This object is in archive!
Virtual Devices that can be controlled via URL
Under Consideration
Which virtual devices have a URL that can be controlled without API authentication?
I was playing around with a virtual sensor and noticed it had a URL that I could simply post to without having to authenticate to my box. The URL is displayed in the Device Manager on the virtual sensor's attribute page. This does not seem to be on all virtual devices; so that made me wonder if there is a list of devices that can be controlled via an unauthenticated URL post?
I like this idea 
No connection
Real-time notifications may not work
It is the virtual sensor and meter. Don't understand why we cannot have the other devices (especially switch and level control) with a URL link...shame.
It is the virtual sensor and meter. Don't understand why we cannot have the other devices (especially switch and level control) with a URL link...shame.
I have mixed feelings about this; allowing unauthenticated access via a specially crafted URL string is definitely convenient (I am currently playing with a couple of integrations using this method), but I am seriously concerned about the security implications of having unauthenticated access to control my home. Any malicious hacker intercepting your URL string will give them the ability to control your device. I have not done an analysis on the randomness of the devices; but a good hacker could probably wreak considerable havoc on people using the Zipato services by doing a bit of fuzzing. I am sure that everybody has heard about the insecurity of IoT devices; I hope Zipato has security at the top of their priority list.
With Great IoT Comes Great Insecurity
I have mixed feelings about this; allowing unauthenticated access via a specially crafted URL string is definitely convenient (I am currently playing with a couple of integrations using this method), but I am seriously concerned about the security implications of having unauthenticated access to control my home. Any malicious hacker intercepting your URL string will give them the ability to control your device. I have not done an analysis on the randomness of the devices; but a good hacker could probably wreak considerable havoc on people using the Zipato services by doing a bit of fuzzing. I am sure that everybody has heard about the insecurity of IoT devices; I hope Zipato has security at the top of their priority list.
With Great IoT Comes Great Insecurity
It is like with everything, everything can be broken...
It is like with everything, everything can be broken...
Replies have been locked on this page!