Utah Reefs Homepage
  New Posts New Posts RSS Feed - Apex Controller Security
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Apex Controller Security
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
knowen87 View Drop Down
Guest
Guest
Avatar

Joined: March 17 2012
Location: Logan, UT 84321
Status: Offline
Points: 385 		Post Options Post Options   Thanks (0) Thanks(0)   Quote knowen87 Quote  Post ReplyReply Direct Link To This Post Topic: Apex Controller Security
    Posted: April 16 2018 at 9:57am
I have been an apex owner for a long time 5+years. It used to be a lot more complicated to set up especially if you did not have a lot of knowledge about networks and routers. Back then, you had to set up a port forward to allow the apex access to control your tank while you were away.  The other day, I found this story on Reddit and it made me worried about my apex. 

http://www.businessinsider.de/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4?r=UK&IR=T

So I emailed Apex and they send me this response
"Thank you for your inquiry and concern.  Based on our understanding of those articles that were published the owners of the aquarium exposed their controllers (we aren't sure if they are an Apex of not) to the Internet via port forwarding.  Port forwarding allows for inbound communication to your network- which is not recommended.  Most of your Internet browsing and things of that nature is outbound communication- and is much safer.  Fortunately, the Apex and our Apex Fusion cloud services only use outbound communication to monitor and control your aquarium.  "

So in summary, as long as you use the normal conventions with your Apex (as most our users do) and do not configure port forwarding in your router to expose your controller directly to the Internet, then your cause for concern should be minimal."

"You can utilize Apex Fusion exclusively.  Apex Fusion was released in 2014 and since that time port forwarding has not been needed" 

Looks like I will be closing my port this afternoon. 


Edited by knowen87 - April 16 2018 at 9:57am
Back to Top
knowen87 View Drop Down
Guest
Guest
Avatar

Joined: March 17 2012
Location: Logan, UT 84321
Status: Offline
Points: 385 		Post Options Post Options   Thanks (0) Thanks(0)   Quote knowen87 Quote  Post ReplyReply Direct Link To This Post Posted: April 16 2018 at 10:03am
Does someone with more tech experience want to expand on the security of apex fusion? Once my port is closed should I still be concerned with the apex allowing in hackers?
Back to Top
Krazie4Acans View Drop Down
Admin Group
Admin Group
Avatar

Joined: December 17 2012
Location: Syracuse
Status: Offline
Points: 24177 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Krazie4Acans Quote  Post ReplyReply Direct Link To This Post Posted: April 16 2018 at 11:25am
Even with port forwarding turned on for the apex, as long as you are not using the default username and password, it would be very hard for a hacker to gain access to that device through the port forward compromise the device enough to gain access to the network and then hack other data.

On top of that they would need a reason to think they would be getting something worth their effort on your network. A Casino is a valid target, a home with an Apex is probably not the best use of their time to hack it.

Port forwarding is not really a bad thing when done correctly (this falls back on that knowledge of networks and routers part of your post). The issue is that most people pick ports that are known open access ports that Hackers target. Picking ports that are normally reserved for things like Firwalls, routers, intrusion detection systems and things like that make it much less likely that a hacker is going to try.

On to Fusion. Fusion is cloud based and uses public and private key authentication to talk to your Apex. What that means is that only Fusion knows what the access key is to talk to your apex. It is not sent through the communication between Fusion and your Apex at all so hacking it is extremely hard. It is further complicated because a client trying to access your apex can only do so by being authenticated to the Fusion servers. It's quite secure and again a Hacker is going to need to have a reason to believe that there is a significant value of what they will get from your network in order to spend the time to try and hack through any of these systems to get to your data.
My ocean.
90g (yup, won it!), 40g, 28g, & 10g Systems
PADI Advanced Open Water
Tank Thread:
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2018 Web Wiz Ltd.

This page was generated in 0.047 seconds.