Excluding - Why?

[Teken]

With the fast approaching release of 5.XX Beta firmware for the ISY Series Controller. I have tried to stay on top of the common issues people have been running into with Z-Wave. A very common theme & solution that is offered is to exclude a device??

 

Since I don't have a Z-Wave enabled ISY maybe some of this would make more sense if I could see what the UI displays or does.

 

But, the problem I am having a hard time understanding is when dozens of people are simply trying to *Add* a new device.

 

How can one Exclude a device that hasn't been even enrolled, listed, added to the ISY? Unless this is entirely something else that the ISY does when it see's a new Z-Wave device but for what ever reason can't add it in, but still *Includes* it somewhere else?

 

Insight and pictures would be great.

[dbuss]

My understanding is a Z- Wave device can be enrolled in one controller at a time. If the device was enrolled in an ISY, and something caused the device and controlled lose communication with the Isy, the device needs to be excluded from the Isy before it can be enrolled again. The Isy can see Z-Wave devices in range even if they are not enrolled.

[Mike Ippolito]

Excluding a device sets the home id and device id to zero. While typically a new device would have these values set to zero, it is not uncommon that these devices may have been left in a state other than zero.

 

This of course would also be the issue if the device was previously installed in another network or the device failed to properly add itself in a previous pairing. The process of excluding before including ensures that the device is ready to add to the network. 

[416to305]

Yeah it's not something with the ISY, you have to do this with Vera as well.  Interestingly though when you read the manual for most Z-Wave devices (at least all I own, switches, outlets and motion sensors), they all just talk about setting it up and adding it, never excluding it first.  It's honestly not a big deal at all to do and to reset the device.  It's literally like having a PLM with 2 set buttons, one to exclude one to include.  Press and hold the one, it chirps, press the other device it chirps and they are excluded.  Now repeat with the include button.  Takes 10 seconds in total.

 

From the Vera when you exclude a device, even if it has never been included on the network, it still will show "Excluding device #34 from the network table."

[Teken]

Great information one and all. This will get me ready for Z-Wave in the future.

 

 

Encrypted By: Phoenix Security Solutions

[416to305]

I think overall, adding and removing devices on the Vera with Z-Wave is a bit easier than Insteon, but that's not saying too much as I don't really find Insteon is hard either.  It's also 2 different ways so more personal preference, but both aren't difficult at all.  With the Vera you just unplug it from the wall, press the battery button to have it boot off the battery, walk up to your switch or outlet, press the - on the Vera to have it flash one pattern, then on the switch or Z-Wave device you just press the set button, or like my switches just on a few times, the Vera flashes and it's excluded.  Press the + on it and repeat, and it is included.  Plug the Vera back in and the device plus any sub devices are all added.  So pretty similar to the ISY, except you never have to manually type in devices like motion sensors or door sensors, it detects them all.  Also new devices typically don't even need to be set up with the Vera.  Like if I add another switch to my house right now, it will be in the Vera without me having to do anything.  Was a bit disappointed when I first got it because I thought I'd get to see what it's like to exclude and include a device, only to have all my devices already be there in the Vera.

[Teken]

Are you saying the Vera can see, detect, and then enroll a new device without pressing any buttons?

 

 

Encrypted By: Phoenix Security Solutions

[416to305]

For some yeah it seems, like motion sensor I had to add manually but when I bought the Vera, I ordered it from Amazon and then through Tiger Direct bought 4 wall switches and 2 dimmer modules, installed them as they came before the Vera.  Vera arrived, plugged it in, turned it on, and all 6 devices were already on it.

[oberkc]

"Vera arrived, plugged it in, turned it on, and all 6 devices were already on it."

 

Wow???!!! That doesn't sound right (or good, at least). This suggests that anyone with a controller can come along outside the house and start messing with my house lighting?

[larryllix]

"Vera arrived, plugged it in, turned it on, and all 6 devices were already on it."

 

Wow???!!! That doesn't sound right (or good, at least). This suggests that anyone with a controller can come along outside the house and start messing with my house lighting?

There was some discussion of this here.

http://forum.universal-devices.com/topic/13962-zwave-confusion-options/

 

Something doesn't sound right here with Z-Wave making locks.

[oberkc]

There was some discussion of this here.

http://forum.universal-devices.com/topic/13962-zwave-confusion-options/

 

Something doesn't sound right here with Z-Wave making locks.

