Homebridge hacked?

Posted on
Wed Aug 23, 2017 7:07 am
DVDDave offline
Posts: 470
Joined: Feb 26, 2006
Location: San Jose, CA

Homebridge hacked?

I've been using Homebridge successfully for quite a while now and really like it (thanks!). Lately however I've noticed some activity that I did not initiate. At first I thought I accidentally controlled some devices but the latest round was clearly not from me. All the logs show the controls being initiated from 127.0.0.1 and look exactly like they do when I use Siri or the Home app.

I've disabled Homebridge for now but need to find a more permanent fix. Any ideas on how I can get more info about where the actions were initiated; i.e. An IP address? Which password, if any, was likely compromised- AppleID or Indigo? I'm trying to learn more about how this actually works to understand any vulnerabilities and any help would be much appreciated.

Thanks!

--Dave

Posted on
Wed Aug 23, 2017 7:53 am
webdeck offline
Posts: 436
Joined: May 07, 2005

Re: Homebridge hacked?

You can find the homebridge log here: ~/Library/Logs/homebridge.log

That will have information on what homebridge has been seeing/doing.

Posted on
Wed Aug 23, 2017 8:07 am
DVDDave offline
Posts: 470
Joined: Feb 26, 2006
Location: San Jose, CA

Re: Homebridge hacked?

webdeck wrote:
You can find the homebridge log here: ~/Library/Logs/homebridge.log

That will have information on what homebridge has been seeing/doing.

Yes, I looked at that. Unfortunately it just shows the accesses as coming from 127.0.0.1. Thinking more about it, the Homebridge part is probably not secured but rather relies on the security of HomeKit through the Apple TV. I don't know if there is a way to get to a log of HomeKit accesses though.

Posted on
Wed Aug 23, 2017 8:09 am
Different Computers offline
User avatar
Posts: 2533
Joined: Jan 02, 2016
Location: East Coast

Re: Homebridge hacked?

Any chance these are HomeKit automations making calls to HOmeBridge?

SmartThings refugee, so happy to be on Indigo. Monterey on a base M1 Mini w/Harmony Hub, Hue, DomoPad, Dynamic URL, Device Extensions, HomeKitLink, Grafana, Plex, uniFAP, Fantastic Weather, Nanoleaf, LED Simple Effects, Bond Home, Camect.

Posted on
Wed Aug 23, 2017 8:11 am
DVDDave offline
Posts: 470
Joined: Feb 26, 2006
Location: San Jose, CA

Re: Homebridge hacked?

Different Computers wrote:
Any chance these are HomeKit automations making calls to HOmeBridge?

Nope. Don't have any automations and they are for various unrelated devices like someone was just pressing random buttons.

Posted on
Wed Aug 23, 2017 8:21 am
webdeck offline
Posts: 436
Joined: May 07, 2005

Re: Homebridge hacked?

Can you post an example from the homebridge log?

Posted on
Wed Aug 23, 2017 8:38 am
DVDDave offline
Posts: 470
Joined: Feb 26, 2006
Location: San Jose, CA

Re: Homebridge hacked?

webdeck wrote:
Can you post an example from the homebridge log?

Sure, but it's hard to copy right now since I'm away from home and accessing the console over VNC from my iPad. For now, the access log shows a setonstate, updatestatus, and Indigo request to 127.0.0.1 for each attempt to control a device. It's exactly the same as if I initiated the control.

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 3 guests