Logitech Harmony firmware 4.15.206 breaks Home Automation systems

A recent firmware update released by Logitech for its Harmony hub based remote controls, has broken / blocks local LAN access to the hubs. This has left the enthusiast Home Automation and Smart Home community in a bleak situation only six days before Christmas, with their systems for controlling their Audio Visual equipment now not functioning fully.

Many Home Automation systems are being affected by this new firmware which has been pushed out to Harmony hubs without any notice that the feature would be removed and no option for end users to decline the update. Systems such as Vera, Domoticz, HomeSeer, HA-Bridge, Home Assistant and many more.

The news first broke on this Reddit thread here, some Harmony domain names are listed in the Reddit thread, which you can block on your router to block the firmware updates.

A thread was then created on Logitech’s own user forums here, titled “Firmware update blocked API access” and later a Logitech employee created a new thread about the situation here, titled “Harmony Hub FW 4.15.206” simply stating:

Hi folks. We are aware of the feedback from some Harmony Hub customers about firmware version 4.15.206.   

We recently released a firmware update for Harmony hub-based remotes. A few consumers have told us they are experiencing issues with certain configurations of the these remotes. We will follow up soon with more details.

Thank you for your patience.”

As yet no statements have been made by Logitech to clarify the situation as to if the block was intentional or a bug ?

And this situation is certainly not only affecting “a few consumers” judging by the amount of replies and responses on those threads and else where on Internet forums and groups. Also some of the Harmony plugin developers have stated the numbers of users that are using their plugins, this is affecting thousands of people!

These Home Automation systems were using the XMPP protocol / port on the Harmony hub for local communications over the LAN for controlling Harmony activities and device commands, firmware 4.15.206 now closes down this access.

There are some rollback instructions here if you need to downgrade the firmware. This will downgrade the firmware to version 4.15.193. It looks like the Home Assistant developers maybe ahead of the game, they are currently working on new access to the Harmony hub using a local websockets API instead, which is also used by the Logitech Harmony iOS app.

Firmware 4.15.201 was the last working firmware version before the controversial 4.15.206 update. Anyone affected should raise a support ticket with Harmony support.

It remains to be seen what is the root cause of this issue, however if it does turn out to be intentional by Logitech, it seems incredibly short sighted on their part, to shutdown and lockout a whole community of Harmony users, who are Home Automation enthusiasts and power users, its these people who usually recommend products to their families and friends and to others on the Internet forums and social media groups, so this can only be impacting currently on Logitech’s reputation.

Lets hope Logitech have simply made a mistake and are working to correct the problem before Christmas.

UPDATE: Harmony have just released a statement and its not good news !

Harmony Hub Firmware Update Fixes Vulnerabilities

Logitech recently released a firmware update for Harmony hub-based remotes that addressed some security vulnerabilities brought to our attention by a third-party cyber security firm. Logitech takes our customers’ security seriously, and we work diligently to fix these kinds of issues as they’re discovered.

Last week we began rolling out this update. We are aware that some customers using undocumented Harmony APIs for local home control were affected as a side-effect of our closing these vulnerabilities. These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority.

We urge customers to update to this latest firmware, version 4.15.206. Please see this article for complete directions on checking and updating your current firmware version: https://support.myharmony.com/how-to-update-your-firmware

*Hub-based products include: Harmony Elite, Harmony Pro, Harmony Home Hub, Harmony Ultimate Hub, Harmony Hub, Harmony Home Control, Harmony Smart Control, Harmony Companion, Harmony Smart Keyboard, Harmony Ultimate, and Ultimate Home.

UPDATE: 21/12/2018

Any Vera Control Ltd users affected by Logitech blocking the local XMPP API port, the plugin developer has released a patch to use the Websockets API instead. 😀
 
http://forum.micasaverde.com/index.php/topic,116228.msg434166.html#msg434166
Merry Christmas !
UPDATE: 22/12/2018
Sounds like Logitech have caved to public pressure and are doing a U-turn which is the correct decision. Although I’d prefer to see the other websockets API the one being made an official local API for Home Automation system integrations rather than the XMPP one.
New statement released by Logitech:

We’ve heard your concerns. We understand that some customers are frustrated with the recent security fix we put in place, as it closed access to private local API controls. While security continues to be a priority for us, we are working to provide a solution for those who still want access despite the inherent security risks involved.

If you would like to participate in an XMPP beta program, which will allow access to local controls, see the below instructions. Over the coming weeks, we will qualify a regular firmware release that still allows XMPP control for those who need it. We expect to send out an update that will be available to all Harmony customers in January.

 Here are the instructions to access the program by updating the firmware on your Hub.

  1. Launch the MyHarmony software on your desktop computer.
  2. From the login page, press the following keys to access the tool:
    1. On Windows – Press Alt + F9
    2. On Macs – Press Fn + Option + F9 or Option + F9.
  3. Scroll down to the bottom where it says “FIRMWARE TO ENABLE XMPP. FOR DEVELOPERS ONLY.”
  4. Be sure to read through the short warning and disclaimer to understand the impact of installing this firmware.
  5. Click on Update Firmware.
  6. Plug in your Harmony Hub via USB and click on Install.
About the author cw-kid:
Windows Entertainment and Connected Home MVP

4 thoughts on “Logitech Harmony firmware 4.15.206 breaks Home Automation systems”

  1. Renkua says:

    Logitech don’t care about theirs users,this API was open during many years and they close it suddenly without mail or possibility to block update.
    The excuse of security is bullshit, the local API is safe, more than cloud access.
    My MX Master is and will be the last product from them.

  2. Alex says:

    > “As yet no statements have been made by Logitech to clarify the situation as to if the block was intentional or a bug”

    Unfortunately there’s a statement https://twitter.com/ToddW_Logitech/status/1075227106882121728

    @ToddW_Logitech
    This was not a feature the product shipped with, nor was ever claimed as a feature.

    Of course things can always change in the future, but I don’t want to mislead anyone. We don’t have plans to reenable this private API

  3. Peter says:

    Reverted to 4.15.193 and blocked the hub from internet.
    No need for the Harmony android app anyway.

    Least expected this from Logitech.
    Stay of my hub Logitech. I have bought it, not leased it from you.

  4. Paul Hibbert says:

    Ever since I bought my Harmony hub I\’ve been wanting Logitech\’s Harmony division to disappear. They are really against us, the system has been designed by control freaks and I can\’t wait until another company puts them out of business. I love Logitech\’s other stuff, but the Harmony started out as this amazing remote that you could do almost anything with, and then one piece at a time they locked it down to only working in a very specific way… their way.

    It\’s the same reason there\’s no IFTTT support, they\’re likely deliberately holding it back whilst they think of a way they can extort money from their users for it, they don\’t like the idea that it could be used in partnership with their competitors. It\’s a short sighted business and it will fail in time. Broadlink are moving into the remote control market this year and their initial offering looks quite basic by comparison (no touch screen) but considering they already have IFTTT access they could be set to blow Harmony out of the sky! It will be interesting to see how that product line expands if successful!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses cookies.
Follow us on Twitter @isdixon
+ +