After further thought, I guess this is not much different than insteon.  Someone with an insteon controller could, theoretically, start creating links and controlling devices.

 

WRT locks, I recall that my Z-wave lock had codes one had to input in order to add it to the network.  These codes should make it pretty difficult for most to casually add the lock to some ad-hoc z-wave network.

[larryllix]

After further thought, I guess this is not much different than insteon.  Someone with an insteon controller could, theoretically, start creating links and controlling devices.

 

WRT locks, I recall that my Z-wave lock had codes one had to input in order to add it to the network.  These codes should make it pretty difficult for most to casually add the lock to some ad-hoc z-wave network.

True for many Insteon devices (no security). Battery operated devices require the linking button to be pushed but I am still not sure that would stop hacking / linking  into them. No names would be known for the devices but a lot of ruckus could be done in somebody's house.

 

Would be a lot of fun building an all lights on scene and operating as you drive past on the street a few times.

     "Did you buy that new PLM?   You're on TV's Practical Jokes!"

[Teken]

A casual scan of a Insteon network is not possible as most of you are aware.

 

For battery devices it must be physically placed into linking mode. Given the shear fact 100% of the people who install them complain the RF is not strong enough to have solid COM's.

 

What are the odds a drive by hacker could do better?

 

The only device that can be programmed (not linked) is the Insteon MS.

 

All other devices require either the 6 digit Insteon code or be manually placed into linking mode.

 

So I don't see how someone on the outside could use a controller even a ISY to scan a home without the two pieces of information to start with.

 

Never mind having the ability to access someone's network, over ride the fact a PLM is still required for this fictitious drive by scan all the while supplying a pure sine wave output to said PLM in a vehicle etc.

 

Now, whether the Z-wave acts similar to WiFi where you can see broadcast devices in your immediate location. This would explain the part of 'seeing' a device but it's not enrolled yet into the controller.

 

That would be incredible given the fact a battery device would be asleep until it was activated.

 

Never mind just bringing it into a room like a Vera and it being picked up, included, and enrolled without any interaction from the end user.

 

 

 

 

Encrypted By: Phoenix Security Solutions

[larryllix]

I wrote software using an X10 modem to monitor traffic and I believe Insteon would be no different, given a PLM, a computer with a serial port, my brains, or your good looks as a tech repair guy.

 

Just watching Insteon traffic passing would yield all the Insteon addresses to tap into.

[MWareman]

I wonder what a dual-band plm on an inverter - driving around the neighborhood would yield.... I might try that - against my own network of course.

[Teken]

I wonder what a dual-band plm on an inverter - driving around the neighborhood would yield.... I might try that - against my own network of course.

I believe the first question comes down to can the PLM be placed in a monitor mode via RF?

 

Never mind ensuring a clean stable pure sine wave power from a 12 volt vehicle. I have several pure sine wave investors at home and would be more than happy to try this out too.

 

Keeping in mind the only method to use a ISY without a PLM is using a the Zigbee firmware but that does not negate the fact you also need a network connection for the ISY to come up without crying.

 

So let's assume we have one of those MiFi sticks for Internet. We have a pure sine wave to power all our gear including PLM. Now we have only the limited RF COM's from the PLM.

 

The next step is to use some sort of software that allows us to place the PLM in monitor mode because the device and ISY have no Insteon devices to reference or see.

 

We sit patiently for some RF Insteon traffic using something like ELA's ELAM (hope he doesn't become a criminal in the interim)

 

And wait . . .

 

 

Encrypted By: Phoenix Security Solutions

[Xathros]

I believe that the PLM does not have a monitor or promiscuous mode natively.  I think that is part of what ELA hacked into his ELAM.  This is likely the main reason we have no decent Insteon diagnostic tools to work with.

 

To run an ISY without a PLM, you would need the ZigBee version of the ISY firmware.  Currently, the ZWave version still requires the PLM as far as I know.

 

In Addition to a MiFi, you would also need a wirless to wired bridge to provide the wired ethernet connection for the ISY.  At least you shouldn't need to put that on a filterlinc since you don't actually need the powerline comms for this.

 

-Xathros

[Teken]

I believe that the PLM does not have a monitor or promiscuous mode natively. I think that is part of what ELA hacked into his ELAM. This is likely the main reason we have no decent Insteon diagnostic tools to work with.

