Blog

Remote firmware update

By November 5, 2019 November 12th, 2019 No Comments

Our team has been working around the clock to deliver software fixes for the remote. These vital reliability and security patches contribute towards the shipping delay.  We have nearly completed the transition from the pre-release Texas Instruments SDK to the latest official build.

The impact the SDK has had on device firmware and the Garage app has required low level redesign of our Over Air Download (OAD) firmware update system.  We can disclose the nature of this security vulnerability because a patch has been implemented and passed testing. The OAD firmware feature in our SOC radio previously exposed custom BLE protocols to receive firmware updates at all times. Initially this was perceived as a power drain bug, but we have since discovered that firmware could be uploaded to the device at any time. This has the potential to interrupt and suspend normal operations.  While the likelihood this occurs in the wild is low, it presented us with the possibility that malicious code can be uploaded and executed remotely.

The original OAD system performs the integrity check of the firmware payload against information provided by the app, but it did not verify that the firmware was compiled by us. Our patch requires that users navigate to the “OAD Enable” menu option under “Pairing” and initiate the firmware upload from their mobile device during the 60s time out window. Furthermore, all future firmware is key-signed to prevent side-loaded firmware. As such, it is no longer possible to downgrade your remote firmware to previous builds.

An update to the Jed Garage app shall be pushed to beta testers later this week along with a refreshed device setup and registration interface.  This update is mandatory and access to unsigned firmware builds through the old app will no longer be possible.  If you are experiencing trouble re-registering your account, please contact technical support.

We are constantly testing new firmware builds with a number of remotes and boards and collecting data at each step of the way. We know how infuriating these delays are and you have been patiently waiting for your board for some time.

As of this week we have now finished most of the major issues, and we now need to go through and fix the last of the small bugs and clean ups in preparation for release.