Jan 08

Updating the Operating System is vital to keep the Ajax wireless alarm system up to date with all new features, firmwares and fixes. The updating procedure is an integral part of the product development and product improvement. Updates for Ajax Hubs increase the stability and security of the system, optimise the systems performance, ensure it’s compatability with new devices and expand the systems capability list.

  • The firmware updates only when the security system is disarmed.
  • The file size of the firmware does not exceed 0.5 MB.
  • The firmware downloading process runs in the background without affecting the functioning of the system.
  • The update installation takes less than 10 seconds.
  • The OS Malevich update is optional and can be disabled in the settings, although this is not advised.

Hub Operating System Update

1. The Hub determines if there is an update for operating system on the server

Firmware files for the Hub are stored in the encryted form on the Ajax Cloud Server, and the server does not know the keys or the encryption method of the update files. All access to the firmware database is provided to only a select set of people in the company from the internal network of Ajax Systems, and have different levels of access. No one can make critical changes and sabotage the system. All actions are logged and monitored, and Ajax know exactly who made the changes and when. Internal safety reulations prohibit the use of passwords to access the firmware database. SSH or Secure Shell keys are used instead, which are a cryptographic network protocol for operating network services.

Protection technologies:

  • Access to the firmware database by SSH keys only.
  • Access privileges and logging of changes to the server.
  • Server authentication and verification systems.
  • Using the proprietary encrypted communication protocol.

2. Transferring the update file from the server to the Hub

Once an update file has been detected, the Hub will download the firmware to the external flash memory using any available communication channel with the server, whether it be via ethernet, GSM or WiFi. The update is downlaoded in the background and will not effect system operation. Protection of the transmitted data between the Hub and the Ajax server is provided by Transport Layer Security (TLS), combined with the security methods within the closed binary protocol.

Protection technologies:

  • TLS.
  • Using the proprietary encrypted communication protocol.

3. Checking the update file

The Hub firmware is encrypted and signed with a checksum. If the firmware file has been corrupted, either intentionally or due to a transmission error, it is ignored, since the checksums will not match. If an intruder corrupts the encrypted firmware file and substitutes the checksum, the checksum inside the decrypted firmware file will still not match the signature, and the Hub will reject the update.

At most the firmware file can be read from the external flash memory of the Hub, however the decryption of this file, even with the capabilities of modern computers, would take thousands of years.

The firmware file includes a system of markers and properties that are checked before the install. Information about them in available to a limited set of people to exclude any possibilty of a sabotage attempt. If any marker or property fails validation, the update is canceled.

Protection technologies:

  • Verification of checksums, markers and properties.
  • Encryption.

4. Hub firmware update

During the update, the encrypted firmware file is read from the external flash memory of the Hub by the bootloader, stored in the device microcontroller’s ROM.

The firmware is decrypted only inside the microcontroller, which cannot be accessed from the outside, therefore there is no possibility to read or substitute the firmware. Having decrypted the firmware file, the checksums are verified once more in order to make sure that no data was corrupted during the decryption process.

The bootloader inside the Hub also controls the correct operation of the Hub with a new firmware. If critical errors or malfunctions are detected, the Hub deletes the corrupted firmware version and reflashes the latest stable release.

Only a limited set of people know how the stable firmware is selected and how the correct operation is controlled, which complicates any attempt to sabotage. The bootloader itself is not updated, thereby excluding the possibility of sabotage of the firmware rollback mechanism.

Protection technologies:

  • Checksum verification after decryption.
  • Critical error control.
  • Control of correct operation of the Hub with a new firmware.

5. After firmware update

The firmware update and the subsequent reboot of the Hub takes less than 10 seconds. After that, the Hub will reconnect to the server. The connection time depends on the number of active communication channels and does not exceed 30 seconds. Notifications about alarms and events are stored in the events feed even during the Hub update.

The Ajax APP will display notifications when there is an update available, when the system is updating the firmware and when the firmware has been successfully updated.