Control4 Warns Dealers About Port Forwarding for Home Automation
Proactively guarding dealers and customers from such threats, Control4 issued a notice to dealers (below) warning about the dangers of port forwarding and urging all integrators to employ secure VPNs or use the company’s new Anywhere Access: Mobile solution via its 4Sight subscription service.
Control4 launched that cloud-based service to simplify the security and remote access of home networks including home control.
“It’s an instant improvement as it acts as a centralized access point the way using VPN with a DNS service acts with security camera remote viewing,” says long-time Control4 dealer and CE Pro contributor Joe Whitaker. “DNS service has always been a part of the services that run on a Control4 system. Now they are utilizing that for secure remote access through the existing 4Sight service.”
Home control vendors like Control4 have warned against port forwarding for years.
“This is a good reminder that port forwarding is and always has been a bad idea, regardless of what system you are using,” Whitaker says.
For its part, Control4 urges dealers, “Any Control4 Dealer that has enabled its customers’ home networks to allow port forwarding in order to provide access to Control4 systems should immediately contact those homeowners and make them aware of the potential for a security breach of their Control4 system.”
May 4, 2013
Dear Valued Control4 Dealers,
Owners of home automation systems have desired the ability to remotely access and control their systems through their mobile devices and remote personal computers. In response to this growing market demand, we recently released our Anywhere Access: Mobile solution through our 4Sight® subscription service, which allows homeowners to securely connect to and control their homes over 3G /4G cellular and remote wireless networks. Prior to releasing that solution, our only recommended approach for providing remote access to a Control4 system was through a secure VPN network. We warned our Dealers:
“Control4 does not recommend or approve of port forwarding for remote access using the MyHome application due to the security risks. Dealers and homeowners that use this technique assume any and all associated risks for such actions. Control4 requires Dealers to fully inform the homeowner of all associated risks and acquire written permission from any such homeowner before attempting any remote access through port forwarding from the home.”
Recently, media articles and technical postings have highlighted the growing risks associated with enabling networks to use port forwarding because if the firewall is breached, the entire network – including in the case of a home network, the home automation system – could be vulnerable. The risks associated with a network that has port forwarding are attributable in large part to new public search tools that can easily detect and expose vulnerable networks as well as devices on those networks, including traffic cameras, corporate servers, home computers and home automation systems (like those of Control4).
Based on the additional risks associated with this new search capability, we remind all Control4 Dealers worldwide that enabling port forwarding of the home network is not an acceptable method for providing remote access of a Control4 system. Any Control4 Dealer that has enabled its customers’ home networks to allow port forwarding in order to provide access to Control4 systems should immediately contact those homeowners and make them aware of the potential for a security breach of their Control4 system. At this time, the only acceptable methods for remote access to and control of a Control4 system is through a secure VPN or through our new Anywhere Access: Mobile solution via our 4Sight subscription service.
Thank you for your continued support, feedback, and confidence in Control4.