Product Security

ArraHome-Logo-blue.png

PRODUCT SECURITY FOR WIFI CONNECT APPLIANCES

Effective Date: Oct 15, 2018

ArraHome is vigilant about securing your connected appliance.

At ArraHome, we are very aware of the need to protect your appliance. We take steps to protect your appliance by Security-by-Design, a process and methodology that builds in security during all aspects of the development and the manufacturing of your ArraHome appliance. Your appliance is protected using industry standard security methodologies as used in online banking and other electronic commerce.

QUESTIONS ABOUT SECURITY

We are committed to answering your questions or any concerns you may have. At ArraHome, our goal is to ensure your satisfaction, while offering the highest levels of professional service.

For security pointers on configuring your home router, good security Internet hygiene, and keeping your devices up-to-date, please read our ArraHome Connected Home Security Guidance section below.

If this does not address your needs, Or, if you have a specific security concern or believe you have found a security vulnerability with a ArraHome product, please contact the ArraHome Product Security Incident Response Team at please email service@arrahome.com.

In your email, please include the following information:

ArraHome Product Name(s), Model(s), and Serial Number(s)

Description of the concern or vulnerability

Information to help replicate the issue, such as configuration details, a proof-of-concept, or exploit code

Whether or not you would like to be contacted in case more information is needed, and

Whether or not you would like to be acknowledged in helping us to improve our products. Should you choose to remain anonymous, we will not publicly disclose your identity. At ArraHome, maintaining your privacy is important and we will not publicly disclose your identity unless you inform us otherwise.

We will respond if further information is needed to investigate a security issue.  Please note, ArraHome does not disclose, discuss, or confirm any security issue until a full investigation is complete and any necessary press releases, security patches, and releases are available.

ArraHome acknowledges security researchers who have selected not to opt-out and who have reported security issues on ArraHome products through contacting service@arrahome.com.

ARRAHOME WIFI CONNECT HOME SECURITY GUIDANCE

ARRAHOME WiFi Connect Appliances are designed to deliver a connected home experience while protecting your data. The installation/configuration of these products involves other computer products in your home, such as a smart phone, tablet, and WiFi network. This guide lists tips and best practices regarding security aspects of these devices.

1. CHOOSE A UNIQUE SSID (NETWORK NAME)

If your SSID is not unique, ARRAHOME WiFi connected appliances may have trouble identifying your network or automatically connecting to your network.

2. CHANGE THE DEFAULT ADMINISTRATOR PASSWORD ON YOUR HOME WIRELESS NETWORK

Not changing the default administrator password on your home router increases your security risk.

3. USE WPA2 ENCRYPTION ON YOUR HOME WIRELESS NETWORK

The four most common home wireless network configurations are: Open, WEP, WPA, and WPA2. Choose WPA2 for the highest level of protection.

Open (or unsecured mode) does not provide authentication or encryption. If you use this security mode, anyone in close proximity to your WiFi network will be able to join your network, use your Internet connection, and access any shared resources. In addition, they will be able to read much of the data you send over the network. For these reasons, this WiFi mode is highly discouraged.

WEP (Wired Equivalency Protocol) provided protection through encryption when it was first introduced in 1999. Unfortunately, tools are now commonly available that allow an attacker to break into a WEP network in a matter of minutes. For this reason, WEP should also be avoided.

As one of the most robust forms of security offered by WiFi products today, WPA2 (Wireless Protected Access) is strongly recommended. When using WPA2, both TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) options are typically available. While TKIP is still widely considered secure, the AES option is preferred.

Please refer to your router manufacturer's documentation or contact your local computer/network service provider for help ensuring that your WiFi network is adequately secured.

4. CHOOSE A STRONG PASSWORD

It is suggested that strong passwords be used, conforming at a minimum to the following rules: 

At least eight characters long

Does not contain your name, email address, or other personal identification

Does not contain a complete word

Contains characters from all of the following four categories:

Uppercase Letters

Lowercase Letters

Numbers

Symbols found on the keyboard

5. BE CAREFUL ON USING PASSWORD KEEPERS

Although convenient, it is recommended to not use them at all. Use passphrases for passwords as they tend to be easier to remember.

6. BE CAREFUL WHAT YOU CLICK

Review the URL before you click and go to known and trusted Internet sites. If the URL looks funny, do not click it. A lot of untrusted URLs are variants of trusted ones, with words that at first glance seem that they are spelled correctly but actually are not. Be sure and review the URL address completely.

7. BE CAREFUL ON OPENING EMAIL ATTACHMENTS OR ATTACHMENTS CONTAINED ON THE INTERNET SITE

Verify the source sent you the attachment before you open it. If you cannot verify the source, don't open the attachment.

8. SECURITY PATCHING

Keep your smart phone(s) and tablet(s) up-to-date with security patches provided by the manufacturer. Please refer to your device's operating system and software application manufacturers for appropriate guidance.

9. SMART PHONE AND TABLET PASSWORD PROTECTION

Ensure that your smart phone and tablet always has a screen lock password and is set to automatically enter a locked state after a short period of inactivity.

10. LOSS OF YOUR SMART PHONE AND TABLET

Call the ArraHome Connected Home Support Line as soon as possible if your lost or stolen smart phone has a ARRAHOME Connected Appliances app installed. ArraHome can disable outside-of-the-home control of your appliances. If you cannot reach the ArraHome Connected Home Support Line immediately, please contact your smart phone provider to notify them of your lost device.