Statement in Response to the Press Article
„Die Spione in der Steckdose“
(“the Spy in the Plug”)
(Sonntagszeitung 12 August 2018)
We would like to take this opportunity to thank you for your long-standing trust in our products and our company and we can assure you that we have completely fixed the security flaw mentioned in the press article with a software update – before the publication of this article.
You therefore don’t have to do anything.
We can assure you that we have conducted a deep investigation and that to this day absolutely no security breach case has been discovered, where a hacker could successfully take advantage of the security flaw mentioned in the article.
The security risk was in our opinion absolutely minimal and a hack highly improbable: firstly, because taking advantage of the now fixed security flaw would have required the use of various complicated tools and secondly, because this security flaw presented vulnerability for a very short period of time – namely during the short period that occurs between the first time a device is connected to the WiFi network and its installation via the myStrom App. An eventual hacker would have had to consider all those factors.
Your satisfaction and your security are of the outmost importance to us.
For this reason, we are constantly working on the development and improvement of our products and our software. And regarding security, we even do a little more than many other companies: this year you can also find us at the Security Conference in Amsterdam during which friendly hackers will be testing our products in and out. In this spirit, we would also like to warmly thank the security adviser that has – following much invested time and effort – discovered the security flaw mentioned in the article.
We would like to thank you for your understanding and wish you lots of fun using your myStrom products.
If you have any questions, please send them directly to us by email to email@example.com
With our warmest regards
CEO, myStrom Ltd.
What was discovered?
Third parties that could guess the MAC adresses of devices that have not been registered yet could register them in their own accounts. As soon as a device is registered by a customer (connected to the customer’s WiFi network), it can be remotely manipulated.
What devices are concerned by this?
Who is/was vulnerable?
Customers registering their device who find themselves between the steps “Connect to WiFi network” and “Register in your account”. Customers that were using their myStrom devices without the myStrom App or the Cloud Service were vulnerable up to last week’s Cloud Update.
What did we do?
The security flaw that would have allowed access to other devices in the household via myStrom devices was fixed last week via Firmware and Cloud update.
How can I know that I am not vulnerable to any danger?
If you have registered your myStrom devices in your myStrom App and have the Firmware versions below on your devices, you can be sure that you are safe:
What shall I do?
You should register your devices in the myStrom App and check the Firmware version. In case of any inconsistencies, please contact us at: firstname.lastname@example.org