Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Wireless Networking Software Technology

Logitech Disables Local Access On Harmony Hubs, Breaks Automation Systems (arstechnica.com) 151

DarkRookie2 shares a report from Ars Technica: Many users of Logitech's Harmony Hub smart home hub and remote were recently met with a nasty surprise. The device's latest firmware update, version 4.15.206, reportedly cuts off local access for Harmony Hubs. As a result, many users who created home automation and smart home systems using third-party APIs haven't been able to control many, and in some cases, all of their connected IoT devices. Logitech began pushing out firmware update 4.15.206 last week, its release notes stating that it addresses security and bug fixes. Users immediately flocked to Logitech's community forms to complain once they realized the systems they built up to control their smart home devices essentially became unresponsive. Users with Homeseer and Home Assistant APIs have reported parts of their systems broken, preventing them from controlling things like smart TVs, sound systems, and more using the Harmony Hub and its remote. In a statement to Ars, a Logitech representative confirmed that local access was removed in the latest Harmony Hub firmware update for security reasons: "The XMPP interface was used as part of the setup process and was pointed out as an insecure communication. We removed that interface as part of an effort to make to improve the Hub security. That interface was never designed to be used by third parties. The reason for the firmware update was to make the Harmony Hub more secure, therefore we do not have an official downgrade option. We recommend that users do not try to prevent the automatic firmware update process. We update the firmware as security issues are discovered, so users preventing the automatic firmware update process would not benefit from these future fixes."
This discussion has been archived. No new comments can be posted.

Logitech Disables Local Access On Harmony Hubs, Breaks Automation Systems

Comments Filter:
  • by Anonymous Coward

    Somebody's going to end up hitting these guys pretty hard. Glad I don't have to deal with it.

    • Re:Glad it's not me (Score:5, Interesting)

      by bill_mcgonigle ( 4333 ) * on Wednesday December 19, 2018 @06:00PM (#57833012) Homepage Journal

      Somebody's going to end up hitting these guys pretty hard. Glad I don't have to deal with it.

      Every development plan that consists of "we're talking away features from your IoT device" needs to have "defending the class action lawsuit" in the budget summary.

      Gosh, if Logitech can't understand how to set up XMPP over TLS that tells me to stay far, far, away from any of their networking products.

      • by rsilvergun ( 571051 ) on Wednesday December 19, 2018 @06:31PM (#57833164)
        there have been several rules that uphold Arbitration agreements in EULA's recently. Congress passed a law making them binding and the SCOTUS upheld the law because Congress passed it. Employees can still sue for violations of various Labor Laws (mostly national ones) but if you're a consumer you're pretty much boned.

        I know I keep harping on about this in various threads, but if we want this to stop we need to vote for candidates who refuse corporate PAC money [justicedemocrats.com]
        • there have been several rules that uphold Arbitration agreements in EULA's recently. Congress passed a law making them binding and the SCOTUS upheld the law because Congress passed it. Employees can still sue for violations of various Labor Laws (mostly national ones) but if you're a consumer you're pretty much boned.

          I know I keep harping on about this in various threads, but if we want this to stop we need to vote for candidates who refuse corporate PAC money [justicedemocrats.com]

          Yeah, it's a shame that a couple of good ideas are bundled up in a package of (in my opinion) absolute crazy.

        • I know I keep harping on about this in various threads, but if we want this to stop we need to vote for candidates who refuse corporate PAC money [justicedemocrats.com]

          Sure will. If I was a single issue voter

      • by mattyj ( 18900 )

        I'm guessing that it's not just encryption but the ability of any yahoo to hook up an insecure IoT device to it and inject malicious xml or what have you. They just don't want to deal with that in their ecosystem, which leads me to believe something happened that we don't know about that probably f'ed up their servers/systems/whatever.

        If the XMPP system wasn't designed for that, then why is it there, and why is it not needed now? That's the question that came immediately to mind for me, not people using a d

        • by Anonymous Coward on Wednesday December 19, 2018 @07:21PM (#57833380)

          people using a device in an unsanctioned way then complaining that the door was closed on it. That's the risk you run playing with open doors you're not supposed to see.

          No, that's the risk you run playing with a device that you don't control.

          A better way: MyCroft [mycroft.ai] + devices designed to talk to it.

          Otherwise, live by someone else's cloud, die by someone else's cloud. When you give up control, the entire problem is: you gave up control.

          Stop giving people money to own your ass, and they'll (mostly, except where the government forces them on you) stop owning you.

