albertogeniola / meross-homeassistant

Custom component that leverages the Meross IoT library to integrate with Homeassistant
MIT License
733 stars 83 forks source link

Service Termination of Your meross Smart Device due to Security Concerns #324

Closed Maxi2509 closed 2 years ago

Maxi2509 commented 2 years ago

Hi,

at the beginning...i am no expert in programming etc. :) Today i received below mail from meross about the high frequency communication. For now i am not able to connect via Home Assistant to Meross as they have blocked it.

**Recently our cloud security system has noticed that your devices are communicating with the could server at an extremely high frequency. We consider these behaviours abnormal and are concerned about the security of your devices.

Due to the security concerns and the intent to avoid any further potential damage, we will terminate the cloud services of these devices for now to protect your devices.

If you are sure that your devices are safe, NOT hacked, and are performing as expected. Please first lower your periodic request rate to no more than one message every ten seconds and then send an email to support@meross.com. We will resume cloud service for you within 24 hours.

For the safety of your device and personal data, we suggest you to use meross app to manage your devices and DO NOT use any other third-party platforms. Please note that any abnormal high cloud request frequency will cause cloud service termination again.

Should you have any information you would like to provide us with or you would like to offer us any clarification, please contact us within 24 hours.

Thanks!

Meross Cloud Security Team**

i am using at the moment: Home Assistant 2021.12.9 Core: core-2021.12.9 supervisor-2021.12.2 Meross ingetragion latest version: v1.2.0rc2

Would be really good to figure out how to solve this issue? If you need any more information please let me know.

Greetings Maxi

dalester7 commented 2 years ago

I also got this a few days ago. I did the email to have them restore service and they have me a list of allowed platforms and integrations (this one is not allowed/approved) and they restored service a couple days later. However, I got the email again the next day and have not emailed to have service restored.

lldev0 commented 2 years ago

received the same mail today, maybe the addon is comunicating with their cloud too often

NicciZar commented 2 years ago

It probably depends on how many meross devices youre trying to use with the integration

lldev0 commented 2 years ago

I am using only 3 devices - thermostatic valves

dalester7 commented 2 years ago

I am only using 1 device, the garage door opener.

On Fri, Jan 28, 2022, 9:02 AM NicciZar @.***> wrote:

It probably depends on how many meross devices youre trying to use with the integration

— Reply to this email directly, view it on GitHub https://github.com/albertogeniola/meross-homeassistant/issues/324#issuecomment-1024422559, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATMSLI2V7UTGGVF7MWQX24DUYLDYZANCNFSM5MUYQY4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

albertogeniola commented 2 years ago

HI all,

that's known. Meross is arbitrary deciding which integration can be used to interact with their device and which not. Unfortunately, they don't seem to be collaborative with HA integrations.

In any case, may I ask you if you have any automation in process? Usually automations might be a bit aggressive in polling the device state and hit Meross security thresholds.

dalester7 commented 2 years ago

This is the only automation I have:

On Fri, Jan 28, 2022 at 9:18 AM Alberto Geniola @.***> wrote:

HI all,

that's known. Meross is arbitrary deciding which integration can be used to interact with their device and which not. Unfortunately, they don't seem to be collaborative with HA integrations.

In any case, may I ask you if you have any automation in process? Usually automations might be a bit aggressive in polling the device state and hit Meross security thresholds.

— Reply to this email directly, view it on GitHub https://github.com/albertogeniola/meross-homeassistant/issues/324#issuecomment-1024436256, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATMSLI53ZKDW4TG6NBZOYN3UYLFVDANCNFSM5MUYQY4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

albertogeniola commented 2 years ago

Hi @dalester7 ,

if you are using the last version of the integration, the auto-reload should not be needed any longer. I'm not sure this is causing any call to the meross cloud, though. In any case, can you try disabling this automation and see if it gets any better?

lldev0 commented 2 years ago

I am using last version, don't have any automation but I have tablet as dashboard with the home assistant always running, maybe it is requesting data from meross cloud too often, anyway I send them email about HA extensions support, if they respond I'll let you know

dalester7 commented 2 years ago

Sure. I'll disable it and have meross re-enable my cloud functionality and I'll report back. Thanks.

On Fri, Jan 28, 2022, 9:30 AM Alberto Geniola @.***> wrote:

Hi @dalester7 https://github.com/dalester7 ,

if you are using the last version of the integration, the auto-reload should not be needed any longer. I'm not sure this is causing any call to the meross cloud, though. In any case, can you try disabling this automation and see if it gets any better?

