SmartThings account. This makes the SmartThings approach more secure, because it doesn’t
allow a workstation or other device on the network that has been infected with malware to
directly manipulate SmartThings devices.
As mentioned earlier, in addition to its own devices, the SmartThings system now sup-
ports interoperability with third-party IoT devices. With SmartThings Labs, the SmartThings
app and Hub can be used to control the Philips hue lighting system, the WeMo Switch, and
other devices. Having given credit to SmartThings for securely routing information through
graph.api.smartthings.com and not trusting the local network implicitly, we will analyze
whether this secure design principle holds up by looking at how SmartThings interoperates
with the Philips and Belkin products.
SmartThings and hue Lighting
Using the SmartThings app, it is possible to search for and connect to the Philips hue bridge
(described in Chapter 1). In order to do this, touch the + button at the bottom of the Dash-
board section of the SmartThings app. Next, select Light Bulbs → Philips hue Light Bulb.
Once you do this, your screen should look like Figure 4-15.
The SmartThings Hub starts to look for a hue bridge on the local network by issuing the
following SSDP query:
M-SEARCH * HTTP/1.1
MX: 1
MAN: "ssdp:discover"
HOST:239.255.255.250:1900
ST: urn:schemas-upnp-org:device:basic:1The hue bridge responds to this query and identifies itself:HTTP/1.1 200 OK
CACHE-CONTROL: max-age=100
EXT:
LOCATION: http://10.0.1.2:80/description.xml
SERVER: FreeRTOS/6.0.5, UPnP/1.0, IpBridge/0.1
ST: upnp:rootdeviceThe SmartThings Hub now fetches /description.xml from the hue bridge by issuing the
following GET request:
GET /description.xml HTTP/1.1
Accept: */*
User-Agent: Linux UPnP/1.0 SmartThings
HOST: 192.168.2.2:80INTEROPERABILITY WITH INSECURITY LEADS TO...INSECURITY 107