{"id":13322,"date":"2018-12-17T14:03:36","date_gmt":"2018-12-17T03:03:36","guid":{"rendered":"https:\/\/stepglobal.com\/?p=13322"},"modified":"2019-03-15T15:31:49","modified_gmt":"2019-03-15T04:31:49","slug":"customer-bulletin","status":"publish","type":"post","link":"https:\/\/stepglobal.com\/blog\/customer-bulletin\/","title":{"rendered":"Customer Bulletin – Security and the LMU-3030"},"content":{"rendered":"

December 14, 2018
\nDear Valued Customer,
\nA recent disclosure by a security researcher regarding the LMU-3030 was sent to CalAmp\u2019s Product Security team. The researcher claimed that they were able to cause an LMU-3030 to install modified\/malicious firmware by redirecting it to a spoofed PULS maintenance server. CalAmp engineering and security reviewed the disclosure and have determined this was not a vulnerability, but rather the result of available security features on the 32-bit platform that were not enabled by the user.
\nThe specific security feature is digital signature checking, which has been supported since PULS version 2.0.2.0 (released March 2017), and 32-bit firmware version 6.1c (released June 28, 2017). When activated, the device and PULS will validate digital signatures (RSA-2048\/SHA-256) during a firmware update.
\nCalAmp recommends that all users enable the Level-1 security feature available on all of its 32-bit devices to significantly enhance the remote access protection in the device. CalAmp also recommends going through the security application note available on PULS Wiki on how to enable the security features.
\nThank you for your valued business and continued support,
\nThe Product Management Team<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":27,"featured_media":13323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"lazy_load_responsive_images_disabled":false},"categories":[179,50,48],"tags":[],"yst_prominent_words":[631,630,185,382,638,633,637,328,629,635,636,628,640,634,627,626,625,545,632,639],"_links":{"self":[{"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/posts\/13322"}],"collection":[{"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/comments?post=13322"}],"version-history":[{"count":0,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/posts\/13322\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/media\/13323"}],"wp:attachment":[{"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/media?parent=13322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/categories?post=13322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/tags?post=13322"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/stepglobal.com\/wp-json\/wp\/v2\/yst_prominent_words?post=13322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}