You are now behind their firewall.
If you are a hacker and you manage to get into a factory in China or Taiwan or wherever that is making these; you swap out the base firmware with one of your own that dials home. You are now behind the firewall of all customers.
Just some random thoughts before bed.
Without firewall: Here's direct access to everything on my network.
With firewall: Oh no, you can hack all my smart lightbulbs and change their colours.
This kind of thing is exactly you need firewalls for. Without a firewall this could pose a serious threat, with a firewall it's probably a good practical joke at best.
Somewhere we decided to accept crap system and device security as normal because oh we'll just firewall it. That was never a good idea but the more cloud connected things we deploy it becomes completely untenable.
Large corporate networks are already hostile territory due to BYOD. The only way to maintain the firewall as anything other than security theater is to lock everything down so much that nobody can get anything done.
The whole approach is braindead. We don't see how stupid it is because it's grandfathered in.
EDIT: My simple solution (the one I had in mind) is to make a firewall box - a cheap linksys router with custom firmware can be set up to act as a switch but will also follow iptables rules. This serves the same sort of purpose as a hardware firewall in the middle of a corporate network but at lower performance. Bulbs connect to switch/WAP outside of firewall, hosts connect inside it. Everything behind it is then restricted from accessing the bulbs or viceversa.
P.S. 'Network security' is just a specific case of risk management.
It's that latter group which really needs to hear the truth that they should invest in endpoint security instead unless they have a high security threat and enough resources to do both.
It's the biggest reason why I'm skeptical about all things IoT: too much "cloud" without an SLA or any guarantee of longevity on the service side.
I personally haven't really thought about getting a IoT light bulb, but I would imagine you would program them to turn on when sun goes down, that shouldn't need direct connectivity and the bulbs can't tracks your phone moving aruond the house (or at least I doubt they can), so you either have to turn them on with your phone as you move along or just flip the switch or install actual movement sensors.
I'm probably completely missing the point of smart light bulbs, maybe you have actual use cases?
At most, as a belt-and-braces security measure, you might want a system-wide prohibition preventing programs from listening on non-localhost (with exceptions for intentional servers, which should almost never happen on a client system). But that prohibition should primarily exist to catch programs misconfigured to listen on non-localhost, rather than leaving those programs running and just using a firewall to block them.
But these light bulbs _are_ servers. With IoT, everything becomes a server. Your home system will have to be able to query your couch and your smart watch whether someone still is there and awake, and control the tv, the lights, the curtains, your fridge/microwave/phone (to call emergency services, if needed) accordingly.
(In the wild, things are less well though through...)
Sounds comical, but turning up a few million fridge or aircon thermostats would cause serious load issues on most local and/or national power grids.
Some of these will have to poll fairly frequently. For example, users expect lights to go on the moment they flip a switch, not 0.1 seconds later.
Possible? Yes, but taking duty cycle into account, that 5W lightbulb may use more power while switched off than while switched on.
* WiFi direct
* Setup over Bluetooth
* Device broadcasts for autoconfig, get settings from a gateway or local master node.
* Static configuration entered in the IoT gateway based on
the physical port the device is plugged into.
* Dip switches
* Initial configuration needs to plug into a PC via USB or serial port and a custom windows program.
* Cryptic sequence entered via IRDA remote control.
I disagree. Firewalls fail closed under user error. The solution you proposed (we'll call it conscientious-wall) fails open under user error. That's to say, once a firewall is set up it will protect me from outside intruders unless I specifically tell it not to. A "conscientious-wall" will not protect me from outside intruders unless I specifically remember to apply it whenever I install an application or download a software update.
I'm still firmly in the camp of having at least an inbound firewall on every machine.
I didn't down vote your comment or anything; but I think the general idea is to add to the conversation. Short quips generally turn gray... the rest of the thread under mine is mostly discussions of security options/concerns in regards to firewalls and networks.
They have the same issue as these in that white and RGB are seperate modes (so you can't control the saturation), but other than that they work fine and don't have any cloud "features".
The protocol of the bridge / app has been reverse engineered, and there are various libraries on GitHub:
Having a separate wifi network (and separate VLAN for wired) IoT devices sounds like a good idea, and is something that I'll be doing this weekend...
(Also will port-scan the MiLight bridge to see if it's got any other interesting services on it)
You can also remove the wifi part, and communicate with the bridge via serial:
Guy with the macbook looks really grumpy.
Sadly, no surprises here about the internet of insecure things.
I used to run several internal networks, each with their own static external IP addresses, all mediated by pf on OpenBSD. There was a network for the kids, one for my wife and a couple for me. That was so much work and my wife always teased me that my machines always had better quality of service so I've gotten lazy and don't enforce security in the internal networks like I should--I'm even thinking about putting in a Ring doorbell.
I now see two distinct kinds of lighting: task and ambient. For task lighting, I still want fast manual control, for which dumb bulbs are fine. But for ambient lighting, I want it to be almost entirely automatic.
In the morning, my lights gradually come on, starting very dim and warm. In the middle of the day, they're bright and like daylight in color. In the evening, they slowly dim and shift toward red. They go out on their own about when I want to go to bed.
One good part is that I don't have to mess with lightswitches all the time. But the much more valuable part is that it helps me establish a strong diurnal body clock. I now wake up on time without an alarm, I get enough sleep, and my mood is more even.
One alternative would be to put the smarts in the switches, as early home automation had it. But my old wiring isn't compatible with that. And even if it were, that at best gets you brightness control, not color temperature control.
If anybody's curious, my code is here: https://github.com/wpietri/sunrise
For what it's worth, I avoided tying the lights to actual daylight hours. In winter I tend to get a bit gloomy, and so part of my goal was to make my brain think that it was never really winter. It seemed to help this winter, although it's hard to say for sure.
How are you liking your setup?