2017-11-09

IKEA Increases security

In the latest firmware update of their gateway, IKEA has increased security by introducing DTLS Identities which means that each client (such as OpenNetHome) has to use its own client identity and has to request its own pre shared security key from the gateway.

Unfortunately this change is not backwards compatible, so as soon as you do a firmware upgrade of your gateway, the old IkeaGateway-Item in OpenNetHome stops working.

I have now implemented the needed changes in the IkeaGateway-Item, and it is available in the nightly build. When you upgrade, the IkeaGateway-Item will automatically request the client security key from the gateway. According to IKEA's recommendations the IkeaGateway-Item no longer stores the original security code once the client code is generated.

The new ClientName attribute does not normally have to be changed from the default value when you create a new IkeaGateway-Item, but if you have multiple Items connecting to the same gateway, each Item must have a different ClientName.

I think it is good that IKEA takes IoT-security seriously and works actively to increase it in their solutions.