Stacey on IoT | Internet of Things news and analysis

Internet of Things

  • Home
  • Analysis
  • Startups
  • How-To
  • News
  • Podcast
  • Events
  • About
  • Advertise
  • Speaking
    • Facebook
    • RSS
    • Twitter
    • YouTube

Insteon hubs use Telnet. Should you be concerned from a security perspective?

August 14, 2021 by Kevin C. Tofel 2 Comments

On our most recent IoT Podcast, Billy called in to our podcast hotline with a security question. He’s using an Insteon ISY99-4i Home Automation Controller along with Home Assistant to power his smart home. Since the Insteon controller uses Telnet for communications, Billy is wondering if he should be concerned from a security perspective.

Image courtesy Insteon

We’ve covered Telnet security exploits a number of times, for as long as we’ve done this podcast. And there’s a reason for that.

According to Beyond Security, Telnet security flaws are a “… low-risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve, or prone to being overlooked entirely.”

As a result, we tend to advocate not using Telnet in the smart home, mainly because there are more secure, modern communications protocols available. Along the same lines and for similar reasons, we’re not fans of older IP-based webcams. We’ve seen many exploits on these devices too, allowing for hackers to gain access to the camera and microphones in your home.

This doesn’t mean Billy has to rip out his older Insteon gear and replace it. In fact, I used the very same ISY99-4i controller that Billy uses when I set up my first smart home in 2010. I loved it!

But he should be aware that his security risk level is higher as long as he keeps using this gear. The good thing here is that Billy’s Insteon gear isn’t directly connected to the internet. However, any breach of his home network could lead to Telnet troubles.

It wouldn’t be a bad idea for Billy to modernize his smart home just to remove this potential threat vector. Personally, I’d consider migrating devices over to Home Assistant in this case, since he’s already using it, but it’s a personal choice.

Home Assistant Telnet settings

I decided a long time ago that I just don’t want any Telnet in my home if I can help it. But that’s my home and Billy’s home is his home. Additionally, I haven’t seen or read about any Telnet exploits in the smart home.

It really comes down to the question of: Do you want to keep taking the chance that a relatively insecure communications protocol doesn’t get exploited in the smart home?

Again, it’s Billy’s choice and it’s great that he has the awareness to ask about this concern. And to be fair, Home Assistant has optional Telnet support that users can enable, illustrating that the protocol is still desired and used in the smart home.

To hear Billy’s question in full, as well as our discussion on the topic, tune in to the IoT Podcast below:

 

Want the latest IoT news and analysis? Get my newsletter in your inbox every Friday.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Featured Tagged With: HomeBridge, Insteon, network security, smart home, Telnet

Sponsors



Become a sponsor

Subscribe to Blog via Email

Enter your email address to receive notifications of new posts by email.

Comments

  1. Robert Hafer says

    August 14, 2021 at 8:18 am

    It looks like the ISY994 uses telnet but the Insteon hub 245-222 does not. I use a 2314u PLM with third party software which I feel is very secure.

    Reply
  2. BillD says

    August 17, 2021 at 2:03 pm

    Wow. Talk about misplaced priorities. If a bad guy gets into one’s network having the intruder screw around with the lights is about as low on the list of concerns as there could be.

    A much larger IoT security issue is that of WiFi IoT gear. Phoning home and whatever else goes on. Run a pi-hole and see how even legitimate companies are trying to gather data. What are those unknown sellers of cheap devices trying to do?

    Meanwhile I’m fine with the imperfect, yet very low risk, security of my ultra reliable RadioRA 2 Telnet enabled lighting system.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IoT Podcast

Listen to the latest episode of the Internet of Things Podcast. Just press play!

Sponsors

Become a sponsor







Get Stacey’s free weekly Internet of Things newsletter

  • This field is for validation purposes and should be left unchanged.

Recent Comments

  • Brian Brown on Can’t hear that phone ring? Smart home to the rescue!
  • NateS on Need a smart switch without a neutral wire? Here are some options.
  • Chris Wood on Need a smart switch without a neutral wire? Here are some options.
  • Jack on Podcast: Making meaning from Matter product delays

Stacey on Twitter

Tweets by gigastacey
Copyright © 2023 SKT Labs, LLC · Privacy Policy