Some users of Logitech’s Harmony Hub and remote system have encountered a fairly big issue with the latest firmware update: it blocks local API access, which has in turn led to sudden problems — and broken automation systems — for many users and home theater integrators. Ars Technica reported on the situation yesterday.
Unfortunately, it’s not clear that Logitech has any solution for disappointed users. As the company explained in a forum thread, the 4.15.206 firmware update for the Harmony Hub system was in order to patch a security vulnerability, which also had the effect of blocking these other integrations. “These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority.”
In a statement to Ars Technica, Logitech further explained the issue, noting that “The XMPP interface was used as part of the setup process and was pointed out as an insecure communication. We removed that interface as part of an effort to make to improve the Hub security. That interface was never designed to be used by third parties.” In other words, from Logitech’s perspective, those users were essentially using a security flaw to build out their smart home systems, taking advantage of a feature that they were never supposed to use that ultimately was making the whole system less secure.
It seems to be a fair enough response; after all, Logitech does have to consider the security of its users and do what it thinks best to protect them. But fans aren’t pleased, especially considering that the company has a history of bricking remote setups without warning. Just last year, Logitech announced that its previous generation Harmony Link devices would stop working, and recommended that users switch over to the new Harmony Hub system — a move that would later seem the company offer free Hubs to to all Link owners as an apology.