— Reply to this email directly, view it on GitHub https://github.com/albertogeniola/meross-homeassistant/issues/324#issuecomment-1024445943, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATMSLI4SITMCZFCRSK7T4ADUYLHC5ANCNFSM5MUYQY4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

Maxi2509 commented 2 years ago

Sorry for my late reply. I have up to 7 devices running which are sometimes (depends on the automation) activated at the same time. For example at the evening they will activate some lights.

i looked also in the LOG file and found following:

Dieser Fehler wurde von einer benutzerdefinierten Integration verursacht

Logger: custom_components.meross_cloud Source: custom_components/meross_cloud/init.py:243 Integration: Meross Cloud IoT First occurred: 27. Januar 2022, 15:51:39 (31 occurrences) Last logged: 30. Januar 2022, 12:11:35

Error occurred. ------------------------------------- Component version: 0.4.4.3 Device info: Name: Steckdosenleiste Büro UUID: 1909205770536490802148e1e952414a Type: mss425f HW Version: 3.0.0 FW Version: 3.1.2 Error Message: "An exception occurred" Error occurred. ------------------------------------- Component version: 0.4.4.3 Device info: Name: Eismaschine UUID: 2009090341230951852148e1e9314de2 Type: mss210 HW Version: 4.0.0 FW Version: 4.2.5 Error Message: "An exception occurred" Traceback (most recent call last): File "/usr/local/lib/python3.9/asyncio/tasks.py", line 492, in wait_for fut.result() asyncio.exceptions.CancelledError

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/meross_iot/manager.py", line 806, in _async_send_and_wait_ack return await asyncio.wait_for(future, timeout) File "/usr/local/lib/python3.9/asyncio/tasks.py", line 494, in wait_for raise exceptions.TimeoutError() from exc asyncio.exceptions.TimeoutError

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/config/custom_components/meross_cloud/init.py", line 243, in async_update await self._device.async_update() File "/usr/local/lib/python3.9/site-packages/meross_iot/controller/mixins/system.py", line 22, in async_update result = await self._execute_command(method="GET", File "/usr/local/lib/python3.9/site-packages/meross_iot/controller/device.py", line 278, in _execute_command return await self._manager.async_execute_cmd(destination_device_uuid=self.uuid, File "/usr/local/lib/python3.9/site-packages/meross_iot/manager.py", line 766, in async_execute_cmd return await self.async_execute_cmd_client(client=client, File "/usr/local/lib/python3.9/site-packages/meross_iot/manager.py", line 787, in async_execute_cmd_client response = await self._async_send_and_wait_ack( File "/usr/local/lib/python3.9/site-packages/meross_iot/manager.py", line 813, in _async_send_and_wait_ack raise CommandTimeoutError(message=str(message), target_device_uuid=target_device_uuid, timeout=timeout) meross_iot.model.exception.CommandTimeoutError

at the same time i receive the log below:

Logger: meross_iot.manager Source: /usr/local/lib/python3.9/site-packages/meross_iot/manager.py:809 First occurred: 27. Januar 2022, 15:51:39 (34 occurrences) Last logged: 30. Januar 2022, 12:11:35

