Jump to content

Android 5.0


oberkc

Recommended Posts

Posted

Hello oberkc,

 

Thanks so very much for the details. I am a little surprised that only high works (AES256/SHA2). I am hopeful that we can get some development Android platform to actually see the errors. I suspect it may have to do with certificates as well.

 

Thanks again so very much.

 

With kind regards,

Michel

Posted

I can do screen shots of error messages if that would help. If you need much deeper than this view of "errors", you would have to advise.

Posted

Michel, it looks like this is out of date for the latest firmware: http://www.universal-devices.com/docs/ISY994%2520Series%2520Network%2520Security%2520Guide.pdf. Could you post what High/Medium and Low actually are in the current release?

 

I have a feeling the Google disabled SHA1 in Android 5, but I'm not sure. I'll see if I can get some testing done tonight.

 

Michael.

Posted

From page 2:

 

http://imgur.com/Avpn5BP

 

I'm confident the non-pro ISY no longer does SSL3 for instance. I don't know what else has changed with protocols for each security level, and 'All' isn't documented. Page 4 also lists the old default, not the new.

 

Michael.

Posted

Hello MWareman,

 

Thank you.

 

I am not sure where you are getting that (what URL)? The URL is:

http://www.universal-devices.com/docs/production/ISY994%20Series%20Network%20Security%20Guide.pdf

 

With kind regards,

Michel

That URL resolves to http://www.universal-devices.com/docs/production/ISY994%20Series%20Network%20Security%20Guide.pdf  and gives a 404.

 

If you google 'ISY Security Guide' - its the first hit (a PDF).

 

Michael.

Posted

Ahh - got the new one after disecting your URL. Thanks!

 

One thing to note - the only ciphersuite on non-pro ISY ( TLS_RSA_WITH_RC4_128_MD5) will not work on Win 8.1 with IE 11 and later - RC4 is gone. There is also a patch in Windows Update to disable RC4 on older versions of Windows as well. You need to consider a stronger cipher as your base as OS vendors start dropping the older insecure ciphers.

 

I'll look at the crossection with Android when I can find a good Android 5 reference - but the Win 8.1/IE11 issue alone should push an additional change really.

  • 2 weeks later...
Posted

So it seems to me that the only way to use Mobilinc app (or any app to connect to the ISY for that matter) and Android 5.0 is to upgrade to pro.  At least at this time anyway.

 

Michel, can you tell us if there are any plans to change the non-pro firmware to allow users to change those security settings? Or can the next firmware update make the default a configuration that works w/ the new Android OS?

 

I would like to avoid upgrading to pro if I don't have to...

 

Thanks,

Jesse

Posted

I don't seem to have these options on my 994i on 4.2.18.  I was trying to change them to get mobilinc working again after my Android upgrade as well.  I have verified that my model is a Pro (at least from the module management page).  I also made sure to resize the window and they are still not there.  I also have already cleared my java cache and verified that everything is showing as 4.2.18 in the dialogs.

 

any ideas?

Posted

Yes, that is one option, but it's a band-aid at best. Besides, it's not even always possible. Nexus 6 owners can't.

Every Android phone can downgrade. Use Odin to push 4.4.4 to the phone. Then just refuse any further upgrades to your phone.

 

Sent from my SM-N900P using Tapatalk

Posted

Every Android phone can downgrade. Use Odin to push 4.4.4 to the phone. Then just refuse any further upgrades to your phone.

 

Sent from my SM-N900P using Tapatalk

What image would you even flash? There is no factory image below 5.0 for the Nexus 6 and 9. And I seriously doubt anyone is developing custom roms using an older version of android for those devices either.
Posted

I would flash stock KitKat.

 

Sent from my SM-N900P using Tapatalk

There is no stock KitKat for N6 and N9.
Posted

Hello hoopty,

 

I am so very sorry to hear. Unfortunately we don't have any plans of including high security features in regular ISY994i . The reasons are:

1. You can use Chrome and https to get to ISY's default home page using Android 5.0. So I must conclude that the issue is not with security defaults but perhaps a library being used

2. High grade security is pretty much the main distinguishing factor between regular and PRO. It would be quite unjust for everyone getting auto upgrade to PRO while others actually paid extra for these features

 

With kind regards,

Michel

Posted

Hello hoopty,

 

I am so very sorry to hear. Unfortunately we don't have any plans of including high security features in regular ISY994i . The reasons are:

1. You can use Chrome and https to get to ISY's default home page using Android 5.0. So I must conclude that the issue is not with security defaults but perhaps a library being used

2. High grade security is pretty much the main distinguishing factor between regular and PRO. It would be quite unjust for everyone getting auto upgrade to PRO while others actually paid extra for these features

 

With kind regards,

Michel

I see. I've always thought the only difference was max devices/scenes & programs... Maybe something can be tweaked on the app side then.
Posted

Hi hoopty,

 

Can you please verify that you can use Chrome on your device to get to ISY using https?

 

With kind regards,

Michel

Hi Michel,

Yes, I can verify that I am able access the ISY via https in Chrome from a device running Android 5.0 on an external network. It does warn that the connection is not private. "Attackers might be trying to steal information from domain.com (for example, passwords, messages, or credit cards)."

 

Probably this is due to not having certificates installed. But there is a link to proceed to the site (unsafe) and it takes me to the ISY login. I am able to login and access my devices, programs, variables, etc...

 

Regards,

Jesse

Posted

Hi Jesse,

 

Thank you. I think you may be correct:

1. In Chrome you get a chance to accept the warning

2. In the library there's no such a thing and it's quite possible that you may need to install ISY's certificate in your device. Alas, I just do not know how to accomplish this feat

 

Does anyone?

 

With kind regards,

Michel

Posted

2. In the library there's no such a thing and it's quite possible that you may need to install ISY's certificate in your device. Alas, I just do not know how to accomplish this feat

 

Does anyone?

 

With kind regards,

Michel

Many, many threads are present on Googles forums on this subject. Bottom line, you can - but you'll be living with a warning on your phone 'Your network connections can be monitored due to the user supplied root CA. Copy the public key of the ISY certificate as a base64 encoded .crt to the android device, and import it via a file browser. More at http://wiki.cacert.org/FAQ/ImportRootCert.

 

I wouldn't recommend it though. The alert is annoying and unnerving. Best to get a paid certificate on the ISY that is intrinsically trusted by the phone, until Google sees fit to allow custom root CAs without throwing a fit at you.

 

Unless your phone is rooted, of course, in which case you can add the cert to the trusted system store.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...