STOP Port Forwarding
TELETASK home automation systems provide comfort and security to the user, but can also carry risks. A professional configuration is required to avoid these risks. One of these risks is generated by the use of “Port Forwarding”, which can allow an unwanted external party to have access to the TELETASK system.
It has been detected that a limited number of TDS installations are publicly accessible on the internet. Customers have rightly pointed this out to us, as the risks associated with this are great. Not only do these risks stand in the way of our and your company's reputation, but even a press article or blog can be enough to cause a negative perception around home automation.
Given that these installations, as far as we can tell, have probably been made public through port forwarding, we as a manufacturer have no control over this. We cannot detect port forwarding from the TDS central station and even if we wanted to, we could not block it immediately.
In the past, we have received requests not to block this possibility since it can be an interesting method for providing remote support. TELETASK would like to reiterate that this should absolutely not be done. There are safe alternatives such as the highly secure TELETASK REMOTE SERVICES connection.
The use of port forwarding carries a significant risk with it. Examples are available below to illustrate this. Our engineers, as well as others with basic knowledge of the internet and PROSOFT, may be able to gain unauthorized access to such installations. We will obviously not do this, but we do have the expressed desire to encourage you to alert your customers/owners of the premises of such installations so that they can immediately disconnect these installations from the internet and secure themselves. Therefore we ask TELETASK distributors to do the same immediately.
We would also like to expressly ask you to inform your team and your professional customers regularly in your TELETASK trainings and ICT-related conversations that port forwarding is not allowed.
- With port forwarding, anyone with an internet connection and minimal PROSOFT knowledge can control and even redefine almost anything in the connected home or building.
- If a hacker can remotely control a door, port or gate, it can have life-threatening consequences for the people (e.g. children and pets) who could leave the house unintentionally.
- Another important risk arises if a hacker were to open/close an automated pool curtain. People in or around the pool would be at risk of undesired events.
- A hacker can not only control system outputs but also retrieve information and possibly view cameras and thus violate the user's privacy.
- A hacker can read and modify the nbt file of the house. In this way he can also create 'users' and provide himself with an ATMOS app so that he can then control and monitor the entire house/building from his mobile phone or PC.
- A hacker can block legitimate users so that they cannot control or control the wrong functions.
There are plenty of reasons to consider port forwarding as "NOT DONE" without any exception.
In order to securely connect with PROSOFT, everyone can always purchase a REMOTE SERVICES (ref. TSF16100) subscription on-line immediately for a small annual subscription cost on teletask.be/ttecomm. A small amount compared to the risks that can arise from unsecured connections such as port forwarding.
For your information. According to European liability law, the system integrator is a professional and is expected to know his installations and systems and be able to assess their risks. On the other hand, the end user as a non-specialist is not expected to be aware of these risks on their own.
As a TELETASK distributor: The training PowerPoint for system integrators should clearly mention this, so that the instructors cannot forget it. You can also request the TELETASK system training PowerPoint (English version) which includes this. DOWNLOAD
Thank you for your understanding and to take necessary action if needed.
Table of contents:
;){kind=link}
;){kind=link}