Under the hood Linux Debian updated?

[Lambik 194]

Hi guys!

I'm still on firmware version 3.560. When the new 'stable' version is stable enough I want to update my HC2 to 4.3xx.

What I was wondering, when updating to a new firmware is the HC2 embedded Debian version also updated?

If not, that could be really a security issue because I can see that 83 packages can be updated....

Also if the new firmware is not upgrading the embedded Linux version, is it safe to do it my self by using the

Please login or register to see this code.

command?

Please advice....

[eg1l 0]

I believe the kernel is 2.6 after upgrading to 4.030 :/

[Bamsefar 13]

The question might be: What happens if one clones the "USB-SSD" to a real SSD connected to SATA interface instead of the USB interface?

[Alex 32]

You should not do this.

Otherwise any future update might now work any more (because the update script fails or package dependencies are not given anymore or ...).

Also if the HC2 is not accessible via internet (besides reverse proxy) the known security vulnerabilities are mostly not that important.

[eg1l 0]

Personally I do not expose my HC2 to the internet. I even turned off remote access and use VPN for my phone, so the app still works.

[Bamsefar 13]

Well, considering how bad the latest so called "stable" firmware is, I fail to see the problem with trying to boost the performance.

For the record, someone has already cloned the USB-SSD to a SATA-SSD and is using a SATA to USB converter and is running the system on the SATA-SSD with no problems.

eg1l: The HC2 does a call home over port 80, so I assume you have closed HC2 for ALL external communication, and bye that I do mean ALL external communication????

[eg1l 0]

Well, considering how bad the latest so called "stable" firmware is, I fail to see the problem with trying to boost the performance.

For the record, someone has already cloned the USB-SSD to a SATA-SSD and is using a SATA to USB converter and is running the system on the SATA-SSD with no problems.

dd can do a lot of magic

Please login or register to see this image.

/emoticons/default_smile.png" alt=":)" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

eg1l: The HC2 does a call home over port 80, so I assume you have closed HC2 for ALL external communication, and bye that I do mean ALL external communication????

Well, it can phone home (to fibaro, weather etc), so I have not closed port 80 outbound.

[Lambik 194]

I believe the kernel is 2.6 after upgrading to 4.030 :/

The 3.600 has:

Linux version 2.6.32-5-686 (Debian 2.6.32-38) ([email protected]) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Mon Oct 3 04:15:24 UTC 2011

OpenSSL version:

OpenSSL 0.9.8o 01 Jun 2010

built on: Sun Sep 25 00:44:46 UTC 2011

Ever heard of Heartbleed bug?

Please login or register to see this image.

/emoticons/default_icon_curve.gif" alt=":-/" />

I don't know if mod_CGI is used but this is vulnerable issue regarding the Shell Shock bug (Bash Vulnerability)

Does anybody know how to check this?

[robmac 173]

Well in truth you can do what you want but don't expect support. But then if you are able to do this you probably don't need support.

I choose not to as the reason I run fibaro is I hope that in the long term it will not need me to spend time maintaining it.

If I wanted to play I would go and grab one of these

Please login or register to see this link.

and an open source stack and start doing that.

[Lambik 194]

I choose not to as the reason I run fibaro is I hope that in the long term it will not need me to spend time maintaining it.

Agree, same here. But I do concern Fibaro's lack of sense of security. No possibility to use https, non-updated embedded Linux, no way to check (logs) if security is breached and the closed source attitude is really annoying me. A lot!!

There is, in my house, no device so privacy sensitive as the HC2. Camera's, security devices, lightning etc, everything is controlled by the HC2, and there is no way I can check if security is manipulated or breached.

When I compare it with, for example, Synology there is a big, really big, difference.

For example, Synology's NAS OS is

Please login or register to see this link.

, have a lot of logging, has the ability to customize the firewall, present automatically security patches etc. etc.

I wish Fibaro was more open to its users, how things are working and what things must be done to maximize security and my privacy.

[robmac 173]

I choose not to as the reason I run fibaro is I hope that in the long term it will not need me to spend time maintaining it.

Agree, same here. But I do concern Fibaro's lack of sense of security. No possibility to use https, non-updated embedded Linux, no way to check (logs) if security is breached and the closed source attitude is really annoying me. A lot!!

There is, in my house, no device so privacy sensitive as the HC2. Camera's, security devices, lightning etc, everything is controlled by the HC2, and there is no way I can check if security is manipulated or breached.

When I compare it with, for example, Synology there is a big, really big, difference.

For example, Synology's NAS OS is

Please login or register to see this link.

, have a lot of logging, has the ability to customize the firewall etc etc.

I wish Fibaro was more open to its users, how things are working and what things must be done to maximize security and my privacy.

what security cameras do you run? Are they secure with a nice patched version of linux and no easy hacker fest?

[Lambik 194]

I have camera's attached with the latest firmware, blocked in- and outgoing internet access, passwords containing >20 characters. For the HC2 --> IPCam I use separate non-admin accounts.

The weakest link, IMHO, is still the HC2.....

[robmac 173]

what make? what chipset?

[Lambik 194]

Why? Do want to try to gain access?

Please login or register to see this image.

/emoticons/default_icon_mrgreen.gif" alt=":mrgreen:" />

Just kidding... Is there a point you want to make?

[robmac 173]

Just interested. If they are Chinese clones they may be a bigger issue than hc2 even if you patch them

[Lambik 194]

I know what you mean. Like Foscam, Wansview, Wanscam, HooToo, Tenvis, etc.

I do have a Foscam Camera with the latest update-firmware from 22 December 2014. Also I (forced)blocked every communication to and from the internet, no DDNS, no UPnP, no FTP/Email/SMB communication. I have connected them via a managed switch where I can mirror the communication and check them with Wireshark when I suspect something...

Bit off-topic though....

Please login or register to see this image.

/emoticons/default_icon_wink.gif" alt=";-)" />

[robmac 173]

Sort of but we are happy to put up with poor security from security cameras but expect better from other items.

I have a Samsung smart TVs that I am sure is not secure.

I would love HC2 to be more secure but it is not the worst offender I have. Sort of yes but take normal precautions and no big deal.

[Lambik 194]

I did anything I could to secure all my other devices. If I don't trust it I blocked any communication possibility to the internet.

Maybe for you it isn't it a big deal, for me it definitely is. The only way to defend is to know. Knowledge should be shared.

So, if anybody can give more information, either the ones who created it or a dedicated user, is highly appreciated!

[robmac 173]

I did anything I could to secure all my other devices. If I don't trust it I blocked any communication possibility to the internet.

Maybe for you it isn't it a big deal, for me it definitely is. The only way to defend is to know. Knowledge should be shared.

So, if anybody can give more information, either the ones who created it or a dedicated user, is highly appreciated!

I just accept there is no way to defend whoever you are. Even the so called experts get hacked sometimes.

I just know that I have nothing anyone would want. If I build a big high wall it is an invitation to knock a hole in it just because they can or because they assume I must be hiding something worth having.

So I just take normal precautions. No door locks or alarms on z-wave because they will be hacked sooner or later and then I have the hassle of getting the new expensive upgrade to get secure again.

[Lambik 194]

Okay, noted....

Please login or register to see this image.

/emoticons/default_wink.png" alt=";)" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

On topic again?