Control4 Warns Dealers About Port Forwarding for Home Automation

Control4 warns against port forwarding for remote access to home automation systems, urges use of VPNs or new cloud-based security and remote access service.


As we wrote earlier, new bots like Shodan automate the search for IP addresses – virtually everything connected to a network.

Proactively guarding dealers and customers from such threats, Control4 issued a notice to dealers (below) warning about the dangers of port forwarding and urging all integrators to employ secure VPNs or use the company’s new Anywhere Access: Mobile solution via its 4Sight subscription service. 

Control4 launched that cloud-based service to simplify the security and remote access of home networks including home control.

“It’s an instant improvement as it acts as a centralized access point the way using VPN with a DNS service acts with security camera remote viewing,” says long-time Control4 dealer and CE Pro contributor Joe Whitaker. “DNS service has always been a part of the services that run on a Control4 system. Now they are utilizing that for secure remote access through the existing 4Sight service.”

Home control vendors like Control4 have warned against port forwarding for years.

“This is a good reminder that port forwarding is and always has been a bad idea, regardless of what system you are using,” Whitaker says.

For its part, Control4 urges dealers, “Any Control4 Dealer that has enabled its customers’ home networks to allow port forwarding in order to provide access to Control4 systems should immediately contact those homeowners and make them aware of the potential for a security breach of their Control4 system.”

RELATED: How to Protect Clients from Home Automation Hacker Bots

May 4, 2013

Security Advisory

Dear Valued Control4 Dealers,

Owners of home automation systems have desired the ability to remotely access and control their systems through their mobile devices and remote personal computers. In response to this growing market demand, we recently released our Anywhere Access: Mobile solution through our 4Sight® subscription service, which allows homeowners to securely connect to and control their homes over 3G /4G cellular and remote wireless networks. Prior to releasing that solution, our only recommended approach for providing remote access to a Control4 system was through a secure VPN network. We warned our Dealers:

“Control4 does not recommend or approve of port forwarding for remote access using the MyHome application due to the security risks. Dealers and homeowners that use this technique assume any and all associated risks for such actions. Control4 requires Dealers to fully inform the homeowner of all associated risks and acquire written permission from any such homeowner before attempting any remote access through port forwarding from the home.”

Recently, media articles and technical postings have highlighted the growing risks associated with enabling networks to use port forwarding because if the firewall is breached, the entire network – including in the case of a home network, the home automation system – could be vulnerable.  The risks associated with a network that has port forwarding are attributable in large part to new public search tools that can easily detect and expose vulnerable networks as well as devices on those networks, including traffic cameras, corporate servers, home computers and home automation systems (like those of Control4). 

Based on the additional risks associated with this new search capability, we remind all Control4 Dealers worldwide that enabling port forwarding of the home network is not an acceptable method for providing remote access of a Control4 system. Any Control4 Dealer that has enabled its customers’ home networks to allow port forwarding in order to provide access to Control4 systems should immediately contact those homeowners and make them aware of the potential for a security breach of their Control4 system. At this time, the only acceptable methods for remote access to and control of a Control4 system is through a secure VPN or through our new Anywhere Access: Mobile solution via our 4Sight subscription service. 

Now and in the future, if you believe that there is a security issue relating to any Control4 system, or if you have any questions about the security of a Control4 system, please contact us at [email protected].

Thank you for your continued support, feedback, and confidence in Control4.

  About the Author

Julie Jacobson, recipient of the 2014 CEA TechHome Leadership Award, is co-founder of EH Publishing, producer of CE Pro, Electronic House, Commercial Integrator, Security Sales and other leading technology publications. She currently spends most of her time writing for CE Pro in the areas of home automation, security, networked A/V and the business of home systems integration. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, earned an MBA from the University of Texas at Austin, and has never taken a journalism class in her life. She's a washed-up Ultimate Frisbee player currently residing in Carlsbad, Calif. Email Julie at [email protected]

Follow Julie on social media:
Twitter · LinkedIn · Google+

Julie also participates in these groups:
LinkedIn · Google+

View Julie Jacobson's complete profile.

  Article Topics

News · Control4 · All Topics
CE Pro Magazine

Not a Magazine Subscriber?
Subscribe Today...It's FREE!!