Hello all,
I have a Vera Edge controller and I have stumbled across a couple of blog posts regarding the security of these devices. They have me really concerned.
Vera Edge Home Controller – Remote Shell via Unauthenticated Command Injection
Vera Edge Home Controller – LuaUPnP Unauthenticated Command Injection`
As a developer and security enthusiast I was able to successfully follow the proof of concepts and hack my own device. Why doesn’t Vera fix these issues? Do they not take security seriously?
A fair question indeed, especially in light of the new parent company (ezlo) being headed by @melih (wiki), co-founder of Comodo (well-known for its strength in the computing security sector).
I don’t know how often they have updated the Vera Edge (originally designed by MiCasaVerde) or attempted to patch any security flaws inherent in that controller.
I’ll be interested to hear their response to your questions!!
P.S. Until today, I never knew micasaverde was based in Hong Kong!
1 Like
It’s a bit of an irony but it is obvious that the focus has turned towards the new platform with no intent to shake the coconut tree on the old. I am certain the new platform will be better (the opposite would be pretty amazing). By how much is the question.