I have a 3-dumb router setup I just realized that there is a significant problem

[G+_Tom Frillman]

I have a 3-dumb router setup. I just realized that there is a significant problem.

There are just two sub nets, Trusted and IOT-Untrusted. The problem is that it seems my cell phone is a contamination factor.

 

All of the apps that control my IOT devices have to be on the phone and I can see no reason to trust the app any more than the device. On the other hand, I also have and use the phone for applications like Mail, Messaging, banking etc. that I don't want to share with the IOT network.

 

What am I missing? Is there a way to solve this issue other than carry two phones?

[G+_Jared Messervy]

A cheap fire tablet will work to control your IOT devices. Phone on trusted network and tablet on untrusted.

[G+_Paul Hutchinson]

The 3 dumb router setup is only useful for IoT isolation if your IoT devices link to an external web service. Then your devices on the trusted network go out to the web service which communicates back to your IoT devices on the un-trusted network. As long as the web service is secure then you are secure.

 

If your IoT devices, like my ancient Wink hub & GE lamps, don't work with any web service then you either have to have them on the trusted network or put a cheap old phone or tablet on the un-trusted network.

[G+_Tom Frillman]

+Jared Messervy, Paul Hutchinson

Thanks for your replies. You both confirm that I now have to always have two devices with me. Oh well...??

[G+_Steven Hurt]

Would this be a viable solution? https://sites.google.com/site/mppsuite/Home

[G+_Steven Hurt]

Or this

[G+_Paul Hutchinson]

Steven Hurt The MPP App Suite brings the cloud server inside your network so it doesn't help in the dumb router scenario, you need to be on the un-trusted network to communicate with the IoT devices.

 

The YouTube video is about running your own custom cloud IoT service for a low price, so other than being more work and less cost it's like the commercial IoT cloud services.

[G+_Robert Hafer]

If you’re going to do more work, you might as well switch to something like OpenHAB and keep everything inside your home network

[G+_Rud Dog]

Thought I heard the answer to this was VLAN but that comes from memory so grain of salt.

[G+_Paul Hutchinson]

The whole point of the 3 dumb router solution is to prevent any IoT device on the un-trusted network from directly communicating with any device on the trusted network. By design there is no way around it, if there was a way around it then there would be no point in doing it in the first place.

 

Robert Hafer If you put OpenHAB inside your home network then it has to be on the un-trusted network so that it can communicate with the IoT devices. So you won't be able to connect to OpenHAB from devices on the trusted network. You need to use a cloud version of OpenHAB to get the secure bridging out in the cloud from the trusted network segment to un-trusted segment.

 

Rud Dog A VLAN is a slightly less capable and slightly less secure version of the 3 dumb router setup. By design it will not allow the un-trusted and trusted networks to communicate directly.

[G+_Rud Dog]

Paul Hutchinson Thank you learning everyday and your input is always appreciated.