice minimum required data collection.

Your email is collected via google for communication purposes about scan updates and results.

your IP address is collected to actually scan your home.

Your scan data is only accessible by you the user.

Only the highest admin can access that data and there is only one person in the world that can do it, not even the developers or executives.

Also your card information is processed by a third party service stripe or PayPal , all they do is send us the money. We do not have access to that, those financial institutions do.

Your data is always encrypted before it is transferred.

And if you want to delete your data you can go ahead and do that, you are in full control of that information.

Link to comment
Share on other sites

Your website is very unclear what do you do? A uncredementialed vuln scan on my Router from the internet? Do you have agent that runs inside my network? Are you using nessus white label to look for vulns? 

Link to comment
Share on other sites

Imagine this, someone is standing right outside your door 🚪 and checking all the time if there are vulnerabilities and then we tell you there is hole, you need to patch this by updating the firmware. We do not run inside we only scan when you want the scan to happen on by the schedule if it is weekly or bi-weekly. It shows you results and if there vulnerabilities, it shows you how to fix it. Such as change your password it has been leaked or update your firmware or router. That super inside out scans like the agents that run inside your network no. We give you the same enterprise-grade scans and no we are not using Nessus white label to scan your network but we keep up to date with the latest threats and vulnerabilities from the CVE database, sometimes when this manufacturers get to the consumers it is too late.

 

check the under the hood section.

Link to comment
Share on other sites

Like I said you have a free scan. We scan multiple devices everything at once not one device and it does not ask for your card before you do your free scan. You can use it and give your feedback you have a free scan. How much do cyber security companies charge corporations to do these exact same scans $10K or more we figure we will give the exact same tools to the everyone for about $10 or more. $30/month is if you choose the chronos which gives you weekly scans and four on demand scans. The other one is theia you get 2 bi-weekly scans with the router scans and 2 on-demand scans but the theia is the free scan  . Everything is scanned.

Link to comment
Share on other sites

That not really true. Most companies run agents or scan engines that run inside their network and it's not a front door non credentialed check. They are deep credentialed scans. 

Link to comment
Share on other sites

Well there are lots of articles that has been written on our blogs. How to do a $10K network security scan for $10

For us to do that super deep scan, it means a lot of things would be broken and consumers are not ready for that yet. That is that inside out scan. The regular scans and checks for all types of vulnerabilities are done we check to see if there is a  hole that a hacker can get in and tell you to fix it. An example is your password breach, that means a hacker can use that leaked password from another platform like Facebook with 534million users to enter your home network. During beta testing there was a customer that their network was scanned and it found two vulnerabilities- Deep information Probe and Operating system information probe.

 

I am enjoying our discussion because I would be able to get great feedback and improve the product from your perspective.
I am looking forward to your first free scan to learn.

Link to comment
Share on other sites

On 5/22/2021 at 3:08 PM, chiuu said:

I recently read an article published by a company called Simius

 

44 minutes ago, chiuu said:

Like I said you have a free scan. We scan multiple devices everything at once not one device

 

32 minutes ago, chiuu said:

Well there are lots of articles that has been written on our blogs.

 

33 minutes ago, chiuu said:

For us to do that super deep scan,

So you start as trying to post as if you're a user, then you go and finally break and admit that you are part of the company.

So yeah, you have ZERO credibility. As does the company that doesn't have a single review online on their product, let alone a neutral party comparison test.

First impression (1st post) - SCAMware.

Second impression (next 2-3 posts), still SCAMware

Third impression (where you're asking us to trust doing a free scan), 100% SCAMware - EVERY piece of adware/malware and scamware does the 'just try our product for free'.

I'm 100% sure that free scan is going to show me a bunch of vulnerabilities - non of which will be true.

38 minutes ago, chiuu said:

An example is your password breach, that means a hacker can use that leaked password from another platform like Facebook with 534million users to enter your home network.

Oh wow, you're telling me that if I use the same network everywhere there's a risk when one location gets breached, multiples will be. Absolutely genius!

Apart from the fact that a network scan has absolutely nothing to do with that, except of course to try and attempt to get a local device's password and try and use it elsewhere....

 

Seriously, stop selling your crap.

Link to comment
Share on other sites

Please take your hostility somewhere else, that is your opinion  and that comes from your view of the world. If you want to use it, use it, if you do not fine by me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...