I am looking for a device, connected to my home network, that will allow me to turn a power switch on and off remotely over the internet.
Not really sure what I am looking for, so any advice will be most welcome.
Define "power switch".
I have a Fibaro HC Lite plus 4 TKB 13A Z Wave switches - these work extremely reliably and have a bonus of being able to measure power consumption.
Bear in mind that you are also implicitly asking "I'd like a device connected to my internal network at home that is visible to the whole world."
I'm not convinced that the implementers of such controllers know anything about security, so they could easily be a vector for people getting onto your home network.
It's not that you shouldn't do this, but do be careful. I've thought about opening a connection up to my PVR's web interface, but I just don't trust it enough.
Right, I'll try and be more specific.
I'd like to be able to turn on (or off) a low-power (up to low 100's, not 1000's of watts) electrical device remotely using IP. I.e. perhaps using a web interface (password protected) or a dedicated app.
Will it be near a wired network - or in an arbitrary position in the house?
I suspect in either case, an RF enabled 13A adaptor will work best - however, you will have the overhead of a controller (which could control lots of other stuff too).
Is this something like what you want?
There are DIY solutions about with varying degrees of insecurity and capability for RaspPi too.
Regards, Martin Brown
Ebay has some interesting looking items from about £10 up (auction) or say £20 by it now. all from far east. Wifi connectivity to your network and a phone app (apple or android) for control.
Most seem limited to 10a (possibly resistive load too) which sounds like it is enough for the OP needs. Some include timers with remote override.
No where have I seen whether there is any feedback to the remote unit on the success or otherwise of the transaction or the ability to interrogate the unit as to its current state (on or off)
Then there is a huge price leap to £100 or so and other than a brand name and possibly better support, its not obvious there is a huge leap in functionality.
An attempt at mild security could be obtained by mac address filtering on your network. Could well be enough assuming you are not switching critical life support systems on and off!
Anyone inside your house could just physically unplug stuff, anyone outside your house you're not going to see their MAC address
Indeed this can be true - you only need look at the vast number of home webcams / baby monitors you can go and watch using a hacking tool no more sophisticated than google!
It does not have to be a gaping vulnerability, but it does take some thought. Each stage of setup is not particularly complex, but the overall picture is non trivial.
Ideally the only allowable connection into the router would be by an encrypted Virtual Private Network. However to achieve that really needs a router capable of supporting VPN termination (most SOHO routers allow VPN passthrough, but don't have the capability to form one end of a VPN connection themselves).
Once into the network via VPN, then you just want a hole through the firewall that will only get you to the device of interest. Ideally with the hole not on a standard port - that way you don't advertise what kind of device it is and what protocols its likely to speak. Its better still if that device is behind its own firewall so it has limited or no access to the rest of the lan - then it can't be used as stepping stone to get further into the lan even if it can be owned.
I've used this extensively in the past, though not 'right now'
Provided you map only a single socket, and provided that what you can
*do* with that socket is secure, its not actually a huge issue.You might get a hacker turning on your lights, but not deleting the contents of your file server.
It is possible by using split LAN addresses to more or less isolate the appliance from the home network too.
There is no generic answer however. Its all down to how stuff is implemented, and a lot of that is under your own control if you choose,.
As a point of interest I had a laser printer wide open to the net for months. No one printed anything on it.
use a pi and a relay.
that way you can set up the PI firewall to not be able to open a TCP connection at all.
Just listen on the one port you designate. Probably 443 for secure http.
the trick is first to use a static IP address, secondly to map that IP address and socket to allow incoming connections to it from your router, and third to firewall everything else (iptables). So the pi can listen, but not talk to anything else. OK you might want a few services like ntp to run, but make the default 'I can't talk'.
As far as the software goes set up .htaccess on apache to allow only name/password combos.
You are left then with a small bit of executable software that the web server will invoke to do relay switching via a PIO port. Id write that in C myself, as its less dangerous than e.g. php
You will also need a static IP address on the internet or a dynamic DNS setup.
If the sole means of access to the PI is via that secure web interface, and all that it *can* do is switch a relay, you are pretty safe.
A certain amount of checking with apache configurations to make sure there are no 'hidden' default scripts that can run is in order if you are paranoid, but frankly apache got rid of those years ago,.
That's the one - many thanks!
What I would do is set up a secure (https) password-protected website in yo ur house that you log into to control your house. Also bung in some webcams so you can monitor security. Some scripting on your web server would send the commands to switch the socket. There must be freeware stuff to make thi s easy. You need a way of knowing your IP address (static IP, dynamic DNS, etc). Simon.
your house that you log into to control your house. Also bung in some webca ms so you can monitor security. Some scripting on your web server would sen d the commands to switch the socket. There must be freeware stuff to make t his easy. You need a way of knowing your IP address (static IP, dynamic DNS , etc).
That was about the security aspect. See the other posts for the actual swit ching device - lots of ideas there. Simon.
I have something similar, but it's phone operated (via my Asterisk box). Uses two factor authentication and custom software.
Not seen those before - very interesting!
These might be of interest??
But if I wanted to hack your laser printer it wouldn't be to print stuff. I would use it as a mail relay or to do DDoS attacks.
DDOS uyou might manage
mail relay you would not. Its simply not possible
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.