You've made some very good points and better explained what I really want. I also will admit that using existing tools to create VLANs to "quarantine" the devices is an option. That said (and you touched on this) the average consumer is not prepared to deal with any of that, maybe that will change but as of today it's not easy or even possible with most consumer-grade hardware.
As for Z-wave/Zigbee, I could be missing a potential security hole but personally I am less concerned with my Z*-devices being hacked and more concerned with IP-devices being hacked and being able to talk to other IP-based devices on my network.
For example, it would suck to have someone be able to hack my door or lights but it wouldn't be the end of the world AND it requires physical access/proximity. This is quite different from someone on the other side of the globe being able to hack a device, hack other devices on my network (non-IoT), and then do something malicious (ransomware, identity theft, etc).
>That said (and you touched on this) the average consumer is not prepared to deal with any of that, maybe that will change but as of today it's not easy or even possible with most consumer-grade hardware.
Right, at one point it looked like something like UniFi could show the way there, but Ubiquiti unfortunately has turned into a development dumpster fire and really lost its way, and I don't know of anyone else attempting something similar. The principle remains though that it's another path forward, there are already powerful tools for network control and management, and there are accessible open standards there. Putting a better UX on that is worth considering alongside other solutions is all.
>As for Z-wave/Zigbee, I could be missing a potential security hole but personally I am less concerned with my Z-devices being hacked and more concerned with IP-devices being hacked and being able to talk to other IP-based devices on my network.
For example, it would suck to have someone be able to hack my door or lights but it wouldn't be the end of the world AND it requires physical access/proximity.
A lot depends on where you live. A few years ago for example there were a bunch of articles and demonstrations coming from research into and discovery of vulnerabilities in the ZigBee protocol itself. Because the whole point of it is meshing, if you're in an urban or even suburban environment with sufficient density, then a neighbor being hacked could then hack their neighbors etc in a chain reaction. And of course people had fun immediately putting SDRs on drones and doing a fresh new take on good 'ol war dialing, flying around owning anything they came across. Random example article:
Picked verge vs NYT since I don't think they're paywalled? Lots more though a quick DDG away covering the same thing at the time.
With meshing though, you do have to be somewhat careful about the concept of "proximity" and so on if there are protocol layer problems, which is less of a concern on WiFi for better and for worse. Your home might be locked down, but are you sure your neighbor or neighbor's neighbor and so on and so forth down the chain all have no entry point? I 100% grant it's more of a long term scalability consideration right now for many people, but hey, we're talking about a future protocol here!
I haven't followed the AmpliFi line closely to know if it has easy VLAN support but yeah... I really like the UniFi offerings but a fulling working UniFi system (excluding the UDM) costs ~$800 from my last estimate. I'm saving for it but that's cause I'm a weirdo who enjoys those kinds of things.
If you don't mind me asking what networking stack are you using?
Also thank you for the very well thought out and reasoned reply! I wasn't fully aware of some of those attack vectors.
Lastly I think I've been so anti-wifi IoT because of the inherent security issues with literally everything currently on the market. I see the wifi IoT as a bubble about to pop unless routers gain security features for IoT or some other major changes are made to how they work today.
Sorry for the slow reply, and I see you've got (and made) one other response. As far as what stack I'm using, on my test lab it's a big mix of course, but my main personal stack right now is UniFi dating back from quite a few years ago. However, I really want to reemphasize my "dumpster fire" aside: I strong DON'T recommend getting into UniFi right now if you're starting fresh, or at least, if you do be really careful about it. It hasn't been that obvious from the outside if you didn't know what to look for, but from an community and heavy use perspective it's clear Ubiquiti has been having major internal developer issues for a few years now at least. The CEO is apparently pretty toxic, but whatever the reasons are the result has been a major stagnation of the line, both for hardware and software, rapidly increasing technical debt, and a lot of extremely confused moves that seem to amount to easy bikeshedding because real engineers weren't available. I started to get into some of the gory details but am just deleting that paragraph, it's not really relevant here. But to take a specific example, that security gateway you were looking at, which is necessary if you want to use UniFi for L3 features, basics like DNS (which incidentally is also half-assed) etc, is a good 5 years old now. They introduced the "UniFi Security Gateways" and then refreshed them... never. The software for those is stagnant, and core software (like Strongswan for VPN) are often horribly out of date. It chokes doing much of anything interesting, would be obliterated in perf by a current RPi. The switches aren't in quite so dire straights, but for the money they too now have the smell of obsolescence. Ubiquiti has no decent L3 story for 2019/2020, no move to competitive faster networking, and a lot of cruft built up because they like to introduce new things but not just update and replace old ones.
Having said all that, their PtP/PtMP links are still nice. Their APs are solid overall, and do have nice industrial design (though no word on WiFi 6, which for a new install I'd consider fairly important). The interface has degraded significantly over the last few versions, but it's still better and more unified than any other I know of. I mean, I'm still running it myself after all. But if you go that route know what you're getting into and look hard for open box and used stuff that'll be cheap. And I'd honestly suggest not bothering with the cloud key and just running the controller yourself, on an RPi or similar if you want something dedicated but cheap or else spin up a VM or container, or even just run native I guess if you've got a server you run otherwise. The CK is also ancient.
In summary: I adored UniFi, and the potential was(is?) fantastic, and their old vision was fantastic, and at one point they were a really solid venture all around. And I know of nothing else with the same vision either. Yet even so I'm expecting to have to dump it overall in the next few years, which sucks. But long bitter experience has taught me that glorious turnarounds are much more the exception than the rule :(.
Holy shit this an amazing reply and I couldn’t be happier you took the time. I had read some about of the issues you you talked about but you highlighted even more.
I might go down the secondhand/used route if I do decide to do it. Right now I’ve got a single all-in-one router running LEDE and I like it but I’m not able to reach more than 60% of my fiber internet so I’ve been looking to upgrade. I decided that if I was going to throw a couple hundred at it I figured I might as well go all in.
It’s always sad to see a company throw away such a promising future. I saw their new AmpliFi “Alien” router and I’m half tempted to buy that and wait a few more years for a better option to present itself. Or even the UDM but it seems like a very odd offering to me... I guess I’ll keep looking, thank you again for the advice.
As for Z-wave/Zigbee, I could be missing a potential security hole but personally I am less concerned with my Z*-devices being hacked and more concerned with IP-devices being hacked and being able to talk to other IP-based devices on my network.
For example, it would suck to have someone be able to hack my door or lights but it wouldn't be the end of the world AND it requires physical access/proximity. This is quite different from someone on the other side of the globe being able to hack a device, hack other devices on my network (non-IoT), and then do something malicious (ransomware, identity theft, etc).