Thinking about getting a smart smoke detector but are there security risks?

[2DPrinter]

X-sense is the brand im looking at (https://www.x-sense.com/products/xs03-wx-wi-fi-smoke-detector) 

But since it connects to my wifi is there any potential security risks? I could go with a google nest which could be more reputable but that is 3x the price so i want this one if it is secure. 

[Eigenvektor]

Anything connected to the internet is a potential target for hacking. No one will be able to tell you if it's actually secure, at best someone could point out that it's insecure if there are known reports of issues. I suppose someone could trigger an alarm in your name when there's nothing actually going on?

[jaseg]

As long as the thing doesn't have any microphones or cameras the worst that could happen is that it might try to attack other devices on the same network. If your router supports it there is a good countermeasure for that: Just create two separate wifis, one for IoT crap and another one for actually important stuff like computers or phones. Both can still reach the internet, but the IoT stuff can't get to the important stuff.

 

FWIW, I would get a smart smoke detector if I had to buy one now just for one reason: the low battery alarm. The issue with non-smart smoke detectors is that it is easy to miss the low battery warning, because that usually is just a very short, high-pitched blip that happens every couple hours. However, if the battery gets too low, they will often actually sound the alarm. If you happen to be not home when that happens, it's impossible for someone else to tell if there's a fire or a smoke detector running out of battery. A neighbor of mine had their door kicked in by the fire department once for that exact reason.

[Imbadatnames]

Why does a smoke detector need to be smart?

[2DPrinter]

6 hours ago, Imbadatnames said:

Why does a smoke detector need to be smart?

to alert your phone if you aren't in the room where the fire is. 

[Imbadatnames]

7 hours ago, 2DPrinter said:

to alert your phone if you aren't in the room where the fire is. 

That’s what the really loud beeping is for

[Akima]

Whatever you do, do NOT expose the UI to the outside world.....

 

I do red teaming and pen testing for a living. You would not believe the amount of publically reachable OpenHAB installations that are exposed to the internet. And worse yet, with zero log in or authentication needed.

 

You can literally load the UI, and mess around with someones lights or whatever else they have sync'd up to it.

 

Just checking Shodan now - there's at least 50 known exposed OpenHAB installs within a 60km radius of my office.