SmartLYnk/HomeLYnk VPN Backdoor?

DK-Michael · ‎2016-06-16

Hi

I just found that the HomeLYnk and the SmartLYnk creates an OpenVPN connection to crp-eur101.cloudapp.net. Why would it do that? It's a potential backdoor into any system where it has internet access What is it used for and why is it not an option to turn it off?

Best regards, Michael

________________________________
Michael Johansen
Solution Architect
M +4528991535
E michael.johansen@se.com
LinkedIn https://www.linkedin.com/in/mich4el/

Alex_Bousselin · ‎2016-06-20

Hello Michael,

this OpenVPN connection is a connection to SE Cloud. It is totally secured.

Thank to this OpenVPN connection, the End-User can create an account using the "homeLYnk Remote" app available on Apple Store and Android Store, in order to have the remote access to his homeLYnk.

Some details:

--> the remote access is only possible with homeLYNk

--> the App will be available in first 7 countries in June/July : NL, Belgium, Italy, Germany, Austria, Spain, Turkey. Then it will be deployed in other countries.

--> in the next firmware of homeLYnk and spaceLYnk (Available in July) it will be possible to desactivate this option (by defaut it will be active for homeLYnk and unactive for spaceLYnk)

See Answer In Context

Alex_Bousselin · ‎2016-06-20

Hello Michael,

this OpenVPN connection is a connection to SE Cloud. It is totally secured.

Thank to this OpenVPN connection, the End-User can create an account using the "homeLYnk Remote" app available on Apple Store and Android Store, in order to have the remote access to his homeLYnk.

Some details:

--> the remote access is only possible with homeLYNk

--> the App will be available in first 7 countries in June/July : NL, Belgium, Italy, Germany, Austria, Spain, Turkey. Then it will be deployed in other countries.

--> in the next firmware of homeLYnk and spaceLYnk (Available in July) it will be possible to desactivate this option (by defaut it will be active for homeLYnk and unactive for spaceLYnk)

DK-Michael · ‎2016-06-20

Hi Alexandre

Thank you for the response. It sounds like a great feature for some users.

My concern was that we are talking so much about cyber security and then we are creating a hole in the customers firewall without telling them. Yes, an OpenVPN is a secure tunnel, but everyone who have access to the other end of the tunnel, will have full access to the local network where the SL/HL is installed.

So thanks. I'm glad to hear that it will be optional in the new firmware 😉

Best regards, Michael

________________________________
Michael Johansen
Solution Architect
M +4528991535
E michael.johansen@se.com
LinkedIn https://www.linkedin.com/in/mich4el/

MaximeLaudren · ‎2016-06-23

Hello Micheal,

I'm working with Alexendre, but on the technial side. I just want to give details about openvpn and how it working for us.

OpenVPN is a free software and protocol to allow the creation of virtual network (VPN) between 2 or more devices.

Depending on the configuration, it can be open or highly secured by multiple mechanism.

If you are inside the VPN, you may have access to all other devices that are connected BUT, (and that it important for me )

even if you have access to the device (homeLYnk in our case), it need to be specificaly configure to act as a router to allow someone on the VPN to access the physical network the device is on.

In our case, each homeLYnk is isolated from others, which mean, no one can connect to it.

You have 2 way to have informations and see what is connected, going on on the vpn: from the homeLYnk (but it's not available from scratch, you have to hack/tune the product and activate features that are disable by default) or from the servers.

Hope this gave you again a better view of the solution.

Regards, Maxime

DK-Michael · ‎2016-06-24

Hi Maxime

Thank you for the more detailed explanation. I'm using OpenVPN my self so that's what triggered my concern since I'm well aware what you can do if you have an OpenVPN tunnel to a system (especially a small Linux server which the HL/SL are).

I'm certain that it will be a great feature to enable customers to use their installation from remote if they do not have the technical knowledge to do it them selves. I just think it is quite offensive to enable the connection by default with a firmware upgrade without giving the user a notification or the option to turn it off..

The questions has also been raised here from a customer:

http://forum.logicmachine.net/showthread.php?tid=311&highlight=openvpn

Best regards, Michael

________________________________
Michael Johansen
Solution Architect
M +4528991535
E michael.johansen@se.com
LinkedIn https://www.linkedin.com/in/mich4el/