Timeout occurred while waiting a response for message b'{"header":{"from":"/app/485162-74be7f0aee60c3f72fa07a18f91b9ddd/subscribe","messageId":"dac60b45fcfaa8e3e879e5a94673a0b0","method":"GET","namespace":"Appliance.System.All","payloadVersion":1,"sign":"4d78cfa2aea07a794a0c9d5bdb765e05","timestamp":1643512590,"triggerSrc":"Android","uuid":"1909205770536490802148e1e952414a"},"payload":{}}' sent to device uuid 1909205770536490802148e1e952414a. Timeout was: 10.000000 seconds. Mqtt Host: mqtt-eu-2.meross.com:443. Timeout occurred while waiting a response for message b'{"header":{"from":"/app/485162-74be7f0aee60c3f72fa07a18f91b9ddd/subscribe","messageId":"0db4b1e1294d9157d29d002dbd2191e1","method":"GET","namespace":"Appliance.System.All","payloadVersion":1,"sign":"ad1bf6e5386b1a4c5b0c02ea5d65620e","timestamp":1643512590,"triggerSrc":"Android","uuid":"1909205770536490802148e1e952414a"},"payload":{}}' sent to device uuid 1909205770536490802148e1e952414a. Timeout was: 10.000000 seconds. Mqtt Host: mqtt-eu-2.meross.com:443. Timeout occurred while waiting a response for message b'{"header":{"from":"/app/485162-74be7f0aee60c3f72fa07a18f91b9ddd/subscribe","messageId":"f5e22eeb293efbf0c68e2cf874bc148f","method":"GET","namespace":"Appliance.System.All","payloadVersion":1,"sign":"b077eef71242fe35b174f50a9da751be","timestamp":1643541085,"triggerSrc":"Android","uuid":"1909205770536490802148e1e952414a"},"payload":{}}' sent to device uuid 1909205770536490802148e1e952414a. Timeout was: 10.000000 seconds. Mqtt Host: mqtt-eu-2.meross.com:443. Timeout occurred while waiting a response for message b'{"header":{"from":"/app/485162-74be7f0aee60c3f72fa07a18f91b9ddd/subscribe","messageId":"cd0d0bc487fb3a3e06ec03e1f6831593","method":"GET","namespace":"Appliance.System.All","payloadVersion":1,"sign":"3ac90950938771ffa07a6cbd5a8a1b3d","timestamp":1643541085,"triggerSrc":"Android","uuid":"1909205770536490802148e1e952414a"},"payload":{}}' sent to device uuid 1909205770536490802148e1e952414a. Timeout was: 10.000000 seconds. Mqtt Host: mqtt-eu-2.meross.com:443. Timeout occurred while waiting a response for message b'{"header":{"from":"/app/485162-74be7f0aee60c3f72fa07a18f91b9ddd/subscribe","messageId":"2ce0db64e73ead742bae6519b0f0573e","method":"GET","namespace":"Appliance.System.All","payloadVersion":1,"sign":"105d8260d284c1a9785a8abdcc43c198","timestamp":1643541085,"triggerSrc":"Android","uuid":"1909205770536490802148e1e952414a"},"payload":{}}' sent to device uuid 1909205770536490802148e1e952414a. Timeout was: 10.000000 seconds. Mqtt Host: mqtt-eu-2.meross.com:443.

Attached picture you will see my actual configuration of the meross integration. i lowered everything to 1.

Meross

lldev0 commented 2 years ago

FYI I received a response from Meross:

When we found your connection was abnormal, cloud service will be terminated. Usually it was caused by that you used other home automation solutions, such as iobroker, Domotics, Home Assistant and request the server connection with high frequency. After you have changed the related settings as required, the connection will be resumed automatically within 24 hours. If you are not sure about that, please factory reset the smart devices and configure them from scratch.

Please know that only meross app, eHomelife app, Google Home, Amazon Alexa, Homekit (specific products) are officially supported by us, any other IoT solutions or API may get you into such problem again. Thanks for your understandings.

We are sorry that currently we do not have an open API, sorry for inconvenience caused.

calebcall commented 2 years ago

I got the same notice last night, I currently only have a single meross device on my integration. However, I'm using node-red for my automation and I'm wondering if it's the state node I was using that was causing the polling to happen too often (not sure if it polling HA from node-red would cause the integration to poll the meross cloud?). I switched to the poll state node that allows me to add a polling interval to, I set that to 30 seconds and requested my meross cloud access be enabled again. We'll see if this helps or I get shutdown again.

eximo84 commented 2 years ago

So I'm using the latest version but seems no way to rate limit the connection.

I previously had an automation which enabled the devices if they became unavailable which is now disabled so not sure if that has caused my account to be locked.

My reply from meross basically said to stop using anything other than their official apps.

Biliskn3r commented 2 years ago

I got this twice this week. No automations. Just 6 temperature valves. Any way we can rate limit this. Once per 5 minutes works for me?

TheHolyRoger commented 2 years ago

@dalester7 thank you for that automation! Was a huge help and I've built on it using group expansion and a handy variable to change the group id

@albertogeniola this is still an issue on the latest version however this automation reloads it without an issue:

alias: Reload Meross when unavailable
variables:
  meross_group_id:
    - group.all_meross
trigger:
  - platform: event
    event_type: state_changed
condition:
  - condition: template
    value_template: >-
      {{ trigger.event.data.entity_id in (expand(meross_group_id) |
      selectattr('state', 'eq', 'unavailable') | map(attribute='entity_id')) }}
action:
  - repeat:
      while:
        - condition: template
          value_template: '{{ states(trigger.event.data.entity_id) == ''unavailable'' }}'
        - condition: template
          value_template: '{{ repeat.index < 60 }}'
      sequence:
        - delay:
            seconds: 30
        - choose:
            - conditions:
                - condition: template
                  value_template: '{{ states(trigger.event.data.entity_id) == ''unavailable'' }}'
              sequence:
                - service: homeassistant.reload_config_entry
                  target:
                    entity_id: '{{ trigger.event.data.entity_id }}'
                - delay:
                    minutes: 1
          default:
            - delay:
                seconds: 5
mode: single