      • by Anonymous Coward

        i know you paid god money for that pacemaker but we are removing the functionality that gets your heart back in rhythm to increase security. Please do not try to skip the updates, we work hard to keep you secure.

      • Every development plan that consists of "we're talking away features from your IoT device" needs to have "defending the class action lawsuit" in the budget summary.

        Not to mention a line item in that budget to cover cleaning up the mess after hackers take them down hard as payback for their shitty attitude.

        I wouldn't be sorry to see that happen, as long as none of the folks who got stuck with Logitech paperweights gets hurt in the process. I've been anti-Logitech since one of their mouse driver disks installed spyware on my computer many, many years ago. I don't forgive that kind of thing, and I sincerely hope that everyone who's been burned by them follows suit.

  • Tell the truth (Score:5, Insightful)

    by Anonymous Coward on Wednesday December 19, 2018 @05:57PM (#57832994)

    We removed the XMPP interface because we're Logitech and we want to force you to use only Logitech products and services so we make the most profit possible

    Fixed that for you, Logitech.

  • by Anonymous Coward on Wednesday December 19, 2018 @05:59PM (#57833006)

    Logitech at one time made decent peripherals. Now they are just a 'brand" slapped onto any Chinese made garbage they can find with Indian support. If you buy Logitech you deserve what you get.

    This firmware update is TOTALLY something I would expect from scumbags like them. Release a product and then fuck over all their customers in an attempt to somehow get more money out of them. They will probably return that functionality "for an additional monthly charge" or some horse shit like that.

    What's bad is they don't even seem to care. They broke many of their customers functionality and just give the standard corporate shrug of "well it's for xyz arbitrary reason".

    • I have a Harmony Hub and remote, and I have to say, it's been generally excellent. It's got high WAF, so high in fact that even visitors can use it without needing a training. It looks good and works well. The only problems I've really had with the whole setup is my satellite box is a crock of shit. Oh, and I did have to put the hub in the cupboard under the stairs where it just about reaches the Amazon box in the garage. That meant a bit of funky wiring up IR emitters and such like. Programming it up is pr

      • I've enjoyed the Hub as well, but as with most home automation, it works best when you keep it simple, thoughtfully designed, and FAST. I'm frustrated every time I have to log into to Logitech for making changes, and it's noticeably less responsive if I am not on the local network. If they break the super-basic functionality I have it for in the name of adding Alexa or some shit, I'm out.
  • by Bradmont ( 513167 ) on Wednesday December 19, 2018 @06:00PM (#57833016) Homepage
    This is just another reason to avoid IoT devices altogether. Apart the spying risks and the general lack of security patches, the ability of random companies to, on a whim, render completely inoperable stuff you've paid good money makes a trifecta of user-hostile design. I can stick with old-fashioned wall mounted light switches, thanks.
    • by Cyberax ( 705495 ) on Wednesday December 19, 2018 @06:28PM (#57833146)
      IoT devices themselves are fine. ZWave or ZigBee light switches don’t depend on whims of a manufacturer. You don’t need to replace them, just replace the hub.
      • by msauve ( 701917 )
        "IoT devices themselves are fine. ZWave or ZigBee light switches donâ(TM)t depend on whims of a manufacturer. "

        Uh, wha??? IoT is Internet of Things. Neither ZWave nor ZigBee use IP, they are definitely not IoT devices.

        And actual IoT devices are very, very, commonly dependent on a vendor's servers. Wink and SmartThings hubs, Ecobee and Nest thermostats, many cameras, etc. Some will provide basic functions when they've lost contact with the mothership, but full function depends on external services whi
        • If I was at all interested in having a connected house I would look into openHAB or Home assistant. Both appear to be open source. Pretty sure you could use a raspberry pi for your home automation server quite easily. The same device could also host a vpn service so you can ssh into your home network and screw with your LoT devices if you need to.

          It's all neat stuff and if I had money and time to burn I would probably add those features to my condo but that's only a maybe. LoT is mostly technology I do not

          • by msauve ( 701917 )
            But, that doesn't solve the problem. For many devices they still need to go through a vendor's cloud service for control - it's not local. E.g., HA will control a Nest or Ecobee, but it does so by talking to the vendor's Internet service, the devices themselves simply do not have local APIs. Home Assistant and openHAB won't help you out if the vendor discontinues support or goes away, or even just has a server failure.
        • by Cyberax ( 705495 ) on Wednesday December 19, 2018 @06:54PM (#57833266)
          ZWave and ZigBee devices along with a hub are typically considered to be IoT. And the hub can be fully offline-capable: Vera, HomeAssistant and OpenHab work perfectly fine offline (obviously without Alexa or Internet-device integration).
          • by green1 ( 322787 ) on Wednesday December 19, 2018 @08:12PM (#57833586)

            The nice thing with systems like home assistant is that you can choose exactly how much, or how little, integration you need or want with other devices and services.

