Octopus Energy Home Mini Review - A Network Teardown
After waiting a few months, my Octopus Home Mini has finally arrived.
As this is quite an interesting product and one of the first products where your energy supplier uses your Wi-Fi, I thought I'd do a full teardown and see what it gets up to. Hint: I'm quite impressed
Not on Octopus Energy yet? Get £50 credit and help the blog: https://share.octopus.energy/ebon-snail-338
What's a Home Mini?
"The Octopus Home Mini is a small, palm-sized device that beams live readings from your smart meter to our cloud-based platform Kraken, so we can show you up-to-the-minute smart insights via your Octopus Energy app." - https://octopus.energy/blog/octopus-home-mini/
What's in the box
- Instructions
- Home Mini
- Micro USB Cable
- UK 5W USB Adapter
Setup Process
This is pretty straight forward, just scan the QR code in the intructions, this launches the Octopus app.
- Enable Location Services and Bluetooth permissions to the app
- Connect to the Home Mini
- Enter your Wi-Fi Password
- All sorted!
I would suggest placing this on a separate IoT network just out of principle. The SSID sent to the Home Mini is tied to what your phone is on. So this will mean connecting your phone to the IoT network temporarily.
After setup you can remove Location and Bluetooth permissions from the App without causing any issues.
Network Analysis
I took a PCAP of it's network traffic on my router and looked at it's DNS requests to understand what it is up to.
What does the home mini talk to?
Only two domains:
- pool.ntp.org
- aw1e0kzydzq4m-ats.iot.eu-west-1.amazonaws.com
pool.ntp.org
NTP Pool is an open pool of NTP servers contributed by volunteers. It's nice to see this project being used however technically they should be using a vendor zone instead of the main domain due to it being baked into the firmware.
aw1e0kzydzq4m-ats.iot.eu-west-1.amazonaws.com
AWS IOT Serverless Platform. Located in the Ireland AWS Datacenter.
Can't complain at this, looks like they understand how to properly design cloud systems!
It's nice to see that the Home Mini doesn't ping off to any other random servers.
Encryption?
The Home Mini talks to the Amazon endpoint using TLS1.2 although this is not the latest (1.3), it was using the cipher suite of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
this is still considered secure.
Other than the NTP lookup being in plaintxt (standard) all traffic was encrypted.
How often does it send data?
Every 10 seconds a packet of around 250 bytes is sent.
After having it plugged in for just over 2 Hours it had sent 315KB and received 242KB, so no need to worry about it slowing down your network.
Is it going to hack my network???
No, all is does is the following in time order:
- DHCP (To get a local IP address)
- DNS Lookup of pool.ntp.org
- Connect to 1 NTP Pool server to get the time
- DNS Lookup of aw1e0kzydzq4m-ats.iot.eu-west-1.amazonaws.com
- Connect to aw1e0kzydzq4m-ats.iot.eu-west-1.amazonaws.com
- Send a 250 byte packet every 10 seconds
The app
Enough about packets, what does the app look like?
It's not packed with features, just your live usage and 5 or 30 min usage graphs.
I originally thought that data after 30 mins was lost, however this data is moved the the "Day" tab along with gas usage which is pretty neat.
The good and bad
✅ | ❌ |
---|---|
No telemetry or bad network acitivty | Only 2.4Ghz Wi-Fi |
All traffic under TLS1.2 | USB C would have been nice |
Minimal network traffic | Basic app experience |
Made from recycled ocean plastic | |
Completly Free! |
Summary
This is quite impressive, you can tell it's been properly developed by the cloud setup to minimal and correctly configured network traffic. It would have been nice if it had 5Ghz Wi-Fi and USB C for power but for a free gadget you can understand the cost cutting here.
Follow cyberhost on Mastodon, we'll be linking it to Home Assistant in the next post. @[email protected]