433 MHz Security and Privacy: What’s Safe, What’s Not
433 MHz sits at an awkward place in smart home security. It’s not inherently “insecure” in the sense of broadcasting your Wi-Fi password, but it also doesn’t have the layered protections you get with modern protocols.
Many consumer 433 MHz devices use unencrypted, repeatable codes. That’s fine for a garden light, but a clear no-go for a garage door controller or a front door lock. The trick is not to demonize 433 MHz but to put it in the right role.
Note: The content here applies to both 433 MHz (Europe) and 434 MHz (North America). These bands are functionally compatible in Homey and follow the same setup steps. Read more about 434 MHz.
How 433 MHz Signals Typically Work
In a typical 433 MHz system, a smart remote sends a short burst of bits to a receiver. The receiver recognizes a specific pattern and performs an action like turning on a light. While some systems use rolling codes, many rely on fixed patterns that are far from universal.
Crucially, these receivers rarely send any information back. There is no continuous connection or active session because each command is a tiny and self-contained event. There is also usually no robust cryptographic authentication to verify the sender.
That means someone with the right RF tools could:
- Observe that “a transmission happened”.
- Potentially decode or replay it on simpler systems.
In many cases, this is more a matter of effort than possibility. But for security design, capability matters.
Where Using 433 MHz Is Acceptable
For low-risk loads, 433 MHz is entirely fine and practical. This includes outdoor plugs that switch decorative lighting or non-critical indoor lamps. It is also a good fit for simple blinds or awnings where the worst-case scenario is someone opening or closing them without permission.
If someone manages to replay an on command for your garden lights, you may not even notice. The risk remains low while the benefit of cheap and long-range control remains high. Using it for these non-essential tasks is a smart way to save money.
Where 433 MHz Is a Bad Fit
For high-risk functions, unencrypted and one-way 433 MHz is a poor choice for any home. This includes critical entries like door locks and garage doors or the arming and disarming of alarms. It is also a bad fit for safety devices where false negatives might lead to missed intrusions.
Using 433 MHz for these tasks amounts to designing a system around security by obscurity. It might hold for a short while, but it is not a solid foundation for a safe home. You should always prioritize modern standards for these sensitive areas.
A safer approach is to let secure protocols like Z-Wave S2, Zigbee, or Matter handle your critical functions. You can then let 433 MHz handle non-critical switching and your older legacy gear. This balance keeps your home functional without sacrificing your safety.
Privacy Considerations
433 MHz transmissions are brief and usually do not contain much content. They do not transmit your name or your Wi-Fi credentials to the outside world. However, the timing of these signals can reveal your daily behavior to a dedicated observer.
Regular evening commands might suggest exactly when your lights go on or off. Door sensor pulses can also reveal your arrival and departure patterns over time. This data can be valuable to those looking to understand your routine.
With basic 433 MHz gear, this is considered a soft risk. An attacker would have to care enough to monitor your radio environment specifically. Still, if privacy is a priority, you will want to keep sensitive sensing on protocols that can encrypt their payloads.
Mitigations in a Multi-Protocol Home
Mitigating 433 MHz security issues is more about your home architecture than patching individual devices. You should reserve 433 MHz for loads where a compromise is only an inconvenience rather than a disaster. Always put your locks, alarms, and critical sensors on secure protocols.
Avoid building master keys like a 433 MHz button that can disarm your entire security system. You can use a hub like Homey to add additional conditions like presence or time of day to your automations. This ensures that a 433 MHz trigger only works when specific secure criteria are also met.
With this approach, 433 MHz becomes a useful part of your orchestration but not the primary gatekeeper. It allows for flexibility without creating easy vulnerabilities in your network.
Conclusion: Respect the Limits and Use It Wisely
433 MHz is not broken, but it is old and very simple. It predates modern consumer encryption expectations and was built for basic connectivity. If you treat it as a clever way to control cheap switches and blinds, you will be fine.
If you treat it as a secure channel for locks and alarms, you are asking too much of the technology. Its simplicity is its greatest strength for range and cost, but its greatest weakness for security.
The strength of a multi-protocol hub is that it does not force you to choose one standard. You can keep 433 MHz where it makes sense and lean on secure protocols where the risk is higher. This allows you to manage everything safely within one single automation model.
FAQ
Is 433 MHz encrypted?
Most consumer 433 MHz systems are not meaningfully encrypted. Some use rolling codes, but that's not universal.
Can someone open my 433 MHz blind from outside?
If they know or can learn the codes, in principle yes. For blinds, this is usually low risk, but it illustrates why 433 MHz isn't ideal for locks.
Should I use 433 MHz for door locks?
No. Use a protocol with strong, modern security, such as Z-Wave with S2, or IP-based systems with proven cryptography.
Can 433 MHz be jammed?
Like any RF system, it can be interfered with. There is no built-in resilience against intentional jamming.
Does 433 MHz reveal my personal data?
The signals are short and usually don't contain personal data, but patterns of activity can reveal habits.
Is 433 MHz safe for holiday lights and basic plugs?
Yes, this is where 433 MHz makes the most sense: low-risk, convenience-centric loads.
Can Homey "secure" a 433 MHz device?
Homey can't encrypt the radio itself, but it can control when and how 433 MHz triggers result in actions, adding logic like presence or time windows.
Are some 433 MHz systems more secure than others?
Yes. Systems with rolling codes and better RF design are harder to spoof, but they still sit below modern secure protocols.
What if my garage door uses 433 MHz?
If it's a modern system with rolling codes and proper design, the practical risk can be acceptable, but you should understand that it's not at the same level as a fully IP/crypto-based system.
Does using 433 MHz with Homey make me less secure overall?
Not if you choose wisely which functions you assign to 433 MHz and keep critical tasks on secure protocols.
Glossary
Fixed Code
A 433 MHz code that is the same every time a button is pressed. Easy to capture and replay on simpler systems.
Rolling Code
A scheme where the code changes in a predictable way known only to the transmitter and receiver. Harder to replay but still not equivalent to modern cryptography.
Replay Attack
An attack where an adversary records a valid transmission and replays it later to trigger the same action.
Security by Obscurity
Relying on the hope that an attacker will not know or guess how a system works, instead of using robust, open security principles.
Threat Model
An explicit view of what you are trying to protect, against whom, and how much effort they might put in. Critical when deciding which functions can live on 433 MHz.
Attack Surface
The total set of ways someone could try to attack your system. Adding 433 MHz increases your attack surface slightly, especially for RF-savvy attackers.
Risk Appetite
How much risk you are willing to accept. Turning on garden lights via 433 MHz fits a higher risk appetite than controlling door locks this way.
Sandboxing (in Smart Homes)
Architecturally isolating less secure components so they can only affect limited parts of the system. For 433 MHz, this means restricting it to low-risk actions.
Authentication
Verifying that a message truly comes from who it claims to. Most 433 MHz systems have weak or no authentication in modern cryptographic terms.
Confidentiality
Protecting the content of a message from being read by others. 433 MHz control signals rarely aim for strong confidentiality.