            I have a home assistant setup on a raspberry pi at home, but it also connects through IFTTT to google assistant, and I can connect through my VPN from my phone or computer anywhere.

            All the "I" of IOT, without the vendor shenanigans.

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            That's not really an internet of things though, considering that they're local wireless technology. But that's the thing, the IntranetOfThings is a wonderful idea. The InternetOfThings is just rent seeking and security holes.

      • Zigbee light switch compatibility is awful.
        The Hue hub cannot see Tradfri switches, the Tradfri hub cannot see the Lightify switches and so on. Only the lightbulbs kinda sorta interoperate, but not very well.

    • by Anonymous Coward

      Sticking with good old-fashioned one-touch capability to switch between input modes on your TV, sound receiver, subwoofer, decoding devices, and lighting on onw-touch, ensuring everything is tuned to your personalized settings?

      Awesome.

      There are good points to IoT and enabled smart devices. It's a tradeoff and the lack of patching, etc, can be managed by deployed these on a segmented and isolated network in your house. All based on your threat model and cost/benefit analysis.

    • by markdavis ( 642305 ) on Wednesday December 19, 2018 @06:34PM (#57833176)

      >"I can stick with old-fashioned wall mounted light switches, thanks."

      You can use X10, ZWave, whatever with simple controllers or even simple, local computer based connection. The issue is when you buy some "cloud" based device which is controlled by a third-party. But sometimes that can be really difficult to find.

      The problem is that the "masses" want an "easy" and connected "solution". And these solutions seem to always mean a third-party controls your crap and you pay some recurring fee.

      Example- I wanted to set up a security system. I wanted wireless sensors and the ability to send Email and text messages. But I didn't want a "solution". I didn't want a third party. I didn't want recurring fees. I didn't want some company that could brick (or change) my crap without permission. Result? I could find almost NOTHING OUT THERE! Every single platform was based on some "cloud" thing that required them to have access to my equipment and data, and recurring fees. There is some stuff out there without such "features" but they are all very limited, and poorly documented.

      • by Miamicanes ( 730264 ) on Wednesday December 19, 2018 @07:57PM (#57833544)

        X10 has been pretty much dead and useless ever since CFLs and LEDs took over. The problem isn't with the X10 protocol per se, but rather with the ASIC used by nearly every X10 module in modern history. Between CFLs with active ballasts & LED drivers, basically every module that has ever existed is now unusable. Even with the relay-based appliance modules, the "local power control" feature STILL fucks them up... EVEN IF you cut the trace that supposedly disables it (it still sends a pulse of current every 10 seconds or so). If I were really determined, I could still get CFLs to work by connecting an incandescent night light in parallel, but I've NEVER seen an X10 module that works properly with LED lights.

        It's a shame, because I literally grew up in an X10 house... my parents had a bunch of X10 modules going all the way back to 1980s Radio Shack, I had two in my college dorm room to control lights that were inconveniently far from the door and my bed, and my collection multiplied after college & especially after I bought a house, only for all of them to become functionally obsolete as I switched to LEDs and even my nightlight work-around ceased to work. X-10 had a good run, only to ultimately get killed off by something not directly related to the standard itself.

        • by markdavis ( 642305 ) on Wednesday December 19, 2018 @08:27PM (#57833646)

          X10 does suck, in general. I will agree with you on that. But I use it with quality dimmable LEDs throughout my house and that actually works fine. I am sitting in a room right now with LED track lighting that is dimmed to about 33% with a standard/cheap X10 wall switch. No flicker, no variation in the light, no issues at all, and with no incandescent in the circuit at all. They even dim properly all the way to about 15% brightness or something like that.

          The biggest problem with X10 is that it is too prone for the signal to get blocked or interfered with.

