The Telekom Home Base 2 smarthome controller used in many households and Telekom’s widely used Speedport Smart 3 flagship router were once again put to the test by AV-TEST Institute’s IoT Labs. And once again, the German Telekom Magenta products showed no defensive weaknesses against the increasing number of attacks from the Internet. After passing extensive tests, both products were therefore once again awarded the AV-TEST “Secure Smart Home Product” certificate.

Secure connection: Speedport Smart 3

In the lab, AV-TEST engineers tested the Speedport Smart 3 router (firmware v010137. together with the associated “Magenta Smart Home” apps (Android & iOS) in version 6.0.0. The router in combination with the mobile apps convinced in the test of local and online connections with securely designed communication. Security-critical errors or vulnerabilities that attackers could exploit via automated attacks, for example, were also not found.

The check of online communication, i.e., the check of all incoming and outgoing data streams between the mobile application and the cloud, as well as between the device and the cloud, also revealed well-secured and encrypted connections according to the current state of the art. Even extensive scans by our test teams for exploitable, critical vulnerabilities did not reveal any problems with the Speedport Smart 3.

The static vulnerability analysis as well as the dynamic test of the mobile “Magenta Smart Home” applications also found no reason for serious criticism. For this reason, and due to good security results in all other areas tested, the Telekom router Speedport Smart 3 once again receives the “Secure Smart Home Product” certificate.

Proven base: Telekom Home Base 2

The smart home control device from German Telekom also passed the security test of the certification program in combination with it’s Magenta Smart Home applications. The base was tested with firmware v3.01.24-0 and the mobile “Magenta Smart Home” applications (Android b2c v6.0.0_b8c4c7e9; iOS B2C v6.0.0) .

All tested Internet connections as well as associated applications proved to be securely encrypted in the test point “external communication” and effectively prevented tampering with the communication between the Telekom base and the Internet. In the test, all online communication of the device takes place via a secured and appropriately configured TLS protocol in version 1.2. The analysis of the observed communication between cloud and controller did not reveal any obvious or critical vulnerabilities.

In addition, the smarthome base proved to be well armed against man-in-the-middle attacks and other standard attack scenarios. In the test of the associated apps for Android and iOS, the testers also found no critical flaws. Thus, the Telekom Home Base 2 once again meets the extensive security requirements of the AV-TEST certification process and receives the “Secure Smart Home Product” certificate for another year.

Excellently realised privacy policy

The review of both devices also revealed a test result that should be emphasized in addition to the other good security values: The privacy policy was already shown to be implemented in an exemplary manner in last year’s test and did not give any cause for criticism. This good result was even improved with the new edition of the privacy policy of the Magenta Smart Home app (dated 10.07.2020) and can be considered exemplary: It contains detailed information on all topics relevant to data protection and has been significantly optimized in puntco transparency about data collection and processing. It is clearly presented and explained in detail which data is collected for which purpose. The necessity of all requested permissions is also explained in an exemplary manner. In addition, according to the privacy policy, data is only passed on to selected third parties and only processed in Germany or other European countries.