Skynet Use Skynet to continue using infected device but block outbound traffic?

[F-4Phantom]

I have a thermostat that is one of the notorious ones for getting hacked. The OEM completely stopped all support for it. It's a $700 thermostat, and I like it better than any other one on the market.

Unfortunately it constantly gets infected with malware and turned into part of a botnet. I've been able to temporarily overcome that in the past by flashing new firmware updates. But there are no further updates, and there is zero access to the low-level OS (Android). There is no option for factory reset. And even if there was, the OEM has it locked such that I'd have to call an HVAC company to come out and re-program it for my specific air handler and outdoor units.

I noticed it was sending 30+MB of traffic per day, so I've banned it from the router.

I'm wondering if I can use Skynet to specifically lock it down and blacklist all inbound and outbound traffic to that specific client, and then whitelist only the few IP's or domains that may be needed to restore normal connectivity. I can assign it a static IP if needed.

Is this feasible using Skynet and its logging? That seems like a better option that having to go through all the trouble to get Wireshark up and working and try tracing all the packets.

 

[Morris]

I have a thermostat that is one of the notorious ones for getting hacked. The OEM completely stopped all support for it. It's a $700 thermostat, and I like it better than any other one on the market.

Unfortunately it constantly gets infected with malware and turned into part of a botnet. I've been able to temporarily overcome that in the past by flashing new firmware updates. But there are no further updates, and there is zero access to the low-level OS (Android). There is no option for factory reset. And even if there was, the OEM has it locked such that I'd have to call an HVAC company to come out and re-program it for my specific air handler and outdoor units.

I noticed it was sending 30+MB of traffic per day, so I've banned it from the router.

I'm wondering if I can use Skynet to specifically lock it down and blacklist all inbound and outbound traffic to that specific client, and then whitelist only the few IP's or domains that may be needed to restore normal connectivity. I can assign it a static IP if needed.

Is this feasible using Skynet and its logging? That seems like a better option that having to go through all the trouble to get Wireshark up and working and try tracing all the packets.

Best would be to get on the device and route default to loopback
Then route specific IPs you want open to the gateway

Next I'd recommend traditional firewall rules

Happy Holidays,

Get a new stat!

Morris

 

[L&LD]

An IoT device that is notorious for getting hacked? Isn't that all of them?

Those devices are not allowed on my network.

Merry Christmas and Happy New Year to new and old members alike!

 

[Treadler]

An IoT device that is notorious for getting hacked? Isn't that all of them?

Those devices are not allowed on my network.

Merry Christmas and Happy New Year to new and old members alike!

Yes!



& back at ya.......

 

[F-4Phantom]

Sadly a new t-stat isn't an easy choice. My HVAC has variable speed everything, so that somewhat limits my choices. A Nest is not an option.

I do at least have all my IoT devices segregated on a guest wifi with no access to the rest of the network. I really liked the option in YazFi that allowed me to isolate all IoT devices from each other.

 

[F-4Phantom]

Best would be to get on the device and route default to loopback
Then route specific IPs you want open to the gateway

Next I'd recommend traditional firewall rules

Happy Holidays,

Get a new stat!

Morris

Could you please explain that in a bit more detail?

Are you suggesting that I route all the device traffic to the router's internal loopback? I have no access to the internals of the device itself.