          • Hmmm... that's interesting. I haven't actually tried using the dimmable ones with LCDs... I actually did a huge round of X10 replacements sometime around 2010 when I replaced all of my remaining dimmable/incandescent modules with 3-prong appliance-type modules (usually, in conjunction with a 6" extension cord and a 4w nightlight whose only purpose was to provide a constant resistive load to keep the modules from turning themselves on without actually going all the way and disabling the local power control f

            • >"I'm lucky in the signal area... once I put the X-10 crossover/bridge module on my dryer outlet a few years ago, all of my problems seemed to go away.""

              I am less lucky than you with this. I also put a "filter" on my UPS/computer/AV system. My system just sometimes won't turn on/off certain circuits because something interferes with it and I have to move things around. X10 is positively weak and ancient and inexact.

              >"I thought about switching to Z-wave or Insteon a couple of years ago"

              I did too but

        • X10 is dumb because it is one way. You can't count on your messages being received, and you also can't check to see if they were. most dimmers don't permit setting brightness, so with them there is no way to get a specific level. All in all, it was amusing when new but never reliable.

        • by ixs ( 36283 )

          As the other posters in this thread said: X10 is pretty much dead for other reasons as well. I have never really used X10 much but I've always found it super infuriating to have this noticeable delay between pressing the button and the light actually turning on. It's short enough that it is not causing problems but it is long enough to tell that something is going on.
          The reason for this is just the slow transmission speed of (IIRC) 20bps. That is terribly slow compared to more modern systems such as Z-Wave.

      • Have you looked at Synology? I use mine as a media server and backup, but I saw that it had security system features available and you can use it as a private Cloud as well.
    • Comment removed based on user account deletion
    • by tlhIngan ( 30335 )

      the ability of random companies to, on a whim, render completely inoperable

      The problem is that it was a private API set. Logitech never advertised it as a way to locally control the unit - it just happened to work.

      It just happened that the API set wasn't useful for Logitech and a major security hole so it was closed off.

      That's the problem with private APIs. They have a nasty habit of suddenly disappearing on you.

    • by dAzED1 ( 33635 )
      Lovely theory, and I myself wish I had something available which could turn on my home theatre in an easy way despite it being hidden from view per my wife's demands. The idea though that only doing it from "the cloud" vs doing it local is more secure is about the dumbest thing I've ever heard. It is substantially less secure to not do it locally. There just aren't any devices as advanced as the ones 5y ago, where you could do it all locally. Like seriously, why the fark would I want to turn on my TV wh
  • by zugmeister ( 1050414 ) on Wednesday December 19, 2018 @06:01PM (#57833020)

    We removed that interface as part of an effort to make to improve the Hub security.

    I am altering the deal. Pray I don't alter it any further.

  • by Anonymous Coward on Wednesday December 19, 2018 @06:02PM (#57833022)

    Any device that requires an account on someone else's service doesn't belong to the person who purchased it. It belongs to the service provider.

    How many times do we have to learn this lesson? (Answer: every time, apparently)

  • by Actually, I do RTFA ( 1058596 ) on Wednesday December 19, 2018 @06:03PM (#57833034)

    I wonder what kind of "return as defective" laws are in place.

    • by green1 ( 322787 )

      Depends on a few things. like when you bought it, and on what continent (north america? forget it, Europe, maybe, see below)

      It's also about what was advertised, if this was simply some APIs that someone discovered but that were never actually advertised by the seller, then you probably don't have much of a leg to stand on. If however it was advertised functionality, then yes, Europeans can probably get a refund, North America doesn't have any concept of consumer protection though, so you'd be out of luck he

    • by AmiMoJo ( 196126 )

      Amazon says first availability was September 2015, although it still on sale. Anyway, EU minimum warranty is 2 years, and most countries go further. In the UK goods must "last a reasonable length of time", and even if you were an early adopter 3 years is way too short for a product like this. Typically computers and TVs are minimum 6 years if it gets to court, more for expensive ones.

      So let's say six years, an early adopter would get a 50% refund, people who bought this year would expect a full refund. The

  • by Anonymous Coward

    Maybe because we still lack cheap bulk off-the-shelf Arduino-based devices that can be mounted as light switches, shutter motors, radiator thermostats, switching/dimming power sockets, and various sensors ... all with a simple standardized protocol over a simple two/one-wire long-distance bus. (A MIDI-based one looks like a good choice. DMX maybe, but I don’t know it.)
    Or let them talk to each other over the power sockets. But then they need encryption.

