Jump to content

When isolating IoT devices, it removes the ability to cast to them since they're technically on a different network. Is there any way to safely use?

I've been trying to improve cybersecurity at home, and one of the last things I need to take care of are my IoT devices. We have a Nest thermostat, Nest smoke detectors (mostly useless), and a few Google Home devices. At this point, they're entirely useless for talking to and asking questions other than what the weather is going to be, so the main thing we use them for is a home theater system, basically. I can cast audio from Spotify to all of them at once and adjust the volume individually.

 

However, on my router (and the router we had before this one), there is an option for "Device Isolation" for IoT devices. When I move the Nest/Home devices over to that list though, it breaks the ability to cast to them, effectively turning them into expensive spy device bricks for Google to utilize, and not for me to utilize. I don't want my primary network that has our PCs, laptops, and phones to be compromised however. Is there any way to isolate them without completely breaking them? Or should I just go back to a dumb thermostat and try to find some sort of bluetooth based home speaker system?

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, Elarion said:

try to find some sort of bluetooth based home speaker system?

If you're that disillusioned with Google, I'd say that Sonos is the perfect place to get a wifi speaker system

7 minutes ago, Elarion said:

on my router

which routers have you tried? You're going to have to customize the VLAN firewall to pass through traffic from anything that may cast to them. Alternatively you can set up Home Assistant on an old PC and just pass through that as detailed in this reddit post 

 

5950X/4090FE primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, OddOod said:

If you're that disillusioned with Google, I'd say that Sonos is the perfect place to get a wifi speaker system

which routers have you tried? You're going to have to customize the VLAN firewall to pass through traffic from anything that may cast to them. Alternatively you can set up Home Assistant on an old PC and just pass through that as detailed in this reddit post 

 

I've tried it on a TP Link router and an Asus Router. I might pick up one of those Unifi standalone routers in the future though, hopefully that would give me some more power over the settings.

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Elarion said:

I've tried it on a TP Link router and an Asus Router. I might pick up one of those Unifi standalone routers in the future though, hopefully that would give me some more power over the settings.

Have a look at openwrt it might be a option to you.

I'm jank tinkerer if it works then it works.

Regardless of compatibility 🐧🖖

Link to comment
Share on other sites

Link to post
Share on other sites

[ Moved to Networking ]

I sold my soul for ProSupport.

Link to comment
Share on other sites

Link to post
Share on other sites

Device Isolation is device isolation no matter how you slice it. Either you isolate the device completely or you find another method that lets devices interact with those IoT devices. Honestly unless you have random junk IoT devices that have never known a security update and have UPnP enabled on your router there isn't much that's going to happen to compromise your IoT devices to begin with. Unless you feel like Google's services and servers are going to be compromised and that's somehow going to be used to attack your network (it's not)...

Most of the times when IoT devices are compromised it's because the service itself on the company side was left poorly configured and then those devices are generally roped into a botnet to do DDoS amplification attacks against others, not to infect local machines, that's far too difficult for 99.99% of attackers unless you're being targeted by state sponsored actors but you'd know if you were high profile enough for that.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×