Somfy has greatly expanded its smart home portfolio in recent years. During our certification test, we took a close look at the security of the TaHoma V2 Connected Home Box. The following test report shows how the smart home system performed.
Features
The base station (tested in firmware version 2021.1.4-20) allows control of all components, such as shutters, heating, lighting and security components via a central app (Android, iOS – tested in version 3.18.0). When certain scenarios or alarms are triggered, notifications can be sent via the apps, email or SMS; furthermore, individual sequences or conditions can also be set. Apple Homekit and common voice assistants can also be connected.
Local and online communication
In this part of the test, we recorded and analyzed the incoming and outgoing data traffic of the TaHoma V2 Connected Home Box and the mobile apps: TaHoma classic. During the analysis, no obvious vulnerabilities or possible entry points were found. Both the base station and the applications always communicated in encrypted form during the test and were also effectively protected against common attacks, such as man-in-the-middle attacks. The scan of the base station itself also revealed no indications of possible entry points.
Privacy
In this test section, we examined devices and applications for indications of unnecessary data collection. Furthermore, the privacy policy (as of 01.02.2021) was analyzed with regard to its transparency and conformity with the General Data Protection Regulation.
During the test, Somfy added missing information to the privacy policy and also reduced the data required during registration. As of today, two trackers (Google CrashLytics and Firebase Analytics) are still integrated into the apps, but Somfy also intends to remove these from the apps in the near future.
Conclusion
The TaHoma V2 solution with the Connected Home Box performs solidly in all relevant areas. The smart home system from the French manufacturer Somfy therefore receives the AV-TEST certificate “Approved Smart Home Product”.
Previous article 
Personally, I wouldn’t purchase.
They don’t offer different user accounts to connect to the box.
Which means you can only have one username and password for your whole family, and this is the admin password…
Even when you just want to let your kids or wife control your devices, they have full admin a accès to the configuration, and could delete devices, scenarios or even deactivate the device by accident… Or if they change your password, you are locked out…
Unbelievable they didn’t think about having different type of accounts, one for the admin settings and one for controlling devices.