Thanks: 6
Likes: 8
Great news! Lutron at CEDIA announced the "Lutron Connect Bridge" for RadioRA2 and Homeworks. Essentially a RadioRA2 version of the Caseta Smart Bridge Pro. Gives RA2 the same level of "cloud" / Internet / 3rd party integration functionality as Caseta currently enjoys. Available in February for $299 MSRP.
I went to their CEDIA booth ready for a rant about the lack of support in RA2 - but didn't even have a chance! :-)
Jeff
That's great.
More information from Lutron describing the device in detail would be helpful.
My thoughts are
1. It would have been better if the main repeater had the necessary support built in instead of requiring a secondary networked device that is in the same price range. Why not just provide a new main repeater sku that provides a new means of connected access?
2. It appears that the existing (legacy) main repeater will be connected to the same subnet as the connect bridge and the legacy methods of talking to the main repeater would still work. That means that there will be multiple ways of talking to it. What if the legacy access methods are used to gain unauthorized access?
I believe this single SKU may handle all three systems (HWQS, RA2 and Caseta). So this could be a replacement for the Caseta 'Pro' bridge, and just becomes an accessory for the RA2 main repeater.Originally Posted by Bktay
It would be "better" if it was a single device built into the main repeater, but not complaining!
Unauthorized access to what? Any means of access to the Main Repeater today wouldn't gain access to the cloud/remote services - they'd only be able to do what they did before. The "Bridge" will initiate the commands to the Main Repeater - but wouldn't accept commands.
The main repeater can be targeted via the legacy access methods.
The only real thing preventing a real attack is probably the size/ value of the target.
Are you concerned about someone gaining access to the subnet via the Bridge? Otherwise, I'm not following how the Bridge product adds any new attack potential. If there's a compromised device on the subnet, agreed you've got a problem. But that exists today.
The point is that Lutron could have closed off the legacy access to the main repeater thereby reducing the potential for security breaches.
HomeKit security is similar to that used by AVB (Audio Video Bridging). The whole point of the level of security for AVB is to prevent
1. Snoopers from making sense of the data that is flowing between the various endpoints - controls, video, audio, actuators, etc.
2. Unauthorized control of individual device(s) on the network.
The point of HomeKit security is similar - providing the means for end to end security on a larger scale - the internet.
Retaining the legacy access is like having a secure front door to a home (locks, door frame, alarm, ...) with unsecured doggie access cutout.
I'm of the opinion that Lutron should address this potential threat in a full end to end fashion (command source to final destination) sooner rather than later.
Reading this a second time now and I think I see what you mean. You're talking about the current methods for the remote app to access the Main Repeater? Not necessarily the 'local' port access for the app and all 3rd party integration?
I agree - disabling that should be an option in the software - don't see why they couldn't do that. It'd be very simple to explain - if you enable the new Bridge, you just disable the legacy remote access methods and inform the user...
Awesome on the bridge for RR2. Can't wait!
Let's see what Lutron does.
Some wishful thoughts ...
If Lutron is daring enough, they could
1. implement a brand new secure end to end solution that does away with all the current methods of accessing the Main Repeater including the local access and 3rd party integration.
2. publish the new api and requirements early.
3. work with current 3rd parties to get things working with the new secure end to end solution.
4. unify RadioRA and Caseta such that there is one hub, access mechanism. The current positioning of Caseta for the DIY market and RadioRA2 for the professional market is awkward (put mildly)
Granted that there will be many challenges and risks especially considering that home automation devices and systems are not cheap (when counted the total cost) or practical to be changed in short time spans ( 6 months - 1 year).
Would the alternatives of moving slowly / maintaining the status quo be any safer? Probably not.
Posting Permissions
Reply With Quote