Mycroft security


#1

Hi all, I’m new to Mycroft and so far loving the project. I’m running Mycroft on Ubuntu and setting up a Picroft.

When I start up Mycroft I get this warning:

CAUTION: The Mycroft bus is an open websocket with no built-in security
measures. You are responsible for protecting the local port
8181 with a firewall as appropriate.

What does this really mean? How do I protect local port 8181? I’m also curious about future security implications. If I had Mycroft connected to all my IoT devices in my home what security precautions would I need to take?
I ask these questions more out of curiosity than real concern. I’m curious about security with AI especially in domestic situations.

Thanks, Henry.


#2

You can try doing:
sudo /sbin/iptables -A INPUT -p tcp -s localhost --dport 8181 -j ACCEPT
sudo /sbin/iptables iptables -A INPUT -p tcp --dport 8181 -j DROP

Perhaps add that to your start-mycroft.sh script if you want (or to your boot scripts–see https://major.io/2009/11/16/automatically-loading-iptables-on-debianubuntu/)

That would block traffic that’s not from localhost.

The other stuff…
You would want to secure your home network as much as you can, ie, wpa2 (or wpa3 when that gets here) with strong passwords, regular firmware updates, limit access to it as much as possible via mac/dhcp restrictions, monitor your network regularly, shut it down when you’re not home if you can, etc. I go one step further and run an isolated (ie, not connected to the internet) network for the iot bits.

Mycroft is regularly updated, so update your instance when you see new releases, update the underlying OS and packages as well.