    In any case, NEVER buy anything with a “prop

    • by Pascoea ( 968200 )

      Maybe because we still lack cheap bulk off-the-shelf Arduino-based devices that can be mounted as light switches, shutter motors, radiator thermostats, switching/dimming power sockets, and various sensors

      Good luck getting a UL stamp on anything remotely like that. (Specifically the switches and sockets) And with no UL stamp you're not going to find anybody (in the States anyway) willing to install it in their home.

      • by hawguy ( 1600213 )

        Maybe because we still lack cheap bulk off-the-shelf Arduino-based devices that can be mounted as light switches, shutter motors, radiator thermostats, switching/dimming power sockets, and various sensors

        Good luck getting a UL stamp on anything remotely like that. (Specifically the switches and sockets) And with no UL stamp you're not going to find anybody (in the States anyway) willing to install it in their home.

        It shouldn't be too hard to have a 120VAC module with standardized inputs and a 5V output that you can plug your microcontroller of choice into. Then you only need to get the UL listing for the 120VAC switch part. Much like how having a UL listed wall wart avoids the need to get the UL listing for your entire device.

        Though I suspect that the actual market for this is so small that no company would do it.

        • Adafruit makes something like this -- https://www.adafruit.com/produ... [adafruit.com]

          It's basically a power strip with relay that's controlled by an optoisolated pair of wires. AFAIK, it's not UL approved, but it's "CPI Tested", for whatever that's worth. One outlet is always-on, one is normally-on, two are normally-off.

        • by Pascoea ( 968200 )
          I'd think it would depend on the intent of the device. If it's something like a "switched" extension cord (this kinda thing [amazon.com]) you could get away with just listing the cord. If it's designed to be permanently installed you'd likely have a harder time. Not 100% sure though, my exposure to UL was very minimal, and a long damn time ago.
  • I was just about to buy one to manage devices at home, but it appears that it is now useless. If I can't do it without "cloud", then fuck you.
    • by Pascoea ( 968200 )
      Agreed. Kind of frustrating (OK, really frustrating) that my Wink hub does absolutely nothing without an active internet connection. I can see needing to be connected if I want to control something from outside my home, but the fact that it does nothing but consume small amounts of electricity when its internet connection is gone is absurd.
      • by jerk ( 38494 )

        Check out Hubitat Elevation [hubitat.com]. I'm in the process of moving from Wink right now. My only gripe so far is needing to buy a Lutron hub for my Caseta switches that Wink had built into the hub. I also run Homebridge on a Raspberry Pi to bring all my devices into the Home app.

  • by msauve ( 701917 ) on Wednesday December 19, 2018 @06:08PM (#57833058)
    Logitech has a history of screwing their users [theverge.com]. Consider that in your future purchasing decisions.
    • by qubezz ( 520511 )
      Like my Logitech Cyberman II 3D controller - bought in 1999, no drivers for any OS after Windows 98.
  • by sjames ( 1099 ) on Wednesday December 19, 2018 @06:16PM (#57833096) Homepage Journal

    If the update was REALLY about security, they would leave local access and disable phoning home.

    • by c ( 8461 )

      To be specific, the update is about the security of Logitech's bottom line.

    • by green1 ( 322787 )

      This is the truth, but in reality the companies are so delusional that they always think their remote servers are more secure than local access.

      I have a Vera controller at home that has both local and remote access. In the interface there's a "secure mode" that disables local access, but leaves remote access. There's no option to disable remote access (except a firewall on your router). That's not my definition of secure.

  • your carefully crafted logitech system is now almost as secure as a computer encased in cement and dropped into the ocean at 2 miles out. /s

      I think I'd try to file a return, a credit card charge back or a class action suit. Or all of the above.

  • They are caught in the middle. If they don't remove those "holes", and the units get hacked, they get really bad press.

    If they do close them, influencers get annoyed.

    And they probably don't have the staff, resources or expertise to tighten them up without breaking anything.

    What would you have them do?

    • Deploy only products they can afford to develop with reasonably enough security to actually stand by them, maybe?

      There is a reason I don't produce medical equipment despite most of it being far from high-tech and the profit margins are very, very sweet.

    • by Shotgun ( 30919 )

      So should computer makers remove keyboard access to the OS? That is, after all, the biggest security hole to the computer.

      Seriously, removing access in the name of "security" is professional malpractice.

      But anyway, "IoT. The S is for security."

  • I just am not able to have any sympathy for people that keep buying these products. This is not news anymore! It is well known and only people intentionally keeping their heads buried are the only ones getting hurt now.

