Remote Updates

  • The new Homebase generation (EWG5/6) use HTTP and its standard port 80 for remote firmware updates. The Homebase periodically checks the Energomonitor provisioning server and if an update is ready for a given serial number, the firmware binary is downloaded via a HTTP GET request. The HTTP GET request is always initiated from the Homebase and contains the serial number and current firmware version. If new firmware is ready on the server, the response will contain firmware binary data. The Homebase will save it in flash memory and then restart itself.
  • This update is done by a bootloader application permanently stored in a dedicated section of flash memory. This bootloader cannot be deleted, changed or disabled without direct access to the Homebase itself.
  • The update process does not use DNS, the IP address of the provisioning server is fixed, so an attacker cannot use any kind of DNS attack. The only possible attack is a Man In The Middle attack. If an attacker can redirect the TCP connection from the Homebase to his server (on the public internet route), the bootloader can download the wrong firmware. This firmware will be stored in flash memory and then executed. If the firmware is not correct, the MCU will stop and restart the bootloader. Also, the Energomonitor provisioning server periodically checks if device is working correctly and thus, any suspicious behavior can be detected.
  • To successfully imitate the correct firmware behavior, the attacker has to have very detailed information about hardware, firmware and server side. Also the attacker's firmware can be replaced by official FW at any time after an attack is ended. The Homebase contains very low power 8bit MCU with hardware implemented TCP/IP. It is not possible to run any kind of operating system (for example Linux) used by attackers. The attacker's firmware has to be specifically implemented with detailed knowledge of the hardware.