Logitech harmony hub update breekt local access

Ander nieuws dat te maken heeft met topics die op userbase kunnen besproken worden
Plaats reactie
ITnetadmin
userbase crew
userbase crew
Berichten: 8965
Lid geworden op: 28 jan 2012, 18:22
Uitgedeelde bedankjes: 199 keer
Bedankt: 689 keer
Recent bedankt: 2 keer

De nieuwste Harmony update van Logitech lijkt de local access tot het toestel af te sluiten, waardoor vele 3rd party APIs, gebruikt door ITers om hun domotica aan te drijven, niet meer werken.
Logitech recently released a firmware update for Harmony hub-based remotes that addressed some security vulnerabilities brought to our attention by a third-party cyber security firm. Logitech takes our customers’ security seriously, and we work diligently to fix these kinds of issues as they’re discovered.

Last week we began rolling out this update. We are aware that some customers using undocumented Harmony APIs for local home control were affected as a side-effect of our closing these vulnerabilities. These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority.

We urge customers to update to this latest firmware, version 4.15.206. Please see this article for complete directions on checking and updating your current firmware version.
https://arstechnica.com/gadgets/2018/12 ... b-systems/

De gevaren van online platformen die zelf beslissen hoe en hoelang je hun devices mag gebruiken...
Gebruikersavatar
devilkin
Administrator
Administrator
Berichten: 5998
Lid geworden op: 17 mei 2006, 20:10
Uitgedeelde bedankjes: 826 keer
Bedankt: 506 keer
Recent bedankt: 2 keer

Is al ter discussie gekomen in de home assistant thread, mss naar daar linken?

Sent from my ONEPLUS A6003 using Tapatalk
Telenet All-Internet -- using CV8560E & OPNsense on PCEngines APU2E4
Proximus & Mobile Vikings -- Using OnePlus 8 Pro (ROM: Stock)
ITnetadmin
userbase crew
userbase crew
Berichten: 8965
Lid geworden op: 28 jan 2012, 18:22
Uitgedeelde bedankjes: 199 keer
Bedankt: 689 keer
Recent bedankt: 2 keer

Als je de link hebt, doe maar, want dat topic is me niet direct bekend.


Info update, nieuwe statement:
The XMPP interface was used as part of the setup process and was pointed out as an insecure communication. We removed that interface as part of an effort to make to improve the Hub security. That interface was never designed to be used by third parties.

The reason for the firmware update was to make the Harmony Hub more secure, therefore we do not have an official downgrade option. We recommend that users do not try to prevent the automatic firmware update process. We update the firmware as security issues are discovered, so users preventing the automatic firmware update process would not benefit from these future fixes.
Maw, "tough luck".
ITnetadmin
userbase crew
userbase crew
Berichten: 8965
Lid geworden op: 28 jan 2012, 18:22
Uitgedeelde bedankjes: 199 keer
Bedankt: 689 keer
Recent bedankt: 2 keer

En de backlash had blijkbaar succes:
Update, Dec 21, 2:47pm: In response to customers' frustration, Logitech issued another statement today with instructions on how to enable private local API controls. The company created a new XMPP beta program that will give users access to the local controls that were removed in the most recent Harmony Hub firmware update. Logitech plans to release an official firmware update with XMPP controls in January.
Plaats reactie

Terug naar “Ander nieuws”