Security and Blynk with IFTTT

mroggi · February 21, 2017, 10:11am

Hi Blynkers,
after getting almost addicted with Blynk I have now a lot of devices online in Blynk in and around my house (irrigation system, stereo and projector via IRRemote, blinds, lights, etc). I have been experimenting with IFTTT and Google Home to build convenient user interfaces.

Looking at the protocol and the calls we use to manage Blynk it seems to me that security is becoming an important topic. What is your view on the securityy of Blynk services and what can I do to improve security against hackers controlling my home?

Also, IFTTT seems to be a quite risky service as it is only protected by a simple password phrase and allows full access to all my services, including Google account.

I was considering to install a local Blynk server and replace IFTTT with OpenHAB2. But then the Google Home integration becomes much harder.

Would be great to get your perspectives and how you have solved for this in your projects.

Dmitriy · February 21, 2017, 10:25am

Hello.

The best way would be to install local server. So all your traffic of hardware is in local network.

Why do you think so? Wouldn’t webhooks, api solve this?

Fettkeewl · February 21, 2017, 10:32am

I second the proposal for running a local server.

I will be blocking all my IoT devices from internet access thus allowing them only to communicate with my pc locally, running the blynk server which inturn is their “way out to the net”. This should keep my HW farely safe.

mroggi · February 21, 2017, 12:38pm

Thanks for your quick replies! I will definitely invest in a local server.

I am just unclear how I would do the integration with Google Home. At the moment I am using IFTTT, which requires an externally accessible web address (such as the cloud blynk server). if I am hosting internally I would need to open my network, which would again be a security issue.

Any ideas highly welcome how to integrate Google Home with local services.

Dmitriy · February 21, 2017, 12:49pm

You’ll need to open only specific port which could be isolated and secured.

mroggi · February 21, 2017, 1:23pm

Thanks Dmitriy, but than I would again have the possibility for someone to control my devices purely by the Blynk authentication code through the open port.

Can you decribe what you mean by isolation and securing it other than just open one port?

Thanks a ton!

Dmitriy · February 21, 2017, 2:56pm

You can do few hacks here :

You can allow access only from specified list of devices, ips, some other metrics you can do this on router level you can do this on server level. This is all up to you;
You should use https for IFTTT in that case chance of compromising of your auth token is almost 0 (IFTTT could be hacked and your auth could be leaked);