PRODUCT SECURITY FOR WIFI CONNECT APPLIANCES
Effective Date: Oct 15, 2018
ArraHome is vigilant about securing your connected appliance.
At ArraHome, we are very aware of the need to protect your appliance. We take steps to protect your appliance by Security-by-Design, a process and methodology that builds in security during all aspects of the development and the manufacturing of your ArraHome appliance. Your appliance is protected using industry standard security methodologies as used in online banking and other electronic commerce.
QUESTIONS ABOUT SECURITY
We are committed to answering your questions or any concerns you may have. At ArraHome, our goal is to ensure your satisfaction, while offering the highest levels of professional service.
For security pointers on configuring your home router, good security Internet hygiene, and keeping your devices up-to-date, please read our ArraHome Connected Home Security Guidance section below.
If this does not address your needs, Or, if you have a specific security concern or believe you have found a security vulnerability with a ArraHome product, please contact the ArraHome Product Security Incident Response Team at please email email@example.com.
In your email, please include the following information:
ArraHome Product Name(s), Model(s), and Serial Number(s)
Description of the concern or vulnerability
Information to help replicate the issue, such as configuration details, a proof-of-concept, or exploit code
Whether or not you would like to be contacted in case more information is needed, and
Whether or not you would like to be acknowledged in helping us to improve our products. Should you choose to remain anonymous, we will not publicly disclose your identity. At ArraHome, maintaining your privacy is important and we will not publicly disclose your identity unless you inform us otherwise.
We will respond if further information is needed to investigate a security issue. Please note, ArraHome does not disclose, discuss, or confirm any security issue until a full investigation is complete and any necessary press releases, security patches, and releases are available.
ArraHome acknowledges security researchers who have selected not to opt-out and who have reported security issues on ArraHome products through contacting firstname.lastname@example.org.
ARRAHOME WIFI CONNECT HOME SECURITY GUIDANCE
ARRAHOME WiFi Connect Appliances are designed to deliver a connected home experience while protecting your data. The installation/configuration of these products involves other computer products in your home, such as a smart phone, tablet, and WiFi network. This guide lists tips and best practices regarding security aspects of these devices.
1. CHOOSE A UNIQUE SSID (NETWORK NAME)
If your SSID is not unique, ARRAHOME WiFi connected appliances may have trouble identifying your network or automatically connecting to your network.
2. CHANGE THE DEFAULT ADMINISTRATOR PASSWORD ON YOUR HOME WIRELESS NETWORK
Not changing the default administrator password on your home router increases your security risk.
3. USE WPA2 ENCRYPTION ON YOUR HOME WIRELESS NETWORK
The four most common home wireless network configurations are: Open, WEP, WPA, and WPA2. Choose WPA2 for the highest level of protection.
Open (or unsecured mode) does not provide authentication or encryption. If you use this security mode, anyone in close proximity to your WiFi network will be able to join your network, use your Internet connection, and access any shared resources. In addition, they will be able to read much of the data you send over the network. For these reasons, this WiFi mode is highly discouraged.
WEP (Wired Equivalency Protocol) provided protection through encryption when it was first introduced in 1999. Unfortunately, tools are now commonly available that allow an attacker to break into a WEP network in a matter of minutes. For this reason, WEP should also be avoided.
As one of the most robust forms of security offered by WiFi products today, WPA2 (Wireless Protected Access) is strongly recommended. When using WPA2, both TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) options are typically available. While TKIP is still widely considered secure, the AES option is preferred.
Please refer to your router manufacturer's documentation or contact your local computer/network service provider for help ensuring that your WiFi network is adequately secured.
4. CHOOSE A STRONG PASSWORD
It is suggested that strong passwords be used, conforming at a minimum to the following rules:
At least eight characters long
Does not contain your name, email address, or other personal identification
Does not contain a complete word
Contains characters from all of the following four categories:
Symbols found on the keyboard
5. BE CAREFUL ON USING PASSWORD KEEPERS
Although convenient, it is recommended to not use them at all. Use passphrases for passwords as they tend to be easier to remember.
6. BE CAREFUL WHAT YOU CLICK
Review the URL before you click and go to known and trusted Internet sites. If the URL looks funny, do not click it. A lot of untrusted URLs are variants of trusted ones, with words that at first glance seem that they are spelled correctly but actually are not. Be sure and review the URL address completely.
7. BE CAREFUL ON OPENING EMAIL ATTACHMENTS OR ATTACHMENTS CONTAINED ON THE INTERNET SITE
Verify the source sent you the attachment before you open it. If you cannot verify the source, don't open the attachment.
8. SECURITY PATCHING
Keep your smart phone(s) and tablet(s) up-to-date with security patches provided by the manufacturer. Please refer to your device's operating system and software application manufacturers for appropriate guidance.
9. SMART PHONE AND TABLET PASSWORD PROTECTION
Ensure that your smart phone and tablet always has a screen lock password and is set to automatically enter a locked state after a short period of inactivity.
10. LOSS OF YOUR SMART PHONE AND TABLET
Call the ArraHome Connected Home Support Line as soon as possible if your lost or stolen smart phone has a ARRAHOME Connected Appliances app installed. ArraHome can disable outside-of-the-home control of your appliances. If you cannot reach the ArraHome Connected Home Support Line immediately, please contact your smart phone provider to notify them of your lost device.