 

To run an ISY without a PLM, you would need the ZigBee version of the ISY firmware. Currently, the ZWave version still requires the PLM as far as I know.

 

In Addition to a MiFi, you would also need a wirless to wired bridge to provide the wired ethernet connection for the ISY. At least you shouldn't need to put that on a filterlinc since you don't actually need the powerline comms for this.

 

-Xathros

I believe the Z-wave / Zigbee provide the same benefit of not needing the PLM as its been indicated a few times as working fine in this manner.

 

The power aspect would still be important because powering the PLM (assuming) you still need one which you do for Insteon and not for Z-Wave.

 

Using a modified inverter opposed to a pure sine wave inverter would impact the power line aspect of the PLM, which impacts the RF which is being powered by said device.

 

The reality is the Insteon RF range is so limited a person would have to be on the drive way (assuming) the signal was still clean and available to be received sniffing the information watching a level 3 event to something that is not enrolled / linked.

 

But I am game if someone has details to do so. As I have all the parts except how to place a unmodified PLM into monitor mode even if it uses software which I have seen for other USB PLM's.

 

 

Encrypted By: Phoenix Security Solutions

[Xathros]

Teken-

 

I just tested on my testbed 994 with W/ZWave.  It still comes up in safe mode with no PLM attached.  I haven't seen any mention of the ZW version not requiring a PLM but I may have missed it. That said, I believe you can install the Zigbee version of the firmware on a 994 with ZWave. It won't actually do Zigbee since you have the ZWave radio installed in place of Zigbee.  This will allow you to run ZWave with no Insteon PLM attached.

 

-Xathros

[Teken]

Teken-

 

I just tested on my testbed 994 with W/ZWave. It still comes up in safe mode with no PLM attached. I haven't seen any mention of the ZW version not requiring a PLM but I may have missed it. That said, I believe you can install the Zigbee version of the firmware on a 994 with ZWave. It won't actually do Zigbee since you have the ZWave radio installed in place of Zigbee. This will allow you to run ZWave with no Insteon PLM attached.

 

-Xathros

Xathros,

 

You're absolutely correct! I misread the release notes in 4.2.18 where it said no PLM required as I was fixated on the (Z).

 

Thanks for straightening me out on that point.

 

 

Encrypted By: Phoenix Security Solutions

[Xathros]

 

No Problem.

 

-Xathros

[lilyoyo1]

I believe any system can be hacked if given the right circumstances. Insteon- with all the information needed to link it/control it is very safe in my opinion. As Teken stated you need the codes to force a device into linking mode. While a device is being transmitted, with the proper hardware designed for that specific purpose yes it would be theoretically possible. However due to the range of insteon, someone would probably see a person standing in their driveway with a  laptop scanning for the devices. Someone would really have to mess with your lights at that point. Its not like x10 where you can sit in your house with a remote and say a5 on and the signals would cross. 

[builderb]

What about apartment buildings in dense urban environments where there is close proximity for RF snooping, and all the units feed into the same main panel at some point? How far away, electrically speaking, could someone who had access to aggregated sub feeds sniff the powerline network?

 

Separately, if someone does have access to a device on your network (say an outdoor relay module, or motion sensor) that has its device code on it, is that a potential security threat to your entire network? Or does it just mean that device can be taken over?

 

I don't know enough about this stuff.

 

 

Sent from my iPad using Tapatalk

[PurdueGuy]

What about apartment buildings in dense urban environments where there is close proximity for RF snooping, and all the units feed into the same main panel at some point? How far away, electrically speaking, could someone who had access to aggregated sub feeds sniff the powerline network?

 

Separately, if someone does have access to a device on your network (say an outdoor relay module, or motion sensor) that has its device code on it, is that a potential security threat to your entire network? Or does it just mean that device can be taken over?

 

I don't know enough about this stuff.

 

 

Sent from my iPad using Tapatalk

If someone has the ID of one device like an outdoor module, they could turn it on and off, query it for its All-Link Database (ALDB), and also edit the ALDB.   In a typical system, that would give them the ID of at least the PLM, as well as any other devices that are linked to the module.   Any other devices (not the PLM) could then be turned on/off, have their ALDB examined and updated, and repeat that through the network ..   I do not know if a PLM would respond to requests over the Insteon network for its ALDB.  I suspect not, but can't say for sure.