Announcement

**sirmeili** · December 17, 2018, 02:10 PM

Small update:

I can connect to the hub again and I am getting updates, but so far I have not been able to get a response to my messages. I think I'm missing something. On my phone, it all the outgoing communication is encrypted so I can't see what the phone is sending, only what is being returned back which makes it hard. It appears to be similar to the old way, but I can't be sure until I can find a way to see the messages going out.

I've decompiled the APK, but it will take time for me to look through it all.

**joegr** · December 17, 2018, 02:23 PM

There's some hope here. From the logitech forum:

Hi folks.

Will from the Harmony Team here. Just wanted to let you know we are aware of the feedback from the community. We will be providing an update shortly.

Thanks for your patience.

**harshl** · December 17, 2018, 02:33 PM

Originally posted by rprade View Post

See post 22 above, which contains a link in Frank's quote to another thread with instructions.

Thanks, sorry, seeing every other post on my phone. 🙂

**sirmeili** · December 17, 2018, 02:44 PM

Originally posted by joegr View Post

There's some hope here. From the logitech forum:

Hi folks.

Will from the Harmony Team here. Just wanted to let you know we are aware of the feedback from the community. We will be providing an update shortly.

Thanks for your patience.

Where did you see this from? Just curious so I can hopefully join the conversation.

**kenm** · December 17, 2018, 02:50 PM

Originally posted by sirmeili View Post

Where did you see this from? Just curious so I can hopefully join the conversation.

Great to see some kind of response. In fairness to Logitech, they got called out earlier in the year by Fireeye for having serious security flaws in the Harmony Hub.

https://www.fireeye.com/blog/threat-...-security.html

Ken

**sirmeili** · December 17, 2018, 02:57 PM

Originally posted by sirmeili View Post

Can you please link to the Reddit post about this?

Sent from my Pixel 2 XL using Tapatalk

I have found the post on the logitech forums and have voiced my concerns, I suggest others do the same:

https://community.logitech.com/s/que...ked-api-access

**joegr** · December 17, 2018, 02:57 PM

Originally posted by sirmeili View Post

Where did you see this from? Just curious so I can hopefully join the conversation.

https://community.logitech.com/s/que...ked-api-access

**sirmeili** · December 17, 2018, 03:05 PM

Originally posted by kenm View Post

Great to see some kind of response. In fairness to Logitech, they got called out earlier in the year by Fireeye for having serious security flaws in the Harmony Hub.

https://www.fireeye.com/blog/threat-...-security.html

Ken

And none of the things they found were in relation to access to the API access that everyone was using. Also note that all they have to do is open up the WebSocket API, tell developers how to authenticate, and let users determine if they want to give their credentials to a third party to integrate with other systems.

Like many companies these days, they can't conceive of integration into 3rd party systems that they don't have a say in. Its amazing they don't follow the method of Philips Hue.

**alphatech** · December 17, 2018, 04:35 PM

@rprade I'm just now installing the Unifi router today so no familiar with it yet. COuld you please share more screens, for some reason mine is not working. Are you suing the WAN out tab?

**randy** · December 17, 2018, 05:28 PM

Go to Settings>Routing & Firewall

Then select Groups and create a new group. Here I called it Hubs. Then add the IP addresses for your hubs and save

Then create a new WAN_OUT rule to drop all protocols and assign the Hubs group to it at the bottom. All the default settings should be fine. Save it and it will provision out to the USG in a few seconds. This will prevent the hubs from calling home, but they will still be reachable on your local network for the plug-in.

**alphatech** · December 17, 2018, 05:48 PM

Thank you, the only thing that is still unclear to me is which tab you are using to put the rule in.

Attached Files

**kenm** · December 17, 2018, 05:59 PM

WAN_OUT - You want to block the hubs from getting to the internet.

**randy** · December 17, 2018, 06:11 PM

Originally posted by kenm View Post

WAN_OUT - You want to block the hubs from getting to the internet.

Thanks, I should have made that clear. I added screenshots to the post.

**kenm** · December 17, 2018, 06:11 PM

Originally posted by sirmeili View Post

And none of the things they found were in relation to access to the API access that everyone was using. Also note that all they have to do is open up the WebSocket API, tell developers how to authenticate, and let users determine if they want to give their credentials to a third party to integrate with other systems.

Like many companies these days, they can't conceive of integration into 3rd party systems that they don't have a say in. Its amazing they don't follow the method of Philips Hue.

No argument there. I just know that when a single security issue is found the level of scrutiny on a product goes through the roof.

**alphatech** · December 17, 2018, 06:53 PM

If I put the rule on Wan out, the plugin get disconnected. Not sure what I'm doing wrong then.

Sent from my SM-G935V using Tapatalk

Announcement

ALERT !!! Harmony Hub firmware v4.15.206 breaks/removes local network control.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment