Skip to main content

Logitech angers users with Harmony update that breaks some home automation setups

By

Some users of Logitech’s Harmony Hub and remote system have encountered a fairly big issue with the latest firmware update: it blocks local API access, which has in turn led to sudden problems — and broken automation systems — for many users and home theater integrators. Ars Technica reported on the situation yesterday.

Unfortunately, it’s not clear that Logitech has any solution for disappointed users. As the company explained in a forum thread, the 4.15.206 firmware update for the Harmony Hub system was in order to patch a security vulnerability, which also had the effect of blocking these other integrations. “These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority.”

In a statement to Ars Technica, Logitech further explained the issue, noting that “The XMPP interface was used as part of the setup process and was pointed out as an insecure communication. We removed that interface as part of an effort to make to improve the Hub security. That interface was never designed to be used by third parties.” In other words, from Logitech’s perspective, those users were essentially using a security flaw to build out their smart home systems, taking advantage of a feature that they were never supposed to use that ultimately was making the whole system less secure.

It seems to be a fair enough response; after all, Logitech does have to consider the security of its users and do what it thinks best to protect them. But fans aren’t pleased, especially considering that the company has a history of bricking remote setups without warning. Just last year, Logitech announced that its previous generation Harmony Link devices would stop working, and recommended that users switch over to the new Harmony Hub system — a move that would later seem the company offer free Hubs to to all Link owners as an apology.



from The Verge - Teches https://ift.tt/2GurLz5
Labels:

Comments

Post a Comment

Popular posts from this blog

Magic Leap is shipping across (most of) the US

By
As Magic Leap holds the first developer conference for its Magic Leap One mixed reality headset, that headset has started shipping across the contiguous United States, instead of in a set of select markets. The Magic Leap One Creator Edition costs $2,295, just like before, but there’s now an installment plan that starts at $96 per month. All orders are supposed to arrive within 60 days. The Magic Leap One Creator Edition went on sale in early August, and while Magic Leap has touted it as a fully functional device, it’s basically meant for people who want to design apps, games, or art for mixed reality. We were ambivalent toward the hardware, which we found limited, and we noted that Magic Leap hadn’t shown off a lot of material that showcased its potential. The company’s developer conference keynote has revealed several new projects. Among other things, Spider-Man studio Insomniac Games is building an experience that will let you grow a holographic creature on your tabletop, and...
Post a Comment
Read more

US carriers introduce Project Verify to replace individual app passwords

By
Four major US carriers — AT&T, Sprint, T-Mobile, and Verizon — are joining forces to launch a single sign-on service for smartphones. The service, called Project Verify , authenticates app logins so that users don’t need to memorize passwords for all their apps. The companies say their solution verifies users through their phone number, phone account type, SIM card details, IP address, and account tenure. Essentially, your phone serves as the verification method with details that are hard to spoof. Users have to manually grant apps permission to use Verify, and it works similarly to how you might log into some services through Gmail or Facebook instead of using a unique account password. Of course, these apps also have to choose to work with Verify, and the program hasn’t listed any partners or when it intends to launch. The service can serve as your two-factor authentication method, too, instead of an emailed or texted code that can be intercepted. Users might not be totally sa...
1 comment
Read more