A few months ago the KRACK exploit was published which effectively lets attackers decrypt all Wi-Fi network traffic to and from the victim by triggering a vulnerability in the WPA2 authentication protocol. Once the traffic is decrypted, it can be further modified and injected with malware, ransomware or other malicious exploits to make matters worse.
The Rhombus team takes product security very seriously and thus has developed a highly scalable and reliable OTA infrastructure to release firmware updates and patches to our cameras with complete audit and diagnostic trails. Using our OTA system, we deployed a patch to all of our beta cameras within a week. Then, working with our hardware vendor, we recently released a patch to all of our recently released R1 cameras. Even in the interim time between the vulnerability details and the patches, our cameras were not susceptible to the vulnerability as all communication between the cameras and our servers happen over a mutually authenticated SSL connection.
Having a well-designed OTA firmware release infrastructure has become a crucial and non-negotiable requirement for any enterprise/corporate product. We urge everyone to be diligent in choosing any hardware and IoT products they release within their company.
If you're interested in learning more about our security approach, check out one of our previous blog entries on the subject.
If you have any questions, please do reach out to our security team - email@example.com
Every month, Rhombus deploys product improvements that make using the platform more intuitive, powerful, and user-friendly. These updates are rolled out automatically, so you can start enjoying them right away. This January, we’ve released improvements to the Apple TV App, Video Walls, Facial Recognition, and more. Keep reading to learn about what’s new!
After a year dominated by the COVID-19 pandemic, Team Rhombus entered 2021 with more determination than ever to pursue its mission of making the world a safer place with simple, smart, and powerful physical security solutions. Along the way, we delivered a ton of new products and features, rolled out thousands of improvements and optimizations, and became more involved in our industry and community. It’s been an incredible year for Rhombus, so here are a few highlights to summarize all we’ve accomplished.
On December 9th 2021, the Apache Log4j project disclosed a zero day vulnerability that affects Log4j. This vulnerability is also known as Log4Shell. Upon learning of this exploit, Rhombus took immediate action to see if any of its services used Log4j. Our analysis over the last few days found the following.