Security And Privacy; Safety Of Radio Links; Gateway Safety; Remote Maintenance - Ubisys G1 Assembly And Commissioning Instructions

Section 1 | General information

1.2 Security and privacy

ubisys' highest priority is both the safety of yours and your facilities. From the very beginning, our development
department attached importance to develop encryption and authentication algorithms ensuring that only you gain
access to your Smart Home components, at any time.

1.2.1 Safety of radio links

Hacker attacks via radio links are only possible when the attacker is in range of your facility's radio network. For
this reason, hackers don't prioritize these objects, but put their focus on devices that can be globally accessed,
such as gateways. Nevertheless, we attached importance to make the radio interface meet high level safety re-
quirements. As an administrator of a public facility, e.g. a hotel, holiday resort, company or a public authority, you
should take the threat of such hacker attacks serious.
Radio links between the components of your ubisys Smart Home System are based on the standard ZigBee
Home Automation, which is based on the ZigBee PRO core technology. ZigBee PRO includes several safety
features, such as an AES-128 network key to ensure that your data can't be read by third parties near your
facility. Moreover, it is not possible for attackers to send control commands to your network, or to record legit
control commands for future execution ("replay attack"). Unlike proprietary solutions, the open ZigBee PRO
standard has passed safety tests, allowing to be used in billing related systems.

1.2.2 Gateway safety

The gateway has several services that are needed to gain access to your facility from the outside or for certain
time or event controlled processes. This includes the Smart Facility Service, which establishes the connection
between the facility and the Smart Home app on your mobile device. Naturally, is has to be ensured that this
service is accessible from the outside. Therefore, all connections from your apps to this service are specially
protected and encrypted.
While setting up your facility via app, access authorization will be installed on your smartphone, giving you ac-
cess to your facility after the setup. A lost smartphone can be locked at any time via the gateway's web interface.
Make sure that the web interface of your gateway cannot be reached from the outside. Don't set up port forwar-
ding via the TCP port 80, use local accesses or secured connections such as VPN to gain safe access to the
web interface.

1.2.3 Remote maintenance

Remote maintenance is done via a secured connection. This connection is protected by a certificate and has to
be opened explicitly via the gateway's web interface. The interface indicates an active remote access. Therefore,
no one can access your system except for the ubisys support team – and only if you explicitly authorized access.

1.2.4 Cloud services

At this time, ubisys doesn't use any cloud services. Facility information and profiles aren't saved as well. There-
fore, the protection of your data is not threatened.

1.2.5. Updates

Firmware updates for your gateway are certificated. Therefore, they cannot be manipulated to install threatening
software. The firmware for ZigBee devices is encrypted and has an integrity test. Every time the gateway firm-
ware is updated, the current firmware version and serial number will be stored for statistic reasons.

1.3 Function

The gateway is the central component in your network. It connects your Smart Home components, which are
provided with the ZigBee technology (IEEE 802.15.4), with your home or office network and the internet. When
Gateway G1 6