I’ve just got a WiFi light switch.
As I’ve explained previously, swapping out all my existing light bulbs with Smart Bulbs would be hugely expensive and has the disadvantage of not working when the switches are off at the wall.
A WiFi light switch (theoretically) allows me to control the lights from my phone – and anyone else to use the physical buttons on the wall. That helps avoid this scenario:
When you're house sitting for millennials and ask how the lights work pic.twitter.com/Xli7ZdZeHW
— Cate (@c8ters) February 16, 2016
WiFi built into the switch means I don’t need to use a hub to control my devices – I can connect directly to them and not have to worry about hardware incompatibilities.
The UK has a unique way of wiring houses which doesn’t lend itself well to automated control. The switches which work in the USA and EU, simply won’t work in a UK set up. This makes switches rare and expensive.
What’s In The Box
The switch itself is pretty good looking:
The back is slightly weird – this is obviously a fairly generic design which can be re-purposed for multiway switches.
As for the rest of the kit…
Yup! A pair of mounting screws – that’s it! No fitting instructions, no glossy leaflet, nothing! Oh well, how hard can this thing be to install…
Working with electricity is dangerous. Remember to switch off the power to your lights at your consumer unit. If in doubt, get a qualified electrician to help. I followed this guide to replacing UK light switches.
Wiring the switch is trivial – as long as you can remember which wire is which. There’s just one small problem…
The depth of the pattress box is insufficient to contain the switch! Obviously microchips aren’t quite a tiny as necessary yet.
OK, I can try drilling that deeper later – let’s power up this baby and see if it works!
Blinken lights! Touching the light icon provides a satisfying “clunk” somewhere inside the switch, but didn’t change the state of the lights. Perhaps it needs to be set up first?
Remember when I said that the package didn’t come with any instructions? That wasn’t quite true – there are some QR codes on the side:
A quick scan and…
Hmmm… Do I really want to download an app from China over HTTP? Guess I don’t have a choice!
I prepared to install the app – when I was hit by this:
These are the permissions my Light Switch app is requesting…!
Think I'll install on a dummy device first! pic.twitter.com/DxvUePDj0u
— Terence Eden (@edent) March 1, 2016
Those are some ridiculously scary permissions! I can understand wanting microphone access (voice control) and maybe GPS (turn lights on when I get home) – but why does this want to send SMS or place calls? Why does it need my contacts and the ability to take photos?
A quick virus scan showed nothing overtly malicious – but I decided to offer up a sacrificial tablet to run the app on. No way am I risking my main device with this software!
The software is of the usual sub-standard quality I’ve come to expect from cheap electronics. No set-up wizard, just dumped into a complicated screen.
Pressing the “User Manual” button gave this monstrosity:
I held down the light switch button until the WiFi indicator started flashing. I then connected my tablet to the WiFi (a separate network – I didn’t want to risk sticking this on the same network as everything else yet). I clicked the “Auto Search” button and, somehow, the tablet found the switch and set it the network’s details. Result!
The app presents this rather lazily designed screen. Only the blue icon on the left works as a switch.
Let There Be Light!
And, dear reader, can you guess what happened when I clicked it?
Well, here's the light switch in all its "glory". Going to try another socket tomorrow during daylight hours! pic.twitter.com/k4iKrtTbNt
— Terence Eden (@edent) March 1, 2016
Yup – the square-root of bugger-all!
Under The Covers
Before trying it on another socket, I thought I’d crack it open to see what’s going on inside.
As I suspected, it’s a generic unit which can be used for 1-, 2-, or 3-gang switches. No LEDs are soldered on to the spare ports.
Interesting to note a different part number printed on the inside –
L5 HSCL LB v16.
I made a telephone call to Prad – the Amazon seller who supplied me with the switch – he was incredibly helpful but sadly confirmed that the switch requires a neutral wire. Something which had unfortunately been left out of his listing.
It turns out that this lack of neutral wiring is a common problem.
The WiFi Plug Glass has this fairly prominent warning:
And Vesternet have an excellent page explaining the challenges of fitting smart switches to UK homes.
Short of rewiring parts of my house, it looks like the switch will be useless to me. So back it goes.
Decompiling the Software
Part of the problem with the software is that it is designed to work with a suite of products. It contains references to security cameras, home alarm systems, infrared controllers, fans, curtain controllers, and half-a-dozen other things.
There’s no widget support – which is crucial for a lighting app. No one wants to find an app, wait for it to open, find the right light etc. I just want to put a simple toggle on my homescreen – in exactly the same way Lifx does.
As far as I can tell, there’s nothing malicious in the software – it’s just poorly constructed.
@edent in this version sure – you going to make sure to decompile every update? Large wooden equine welcome to Troy…
— Derek McAuley (@drdrmc) March 2, 2016
Of course, with Android Lollipop’s new permission model, I can deny the app access to anything that I’m uncomfortable with. During my brief use of the app it didn’t ask for anything other than WiFi access.
As I didn’t get the switches working, I didn’t dive too deeply into the API. I did spot this curious activity though.
When the light switch wasn’t connected to the WiFi, the app assumes that it is on a different network to the switch and tries to communicate over a cloud service.
That IP is hard-coded into the app.
whois 220.127.116.11? An unknown server in Hong Kong! The venerable nmap reckons the server is running Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008. Ok…
Right, it’s communicating on port 80 – but let’s see what incredibly secure authentication it is performing…
Hmmm… Some of those numbers look familiar…
Ah. So it sends a packet with the light switch’s ID number in it. That appears to be all. I assume that the switch makes a similar persistent connection to that IP address so it can listen out for instructions. I was too scared to port scan the light switch.
I’m guessing, with a small amount of effort, you could toggle strangers’ lights to your heart’s content.
It looks like I’m going to have to go for the hub and spoke model of smart switches. That is, a light switch which trickles enough electricity to power an RF receiver while keeping the lights off – controlled by a WiFi connected hub.
Hopefully one which is more secure than this!