A recent firmware update released by Logitech for its Harmony hub based remote controls, has broken / blocks local LAN access to the hubs. This has left the enthusiast Home Automation and Smart Home community in a bleak situation only six days before Christmas, with their systems for controlling their Audio Visual equipment now not functioning fully.
Many Home Automation systems are being affected by this new firmware which has been pushed out to Harmony hubs without any notice that the feature would be removed and no option for end users to decline the update. Systems such as Vera, Domoticz, HomeSeer, HA-Bridge, Home Assistant and many more.
The news first broke on this Reddit thread here, some Harmony domain names are listed in the Reddit thread, which you can block on your router to block the firmware updates.
A thread was then created on Logitech’s own user forums here, titled “Firmware update blocked API access” and later a Logitech employee created a new thread about the situation here, titled “Harmony Hub FW 4.15.206” simply stating:
“Hi folks. We are aware of the feedback from some Harmony Hub customers about firmware version 4.15.206.
We recently released a firmware update for Harmony hub-based remotes. A few consumers have told us they are experiencing issues with certain configurations of the these remotes. We will follow up soon with more details.
Thank you for your patience.”
As yet no statements have been made by Logitech to clarify the situation as to if the block was intentional or a bug ?
And this situation is certainly not only affecting “a few consumers” judging by the amount of replies and responses on those threads and else where on Internet forums and groups. Also some of the Harmony plugin developers have stated the numbers of users that are using their plugins, this is affecting thousands of people!
These Home Automation systems were using the XMPP protocol / port on the Harmony hub for local communications over the LAN for controlling Harmony activities and device commands, firmware 4.15.206 now closes down this access.
There are some rollback instructions here if you need to downgrade the firmware. This will downgrade the firmware to version 4.15.193. It looks like the Home Assistant developers maybe ahead of the game, they are currently working on new access to the Harmony hub using a local websockets API instead, which is also used by the Logitech Harmony iOS app.
Firmware 4.15.201 was the last working firmware version before the controversial 4.15.206 update. Anyone affected should raise a support ticket with Harmony support.
It remains to be seen what is the root cause of this issue, however if it does turn out to be intentional by Logitech, it seems incredibly short sighted on their part, to shutdown and lockout a whole community of Harmony users, who are Home Automation enthusiasts and power users, its these people who usually recommend products to their families and friends and to others on the Internet forums and social media groups, so this can only be impacting currently on Logitech’s reputation.
Lets hope Logitech have simply made a mistake and are working to correct the problem before Christmas.
UPDATE: Harmony have just released a statement and its not good news !
Harmony Hub Firmware Update Fixes Vulnerabilities
Logitech recently released a firmware update for Harmony hub-based remotes that addressed some security vulnerabilities brought to our attention by a third-party cyber security firm. Logitech takes our customers’ security seriously, and we work diligently to fix these kinds of issues as they’re discovered.
Last week we began rolling out this update. We are aware that some customers using undocumented Harmony APIs for local home control were affected as a side-effect of our closing these vulnerabilities. These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority.
We urge customers to update to this latest firmware, version 4.15.206. Please see this article for complete directions on checking and updating your current firmware version: https://support.myharmony.com/how-to-update-your-firmware
*Hub-based products include: Harmony Elite, Harmony Pro, Harmony Home Hub, Harmony Ultimate Hub, Harmony Hub, Harmony Home Control, Harmony Smart Control, Harmony Companion, Harmony Smart Keyboard, Harmony Ultimate, and Ultimate Home.
We’ve heard your concerns. We understand that some customers are frustrated with the recent security fix we put in place, as it closed access to private local API controls. While security continues to be a priority for us, we are working to provide a solution for those who still want access despite the inherent security risks involved.
If you would like to participate in an XMPP beta program, which will allow access to local controls, see the below instructions. Over the coming weeks, we will qualify a regular firmware release that still allows XMPP control for those who need it. We expect to send out an update that will be available to all Harmony customers in January.
Here are the instructions to access the program by updating the firmware on your Hub.
- Launch the MyHarmony software on your desktop computer.
- From the login page, press the following keys to access the tool:
- On Windows – Press Alt + F9
- On Macs – Press Fn + Option + F9 or Option + F9.
- Scroll down to the bottom where it says “FIRMWARE TO ENABLE XMPP. FOR DEVELOPERS ONLY.”
- Be sure to read through the short warning and disclaimer to understand the impact of installing this firmware.
- Click on Update Firmware.
- Plug in your Harmony Hub via USB and click on Install.