Information Security questions

[ChillyPenguin]

I received my Almond+ today, and I have a few questions around information security.
1.  I noticed the pass phrases for my wireless networks are stored and displayed in the clear by your service.  How do I disable this?
2.  Following on the last question, I have not added any additional sensitive information (VPN credentials, SSH keys, etc), but I am curious what other fields are available in the clear to your service. Please enumerate them.  If the entire device configuration is stored in this way, please let me know.
3.  I noticed in a previous post you mentioned your service runs in AWS.  As you are likely aware, EBS volumes are not encrypted at rest by Amazon.  What mechanisms do you have in place to assure the next tenant of those block devices can not read our data.  This is to say, are you implementing OS level encryption of storage?
4.  Can I manage the device with the mobile app without using your cloud service?  If not, is this feature on your road map (outside just hitting the local web admin interface)?
5.  How to I enable HTTPS on the local management interface, and disable HTTP?
6.  When in AP mode, the device still runs a DNS server and responds to queries on the management IP.  Why is this happening, and if it is not required, how do I turn it off?
7.  I found and disabled the DLNA service that is running, but there are a couple of others (neSendCmd and CloudDeamon). The latter is pretty obvious, but what is the former?

[gergles]

Yeah, #1 especially I'm not thrilled about. I have a long and complex passphrase and I don't want it being bounced up to the Internet...

[LGNilsson]

I'm afraid I can't answer all of these questions, but let me take a stab at what I can answer.

1. Apparently none of this stuff is stored on the cloud service and it's all sent via SSL encryption from the Almond+ to the cloud and then to the mobile devices.

2. None of this is being sent as far as I'm aware, it was only the SSID and the Wi-Fi password.

3. I'm afraid that I don't have an answer for this, but I'll find out.

4. No and no, it's currently not something we're planning I'm afraid.

5. That's currently not implemented and I'm afraid I don't have an ETA.

6. Sorry, I don't really have an answer for this one either.

7. Not sure, I'll have to find out. DLNA should be disabled by default though.

[gergles]

1. Apparently none of this stuff is stored on the cloud service and it's all sent via SSL encryption from the Almond+ to the cloud and then to the mobile devices.

If you log in to the cloud service on the desktop, you can see the key there. Do you know if the information is encrypted using our Almond service passwords, or if there is one common key being used?

[j8048188]

4.  Can I manage the device with the mobile app without using your cloud service?

Since this isn't in the roadmap, here's a workaround:
1.Set up a VPN server on your network (Your Almond can do this)
2. Connect to the VPN.
3. Manage the Almond from the local-based web UI.

It may not be as easy as the app, but it does work.

[sorphin]

or if you're at home and want to use your phone, use the browser on your phone. ;-)

[ChillyPenguin]

Resurrecting this thread to see if Securifi can provide better answers to my questions from August last year. 

[rldreams]

1 To secure your WiFi passphrase not being visible on lcd, simply enable the lock screen, so you need to enter your pin to access the LCD .

2 see #1

3 Not a clue

4 same as last year direct your mobile device to the LAN web address and log in directly. This also works if you have any devices running Android 2.x or 3.x which don't work with the app.

5 I am always on https on local, so I don't understand why you are not

6 DNS is disabled when in AP mode and all addressing is done by the master router.  Of course if you log into management it is still going to respond. How else would you be able to initiate commands ?

7. I would assume ( if wrong somebody will correct me) nesendcmd is used to send commands