Homey Community Forum

Security

Do we know anything about Homey’s security? Do they(Athom) have a secure development proces in place, is Homey pentested, is Athom audited?



Is a start, the rest you’ll have to contact Athom directly of course.

Although I have no real insights but for what I have seen the biggest issue is if you have an unsecure password on your account or leak it somewhere.

Athoms response to a question/tip in the alpha testers slack channel was that it was pen tested by a dutch security firm.

Shared with permission!

Fake news!

GDPR is one aspect of security. I know from experience that developing software inevitably creates a vulnerability at some point. The question is then, do they have the processes in place to spot those vulernabilities and fix them ASAP.

Is data encrypted (transport AND storage)? Two-factor authentication? Alerting users when they use an insecure network/password config (that may not be Homey’s job, but devices like Nest do this for example). Is there is a device blacklist for insecure devices? Etc.

And what happens if Athom goes out of business?

The question is: is Homey testen on a regular basis.