Updating the Ajax Hub Operating System is vital to keep the Ajax wireless alarm system up to date with all new features, firmwares and fixes. The updating procedure is an integral part of the product development and product improvement. Updates for Ajax Hubs increase the stability and security of the system, optimise the systems performance, ensure it’s compatability with new devices and expand the systems capability list.

  • Once the security systems disarmed, firmware updates.
  • The file size of the firmware does not exceed 0.5 MB.
  • The firmware downloading process runs in the background without affecting the functioning of the system.
  • The update installation takes less than 10 seconds.
  • OS Malevich updates optional, disabled in settings. Not advised!

Ajax Hub Operating System Update

1. The Hub determines if there is an update for operating system on the server

Firmware files for the Hub are stored in the encryted form on the Ajax Cloud Server, and the server does not know the keys or the encryption method of the update files. All access to the firmware database is provided to only a select set of people in the company from the internal network of Ajax Systems, and have different levels of access. No one can make critical changes and sabotage the system. All actions logged and monitored. Ajax know exactly who made the changes and when. Internal safety reulations prohibit the use of passwords to access the firmware database. SSH or Secure Shell keys used instead. Which are a cryptographic network protocol for operating network services.

Protection technologies:

  • Access to the firmware database by SSH keys only.
  • Access privileges and logging of changes to the server.
  • Server authentication and verification systems.
  • Using the proprietary encrypted communication protocol.

2. Transferring the update file from the server to the Hub

Once an update file has been detected, the Hub will download the firmware to the external flash memory using any available communication channel with the server, whether it be via ethernet, GSM or WiFi. The update is downlaoded in the background and will not effect system operation. Protection of the transmitted data between the Hub and the Ajax server is provided by Transport Layer Security (TLS), combined with the security methods within the closed binary protocol.

Protection technologies:

  • TLS.
  • Using the proprietary encrypted communication protocol.

3. Checking the update file

The Hub firmwares encrypted and signed with a checksum. If the firmware file has been corrupted, either intentionally or due to a transmission error, it’s ignored. Since the checksums will not match. If an intruder corrupts the encrypted firmware file and substitutes the checksum, the checksum inside the decrypted firmware file will still not match the signature, and the Hub will reject the update.

At most the firmware file can be read from the external flash memory of the Hub, however the decryption of this file, even with the capabilities of modern computers, would take thousands of years.

The firmware file includes a system of markers and properties that are checked before the install. Information about them in available to a limited set of people to exclude any possibilty of a sabotage attempt. If any marker or property fails validation, the update is canceled.

Protection technologies:

  • Verification of checksums, markers and properties.
  • Encryption.

4. Hub firmware update

During the update, the encrypted firmware files read from the external flash memory of the Hub by the bootloader, stored in the device microcontroller’s ROM.

The firmwares decrypted only inside the microcontroller. Unable to access from the outside, therefore, theres no possibility to read or substitute the firmware. Having decrypted the firmware file, the checksums are verified once more in order to make sure that no data was corrupted during the decryption process.

The bootloader inside the Hub also controls the correct operation of the Hub with a new firmware. The Hub deletes the corrupted firmware version and reflashes the latest stable release if it detects critical errors or malfunctions.

Only a limited set of people know how the stable firmwares selected and how the correct operation is controlled, which complicates any attempt to sabotage. The bootloader itselfs not updated, thereby excluding the possibility of sabotage of the firmware rollback mechanism.

Protection technologies:

  • Checksum verification after decryption.
  • Critical error control.
  • Control of correct operation of the Hub with a new firmware.

5. After firmware update

The firmware update and the subsequent reboot of the Hub takes less than 10 seconds. After that, the Hub will reconnect to the server. The connection time depends on the number of active communication channels and does not exceed 30 seconds. Notifications about alarms & events are stored in the events feed. Even during the Hub update.

The Ajax app displays notifications for available updates, when the system is updating firmware, and when the firmware update is successful.