 |
| Image from Pixabay |
Two
weeks ago I promised here, as an incentive to myself, to give my smart
equipment some attention. I was to investigate if they needed a software update
and do so if necessary. This week I will report on my search. I also mention
company and brand names; not as an advertisement or to criticize them, but
because it's nice in case you have those things yourself.
My
search started at the front door: at the modem/router. That is from my internet
provider Ziggo and is called Connectbox Giga (a rebranded Arris TG3492). If you
log in to the modem's management page, you can find out which software version
it is running. It just doesn't say from when that software is, or it must be
hidden in the very long version number (AR01.04.092.09_ 071423 _7248.SIP.10.LG.X2).
I asked the Ziggo community how you can find out which is the current version.
They say that this is the correct one, but I’m afraid that if you want to check
it yourself you will probably have to get that information from the
manufacturer.
Then
the LG dryer. The accompanying app displays the version of four pieces of
software under device information, and says: “Software is up to date”.
Apparently the app checks this online itself. I just can't tell from when those
updates are. I mean: if that software has never been updated after it was
released - years ago - then my software is indeed up to date, but there is
probably quite a bit of room for improvement in the meantime. And perhaps such
a necessary improvement was related to the security of the device. But that
remains guesswork. I want to act as a normal user here and will therefore not
go all the way as to find out exactly from when version SAA39935009.0000B455 of
'Firmware 0' is. They could easily add that to the already provided information.
The
Bosch dishwasher lets you choose between automatically downloading software
(including installation, I hope) and confirming the individual steps
(download/installation). It also shows a version number somewhere, but it is
not clear whether this concerns software or the device itself, and from when
that version is. There is also something that I have not seen before on a
device: the validity period of a certificate. You know certificates from
websites, from the lock that indicates that the site is secured, and from the s
in https. I am positively surprised that this device apparently uses a
certificate for communications security.
Next
candidate: Philips Hue smart lamps. The accompanying app says: “Everything is
updated”. The automatic updates option is turned on and you can even
choose the time at which the updates should be performed. Furthermore, each
device has a version number, but here too it is not clear from when that
version is.
The
stereo system also has a few components that are connected to the WiFi network:
the Yamaha receiver and, since last week, two wireless surround speakers from
the same brand. The latter's installation manual states that you must ensure
that all components have the latest firmware version. During the installation
of the speakers, the app indeed indicated that a new version had to be installed,
which then happened. The app says about the receiver: “Firmware is up to date”.
Unfortunately, again without a date, only - in a different place in the app - a
version number.
Finally,
there are the solar panels. We have two different installations: the first
works via the SolarEdge app, the second uses Enlighten/Enphase. SolarEdge does
not provide a version number, but – yes, finally! – the date of the last
update. That was February 18 of this year, so very recently. It also means that
the updates are done automatically, because I didn't do anything. Enlighten
provides information about two types of devices. The gateway, which
communicates with me, shows a firmware version number and a date when it was
last connected to the Enphase cloud. It is not clear whether updates are
checked. The micro inverters (each panel has one, rather than a central
inverter) all have two firmware version numbers and a communication date, and
again it is not clear whether they are related.
Conclusion
of this operation: it seems as if everything is fine, but it is not certain,
except for the SolarEdge panels and (to a slightly lesser degree of certainty)
the modem. Manufacturers still have some work to do to provide consumers with
real information and to take away the bad feeling that I am being lulled to
sleep with the meaningless term 'up to date'.
And in the big bad world...
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- the FBI handles updates for your router.
- you can hack this doorbell by ringing the doorbell.
- Clingendael advocates European sovereignty in the cloud.
- We simply put our important e-mail in the American cloud. [DUTCH]
- Russia runs a misinformation campaign against Navalny's widow.
- 2FA codes have been leaked due to an error by an SMS company.
- gas stations in New Zealand were unable to cope with the leap year.
- the Dutch government has launched the NIS2 Quickscan. [DUTCH]
- GitHub is full of malicious repositories.
- the Dutch police advertise on Google to prevent cybercrime. [DUTCH]
- you can also be infected through your agenda.
- the White House promotes the use of memory safe programming languages.
- young people think that anyone can become a victim of cybercrime, except themselves. [DUTCH]
- the LockBit ransomware gang is back.
.jpg)
No comments:
Post a Comment