bottleneck
Choose style:

Author Topic: THE INSECURITY OF THINGS:  (Read 3229 times)

0 Members and 1 Guest are viewing this topic.

Offline ElLib

  • Backer
  • *
  • Posts: 21
  • Thanks: 0
  • Registered : 16/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
THE INSECURITY OF THINGS:
« on: October 29, 2014, 12:38:33 am »
After reading how easily the MiCasa was owned, I would like to know how much forethought went in to security while building the Almond+?

http://www.xipiter.com/musings/the-insecurity-of-things-part-two

Offline ElLib

  • Backer
  • *
  • Posts: 21
  • Thanks: 0
  • Registered : 16/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: THE INSECURITY OF THINGS:
« Reply #1 on: November 04, 2014, 12:36:42 am »
Anybody? Bueller... Bueller... Bueller?
« Last Edit: November 04, 2014, 12:47:50 am by ElLib »

Offline Talard

  • Backer
  • *
  • Posts: 53
  • Thanks: 0
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: THE INSECURITY OF THINGS:
« Reply #2 on: November 04, 2014, 02:53:15 am »
Hi ElLib,

I read your article. it's really interesting and I think it's a good question.

The almond+ come with some fonctionnality like the VPN and FireWall that help for good security. And it could run with or without the cloud part.

Now, i really don't know if a DD-WRT router is secure or not in general, but for our privecy I hope IT will not as easy as for the Vera.

LGNilsson

  • Guest
Re: THE INSECURITY OF THINGS:
« Reply #3 on: November 04, 2014, 03:23:31 am »
Well, judging from the blog post you linked to, they haven't really done much that's any real kind of hacking, they seem to get excited about getting console access to the Vera Lite, something anyone can do on the Almond+ via the serial header.

What Vera clearly has done wrong is to store the private SSH key on their devices and this is a major security concern. This is not something we're doing, we only store the public key.

Keep in mind that the most common reason hackers get access to a router is because the user didn't change the default password. None of our products have a default password, as they all have a unique auto generated password. That said, the Almond+ did ship with the password set to root initially, but as of firmware R065, the root password is auto generated. We also have auto generated Wi-Fi SSID's and passwords. As such there are no default passwords on the Almond+ (or the Almond for that matter) which is a big advantage we have compared to just about all of our competitors.

 

Page created in 0.069 seconds with 21 queries.

bottleneck