{"id":6072,"date":"2016-10-24T13:40:31","date_gmt":"2016-10-24T17:40:31","guid":{"rendered":"http:\/\/avtech.com\/articles\/?p=6072"},"modified":"2025-10-24T09:31:47","modified_gmt":"2025-10-24T13:31:47","slug":"room-alert-iot-device-security","status":"publish","type":"post","link":"https:\/\/avtech.com\/articles\/6072\/room-alert-iot-device-security\/","title":{"rendered":"Room Alert and IoT Device Security"},"content":{"rendered":"

On Friday, October 21st <\/sup>2016, an unprecedented attack was made on Dyn<\/a>, a DNS provider that helps Internet traffic across the globe make its way to many of the world\u2019s popular websites.<\/p>\n

A significant number of heavily -trafficked sites were down for a good part of the day, including Twitter, The Wall Street Journal, Spotify, PayPal, and Netflix among many others.<\/p>\n

What makes this particular internet attack interesting is the fact that it used Internet of Things (IoT) devices to launch the denial of service traffic against Dyn<\/a>. In years past, these attacks were usually the result of servers and desktop computers that were infected by malware, and unknowingly used to launch the flood of traffic that brought down targeted servers or websites. This most recent attack used IoT devices such as routers, IP cameras, DVRs, thermostats \u2013 basically any device that connects to the internet to send updates to users, or allows itself to be controlled remotely by its owner.<\/p>\n

IoT Device Security<\/strong><\/h3>\n

\"room-alert-ui2-manual\"<\/a>IoT device security has been in the news a lot recently due to the publicizing of some major IoT device security flaws<\/a> manufactured by a company in Taiwan. Soon after that information was made public, and source code was released for a larger exploit that impacted a number of other types of devices, IoT devices were used to send the traffic that brought down Dyn\u2019s servers. This followed earlier smaller attacks and warnings from security experts<\/a> that a larger attack was likely very soon.<\/p>\n

Room Alert <\/a>is firmly within the IoT sphere, as it\u2019s designed to send alerts and notifications to users based on the environment factors it\u2019s monitoring. Room Alert can also take automatic corrective action based on those alerts, such as turning on a water pump or fan if certain environment triggers are set up.<\/p>\n

It\u2019s important to note that although Room Alert is considered an IoT device, we\u2019ve taken a good number of steps to help protect the security of our devices and our customers.<\/p>\n

Purpose Built Firmware in Room Alert<\/strong><\/h3>\n

One major security flaw with some IoT devices is tied into the firmware and software the devices run. When IoT devices run common embedded Linux operating system versions, and specifically the Busybox software that provides stripped down versions of common Unix tools in a single executable, it\u2019s easier to find ways to manipulate those devices from the outside.<\/p>\n

Room Alert\u2019s firmware is purpose built, which means that it\u2019s specifically designed for Room Alert devices. Room Alert runs very specifically designed firmware that\u2019s set up to only provide the functions the devices need to monitor, alert and report \u2013 that\u2019s it. Room Alert does not leverage the common Busybox Unix tools.<\/p>\n

Secure Monitoring with GoToMyDevices<\/strong><\/h3>\n

Our GoToMyDevices portal<\/a> offers our customers an easy and secure way to monitor and manage Room Alert. Users can see their devices, reports, alerts, and data directly within the GoToMyDevices portal from any internet-connected device. Sensor data is pushed directly to GoToMyDevices from Room Alert; GoToMyDevices does not require a connection back to Room Alert.<\/p>\n

Since traffic is only one way, from Room Alert on the customer\u2019s network to GoToMyDevices, there\u2019s no need for users to open up ports on their local firewalls. Traffic doesn\u2019t need to get in when customers use GoToMyDevices, and users don\u2019t need to worry about those additional open firewall ports adding additional potential points of entry for malicious traffic.<\/p>\n

Room Alert Doesn\u2019t Use Universal Plug and Play<\/strong><\/h3>\n

Universal Plug and Play, commonly referred to as UPnP, is a protocol that\u2019s widely used in internet-connected devices to make them easy to set up, and also allows them to discover other devices on their local networks to \u201ctalk to\u201d. This protocol has been identified as a major vulnerability when it comes to outside malicious traffic<\/a>, and has been recommended to be disabled in many instances.<\/p>\n

Room Alert does not use UPnP to connect itself to other local network devices or GoToMyDevices for remote monitoring. Again, as we noted above Room Alert uses custom firmware and is designed to provide one-way traffic to our GoToMyDevices platform, the preferred way to monitor your Room Alert. By not using UPnP, we\u2019ve removed one major way IoT devices can be exploited by malicious users and traffic.<\/p>\n

UPDATE<\/strong> – Our Support Team has published an FAQ <\/a>on how to further increase security on a Room Alert, which includes instructions on disabling unwanted or unused features.<\/p>\n

Heightened IoT Device Security<\/strong><\/h3>\n

Going forward, it\u2019s expected that more Denial of Service attacks such as the one suffered by Dyn will occur. With so many devices connected to the internet it\u2019s inevitable that these types of attacks will last longer, and potentially cause more damage. We always keep those security issues in mind here at AVTECH, which is why Room Alert is designed to run its own purpose-built firmware, offering very little in the way of potential security holes. We know that our business is protecting our customers\u2019 most important assets. Our customers can trust that AVTECH takes security very seriously and is continuously evaluating our products against current and future threats.<\/p>\n

If any of our users or partners worldwide have any questions about Room Alert, GoToMyDevices, or our products in general as it relates to their security, we welcome you to contact us at any time<\/a>. We fully stand behind our products here at AVTECH and are glad to know our users in over 180 countries stand behind them as well.<\/p>\n

Note: The former GoToMyDevices online monitoring and management platform was migrated into RoomAlert.com in December 2017. For more information, please see our announcement article and FAQ<\/a>. <\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

On Friday, October 21st 2016, an unprecedented attack was made on Dyn, a DNS provider that helps Internet traffic across the globe make its way to many of the world\u2019s popular websites. A significant number of heavily -trafficked sites were down for a good part of the day, including Twitter, The Wall Street Journal, Spotify, […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0},"categories":[20],"tags":[36,37,41,42,47],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n