    But look on the bright side, this will build up enough to get congress to create a bunch of regulations that benefit big industry though. It's going to be a win-win-lose as usual. You know who the losers are going to be.

  • ... APIs.

    It's hard enough tracking telemetries and shit of the single device. When 3rd parties can do a 45 degree drill, it's goddam impossible.

  • No fan of XMPP myself due to numerous crummy design choices yet to be fair "Just use TLS" has been a part of the original XMPP protocol since initial RFC some 14 years ago. It's just as secure as anything else so removing XMPP on those grounds is absolutely BS to say the least.

    Never much understood the market for systems like Harmony. Remotes always struck me as way overpriced and underwhelming considering programmable remotes where every last button can be customized cost like $15 and batteries last year

    • The appeal of Harmony remotes isn't being able to reprogram buttons... it's being able to reprogram buttons that have dynamic labels provided by the adjacent LCD screen.

      The LCD screen is what spares you from having to remember that {some function you might use once in three years} is mapped to {non-obvious button}. It enables you to use the main, logically-arranged buttons for functions you use every day, and still have LCD-labeled buttons for the obscure, little-used functions close at hand (so you don't h

      • by msauve ( 701917 )
        "the number of companies selling computer-programmable universal remotes that have real buttons, LCD screens, and have programming software that isn't restricted to ONLY their "value added resellers" (burn in hell, UEI) is... well... zero."

        You can still find NOS Nevo/Xsight remotes [hifi-remote.com], programming is supported by RemoteMaster [sourceforge.net].
      • Also, every open remote system that I've found that can do everything the Harmony can do work on IR. IR sucks, because you shouldn't have to point a remote at a listener. If you have a halfway-nice home theater setup, you're going to have things in cabinets that block IR signals. It should work on RF or Bluetooth, with IR blasters connected to those devices that need it and/or are hidden.

      • The LCD screen is what spares you from having to remember that {some function you might use once in three years} is mapped to {non-obvious button}. It enables you to use the main, logically-arranged buttons for functions you use every day, and still have LCD-labeled buttons for the obscure, little-used functions close at hand (so you don't have to go digging out the original remote, find working batteries, etc) every few months.

        I still don't understand the value proposition for "once in three years" outliers you claim exist. In that case why wouldn't you just use local on device controls to adjust configuration? Labels or magic marker are free. Keeping non-replaceable rechargeable batteries charged vs throwing some lithium's in a normal remote and being set for years don't strike me as a better experience.

        It does take a few minutes up-front to program buttons vs picking what you got from a database and having a map created for

        • > In that case why wouldn't you just use local on device controls to adjust configuration?

          Because lots of newer devices barely HAVE local on-device controls anymore. You're lucky to have real buttons for 'toggle power', 'cycle through inputs', 'volume up', 'volume down', 'menu', 'channel up/next', 'channel down/prev'. When you run into some really weird edge case, like 'old DVD that was authored with incorrect flags, so the aspect ratio and/or letterboxing is all fsck'ed up', you have to manually adjust

  • by Anonymous Coward

    ... the "S" in IoT stands for "security".

  • by Mysticalfruit ( 533341 ) on Wednesday December 19, 2018 @07:50PM (#57833506) Homepage Journal
    We've carefully considered your needs as a customer and after consulting with our lawyers, our response is "FUCK OFF WANKERS."

    I get it's a security issue, but

    1. Let the users know you're going to be disabling the interface.
    2. Have it be disabled by default and force the user to go through a bunch of loopholes to turn it back on.

    The fact they pulled the rug out from under the users feet is hella shitty.

    Just imagine you've got a vacation house in another state and you're using this solution to control thermostats and lights, etc.
  • One firmware update, and bam! your automated house is now a dark soul-less doorstop. The problem is no one will learn from this lesson.
  • This is what Logitech does
    They already bricked their old Harmony Link Hub
    https://www.theverge.com/circu... [theverge.com]

    If you don't want Logitech to fuck you over, don't buy Logitech products.

  • Like they are the first company that gives a rat's ass about the security of their IoT and home automation devices. At least tell a believable story that's not such a blatant and obvious lie.

  • If a fraction of the community had tried out the new firmware before release, would this have happened?

  • wonder if the real reason for the so called security fix, is logitech is not getting a royalty for the third party connections.

  • This is more than just Logitech, and much older than IOT:

    "Give me all of your money, and I will take care of you forever!"

    Which is an add for "selling yourself into slavery"... 8-{

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...