Software update: Home Assistant 0.73.2

Jul

19

2018

Home Assistant is an open source platform for home automation that runs under Python 3. It runs via Hassbian on a Raspberry Pi 3 or a Linux, macOS or Windows computer. It supports the detection of devices such as Nest thermostats, Philips Hue, Belkin WeMo switches, Mr. Coffee coffee makers and the mqtt protocol. In addition, it can control these devices where possible and apply automation. For more information we refer to this page and our Forum . The developers have released version 0.73.2 and the release notes for that release can be found below.

0.73.2 – Security Incident

Today we are releasing 0.73.2 to fix a security incident. We’ve discovered that 9 months ago, with the release of Home Assistant 0.56, we misconfigured the SSL context that aiohttp used (PR). By trying to do the right thing (using an up-to-date cert rather than relying on the system certs), we ended up doing the complete opposite: SSL verification was disabled for outgoing requests that were done using the shared aiohttp session. This is our fault, and not aiohttp’s faults. The impact of this is that there are certain integrations in Home Assistant that are susceptible to man in the middle attacks.

A man in the middle attack is when an attacker is able to inject himself between the server and you communicate with you. The odds of this happening at home are very weird, yet we wanted to be transparent about this incident.

After research, the following integrations have been impacted. Although the odds are extremely small, we still suggest that you use any of these integrations, to create new API keys or change your password.
alarm_control_panel.alarmdotcom
climate.sensibo
cloud (only short lived tokens impacted)
device_tracker.automatic
duckdns
freedns
google_assistant (manual setup)
google_domains
homematicip_cloud
image_processing.openalpr_cloud
microsoft_face
namecheapdns
no_ip
notify.flock
notify.prowl
rest_command
scene.lifx_cloud
switch.hook
switch.rest
telegram_bot.polling
tts.voicerss
Also impacted, but integrations are read only:
sensor.airvisual
sensor.ebox
sensor.fido
sensor.foobot
sensor.hydroquebec
sensor.startca
sensor.teksavvy
sensor.thethingsnetwork
sensor.tibber
sensor.waqi
If you are running Home Assistant on a system with Python 3.4, we’ve created a new release 0.64.4b0 with the patch applied. We have made it available as a beta. To install the pre-release run python3 -m pip install home assistant == 0.64.4b0.

For complete transparency, the following two sets of integrations and also used to send or retrieve data. However, they either did not transmit authentication or only communicated with local devices and services.

Affected, but not transmitting authentication:
sensor.stage radar
sensor.citybikes
sensor.comed_hourly_pricing
sensor.luftdaten
sensor.pollen
sensor.sochain
sensor.swiss_public_transport
sensor.viaggiatreno
sensor.wunderground
sensor.yr
weather.ipma
tts.google
tts.yandextts
updater
Local, so can not be impacted:
android_ip_webcam
apple_tv
camera.amcrest
camera.doorbird
camera.familyhub
camera.generic
camera.mjpeg
camera.proxy
camera.synology
deconz
device_tracker.upc_connect
hassio
hue
media_player.bluesound
media_player.epson
media_player.kodi
media_player.squeezebox
media_player.volumio
notify.kodi
qwikswitch
rain machine
scene.hunterdouglas_powerview
sensor.netdata
sensor.pi_hole
sensor.sma
sensor.worxlandroid
spc
tts.marytts
Version number 0.73.2
Release status Final
Operating systems Windows 7, Android, Linux, macOS, iOS, Windows 8, Windows 10
Website
Home Assistant
Download
https://home-assistant.io/getting-started/
License type GPL

Viewing:-66

In: A Technology & Gadgets Asked By: [21534 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »


Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]