A recent firmware update released by Logitech for its Harmony hub based remote controls, has broken / blocks local LAN access to the hubs. This has left the enthusiast Home Automation and Smart Home community in a bleak situation only six days before Christmas, with their systems for controlling their Audio Visual equipment now not functioning fully.
Many Home Automation systems are being affected by this new firmware which has been pushed out to Harmony hubs without any notice that the feature would be removed and no option for end users to decline the update. Systems such as Vera, Domoticz, HomeSeer, HA-Bridge, Home Assistant and many more.
The news first broke on this Reddit thread here, some Harmony domain names are listed in the Reddit thread, which you can block on your router to block the firmware updates.
A thread was then created on Logitech’s own user forums here, titled “Firmware update blocked API access” and later a Logitech employee created a new thread about the situation here, titled “Harmony Hub FW 4.15.206” simply stating:
“Hi folks. We are aware of the feedback from some Harmony Hub customers about firmware version 4.15.206.
We recently released a firmware update for Harmony hub-based remotes. A few consumers have told us they are experiencing issues with certain configurations of the these remotes. We will follow up soon with more details.
Thank you for your patience.”
As yet no statements have been made by Logitech to clarify the situation as to if the block was intentional or a bug ?
And this situation is certainly not only affecting “a few consumers” judging by the amount of replies and responses on those threads and else where on Internet forums and groups. Also some of the Harmony plugin developers have stated the numbers of users that are using their plugins, this is affecting thousands of people!
These Home Automation systems were using the XMPP protocol / port on the Harmony hub for local communications over the LAN for controlling Harmony activities and device commands, firmware 4.15.206 now closes down this access.
There are some rollback instructions here if you need to downgrade the firmware. This will downgrade the firmware to version 4.15.193. It looks like the Home Assistant developers maybe ahead of the game, they are currently working on new access to the Harmony hub using a local websockets API instead, which is also used by the Logitech Harmony iOS app.
Firmware 4.15.201 was the last working firmware version before the controversial 4.15.206 update. Anyone affected should raise a support ticket with Harmony support.
It remains to be seen what is the root cause of this issue, however if it does turn out to be intentional by Logitech, it seems incredibly short sighted on their part, to shutdown and lockout a whole community of Harmony users, who are Home Automation enthusiasts and power users, its these people who usually recommend products to their families and friends and to others on the Internet forums and social media groups, so this can only be impacting currently on Logitech’s reputation.
Lets hope Logitech have simply made a mistake and are working to correct the problem before Christmas.
UPDATE: Harmony have just released a statement and its not good news !
Harmony Hub Firmware Update Fixes Vulnerabilities
Logitech recently released a firmware update for Harmony hub-based remotes that addressed some security vulnerabilities brought to our attention by a third-party cyber security firm. Logitech takes our customers’ security seriously, and we work diligently to fix these kinds of issues as they’re discovered.
Last week we began rolling out this update. We are aware that some customers using undocumented Harmony APIs for local home control were affected as a side-effect of our closing these vulnerabilities. These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority.
We urge customers to update to this latest firmware, version 4.15.206. Please see this article for complete directions on checking and updating your current firmware version: https://support.myharmony.com/how-to-update-your-firmware
Any Vera Control Ltd users affected by Logitech blocking the local XMPP API port, the plugin developer has released a patch to use the Websockets API instead. 😀
Sounds like Logitech have caved to public pressure and are doing a U-turn which is the correct decision. Although I’d prefer to see the other websockets API the one being made an official local API for Home Automation system integrations rather than the XMPP one.
New statement released by Logitech:
We’ve heard your concerns. We understand that some customers are frustrated with the recent security fix we put in place, as it closed access to private local API controls. While security continues to be a priority for us, we are working to provide a solution for those who still want access despite the inherent security risks involved.
If you would like to participate in an XMPP beta program, which will allow access to local controls, see the below instructions. Over the coming weeks, we will qualify a regular firmware release that still allows XMPP control for those who need it. We expect to send out an update that will be available to all Harmony customers in January.
Here are the instructions to access the program by updating the firmware on your Hub.
Launch the MyHarmony software on your desktop computer.
From the login page, press the following keys to access the tool:
On Windows – Press Alt + F9
On Macs – Press Fn + Option + F9 or Option + F9.
Scroll down to the bottom where it says “FIRMWARE TO ENABLE XMPP. FOR DEVELOPERS ONLY.”
Be sure to read through the short warning and disclaimer to understand the impact of installing this firmware.
Click on Update Firmware.
Plug in your Harmony Hub via USB and click on Install.
4 thoughts on “Logitech Harmony firmware 4.15.206 breaks Home Automation systems”
Logitech don’t care about theirs users,this API was open during many years and they close it suddenly without mail or possibility to block update.
The excuse of security is bullshit, the local API is safe, more than cloud access.
My MX Master is and will be the last product from them.
Ever since I bought my Harmony hub I\’ve been wanting Logitech\’s Harmony division to disappear. They are really against us, the system has been designed by control freaks and I can\’t wait until another company puts them out of business. I love Logitech\’s other stuff, but the Harmony started out as this amazing remote that you could do almost anything with, and then one piece at a time they locked it down to only working in a very specific way… their way.
It\’s the same reason there\’s no IFTTT support, they\’re likely deliberately holding it back whilst they think of a way they can extort money from their users for it, they don\’t like the idea that it could be used in partnership with their competitors. It\’s a short sighted business and it will fail in time. Broadlink are moving into the remote control market this year and their initial offering looks quite basic by comparison (no touch screen) but considering they already have IFTTT access they could be set to blow Harmony out of the sky! It will be interesting to see how that product line expands if successful!
{"id":null,"mode":"button","open_style":"in_place","currency_code":"GBP","currency_symbol":"\u00a3","currency_type":"decimal","blank_flag_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":500,"top_media_type":"none","featured_image_url":false,"featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Leave a tip","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"TheDigitalLifestyle.com","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"TheDigitalLifestyle.com","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for being a supporter!","payment_confirmation_title":"TheDigitalLifestyle.com","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
Logitech don’t care about theirs users,this API was open during many years and they close it suddenly without mail or possibility to block update.
The excuse of security is bullshit, the local API is safe, more than cloud access.
My MX Master is and will be the last product from them.
> “As yet no statements have been made by Logitech to clarify the situation as to if the block was intentional or a bug”
Unfortunately there’s a statement https://twitter.com/ToddW_Logitech/status/1075227106882121728
@ToddW_Logitech
This was not a feature the product shipped with, nor was ever claimed as a feature.
Of course things can always change in the future, but I don’t want to mislead anyone. We don’t have plans to reenable this private API
Reverted to 4.15.193 and blocked the hub from internet.
No need for the Harmony android app anyway.
Least expected this from Logitech.
Stay of my hub Logitech. I have bought it, not leased it from you.
Ever since I bought my Harmony hub I\’ve been wanting Logitech\’s Harmony division to disappear. They are really against us, the system has been designed by control freaks and I can\’t wait until another company puts them out of business. I love Logitech\’s other stuff, but the Harmony started out as this amazing remote that you could do almost anything with, and then one piece at a time they locked it down to only working in a very specific way… their way.
It\’s the same reason there\’s no IFTTT support, they\’re likely deliberately holding it back whilst they think of a way they can extort money from their users for it, they don\’t like the idea that it could be used in partnership with their competitors. It\’s a short sighted business and it will fail in time. Broadlink are moving into the remote control market this year and their initial offering looks quite basic by comparison (no touch screen) but considering they already have IFTTT access they could be set to blow Harmony out of the sky! It will be interesting to see how that product line expands if successful!