Comment on Security considerations of WiFi vs Zigbee for self-hosted IoT
vzq@lemmy.blahaj.zone 10 months ago
“Security” by itself is a meaningless concept. You need to formulate a threat model before you can say anything.
If your threat model is actors on the internet getting into your network using something related to the devices, then WiFi is many times worse. The devices are full network devices, and given for example a rogue firmware update, they can spawn a reverse shell let the actor into your network. This can and should of course be mitigated using the usual network engineering techniques. Zigbee is inherently different. Your light bulbs have no ip address, can’t route IP into your network on their own.
Another threat model is local information leak, someone in your area is listening to your radio emissions to determine if you’re home etc. This is about the same for zigbee and WiFi. They are both encrypted, but the real information is in whether there is communication, not the payload.
In terms of longevity, I would be wary of adding more 2.4 devices on your WiFi network. I can’t wait forcing the whole band.
My apologies, I needed to read up on the encryption that ZigBee uses a bit more. I have confidence that anyone snooping on the RF emanating from my flat will very likely not be able to decrypt ZigBee traffic (for that network will likely contain sensitive information).
Can I use ZigBee at another frequency than 2.4Ghz? I noticed that the US has another operational frequency for ZigBee but I don’t see it discussed very often
ace@lemmy.ananace.dev 10 months ago
Lots of people instantly think of security when they look at WiFi-connected IoT devices, but oftentimes they never think of the WiFi signal itself - what with all the added communication noise and send time limitations of having lots of small devices.
Especially with regular consumer equipment, it doesn’t actually require that many devices to fully saturate a regular home router or AP.
Scrath@feddit.de 10 months ago
That’s a good point. Another one I have is sort of failure tolerance. I used to have a really unreliable router which would often crash and could only be reset using a full power reset. While it was in this state, wifi obviously stopped working but my zigbee devices where still available. I used to have a zigbee button linked to a smart plug for toggling my router off and on again.
This shouldn’t be a concern for most people obviously but I wanted to share my experience.
Another point I want to mention is that zigbee works at 2.4Ghz just like basic wifi so they can still interfere with each other.
Zwave on the other hand uses another frequency (I think it was around 860MHz) but is more expensive.
MigratingtoLemmy@lemmy.world 10 months ago
Do you think I’ll be able to use 915Mhz (I’m in the US) for ZigBee devices using the Sonoff controller and IKEA devices/custom devices?
Scrath@feddit.de 10 months ago
Isn’t Zigbee always on 2.4GHz regardless of country? Trying to shift the frequency to 915MHz for all devices sounds like a lot of work with questionable benefit
vzq@lemmy.blahaj.zone 10 months ago
Absolutely! If you have devices that still only support b/g, they are going to eat up your air time really quick.