Sera4 Security – Your locks are your locks

When we onboard a new customer, we set up a complete cloud environment for our customer. At Sera4, we can only access to data about your locks, your operations and your users if you explicitly grant us access (sometimes you may choose to do that if you request specific training or support from us. This level of security around user data in the cloud is an industry best practice and is not unique to Sera4. We call each customer’s cloud environment an Organization.

What happens to the locks and controllers on a Teleporte network often gets overlooked by our customers. It is all orchestrated by Sera4 in the background. Each Sera4 lock has firmware that we’ve been developing in-house for years. This firmware includes all the security protocols to reliably and securely communicate with the Teleporte Mobile Application. It also contains a unique digital certificate that we call the Organization Control Code (OCC).

Each active lock and controller has an OCC. This OCC is the same for all locks in an organization. It filters all commands from the Teleporte Mobile Application, so that any requests or instructions that do not come from a matching Organization are ignored. This way no other Teleporte customer can interact with your locks in any way. Only you control your locks. When combined with Teleporte’s off-network architecture, we believe this is the most secure way to secure your assets.

By default, the OCC is setup to be Sera4.  When locks and controllers get moved into a new organization, the OCC is automatically updated to reflect the ownership and control of the hardware. Thanks to the magic of Public Key Cryptography, virtual keys and commands from the Sera4 organization are subsequently ignored by the lock – the new organization is the ultimate master.

Most of our customers never know about the OCC. Sometimes our customers have to change the OCC on their locks. An example when this happens is when one telecom networks’ tower assets are sold to a tower company.  It’s easy within our software to issue the command to update an OCC, but the command needs to come from the users in the right organization. This requires this users to visit each lock to change the OCC. Notably, this can sometimes be inconvenient – but is required to keep your locks secure in the field. Teleporte doesn’t use any secret or master keys.

This month, we are introducing the option for OCC sharing – the ability for organizations to share their OCC with other organizations.  We will be providing the option to customers to give their Sera4 Authorized Integrator access to manage their locks with a second OCC. This means that locks/controllers can be moved between two (or more) organizations without the complication of updating the OCC first.  Changes to the OCC will occur on the next interaction with the lock and as always – command and control of your Sera4 locks happens seamlessly.

To learn more about the OCC sharing option, please reach out to [email protected].

When Subscription Models Make Sense

We encourage anyone buying a product or service to think critically about why it may be sold by subscription. In some cases, the subscription is tied to consumables. In other cases, the subscription is tied to access to content (like streaming services). Sometimes, it’s just a supplier who did the financial calculus and forces it for the shareholder returns.  

subscription screen on tablet - access control

In other cases, such as with our cloud-enabled access control software platform Teleporte, it’s tied to constant updates to keep up with phone models, security updates, and real-time support for your operational peace of mind. We continue to add value over the lifetime of the subscription, and our customers choose us over other solutions because of this added value. 

We believe that our Teleporte subscriptions are valuable for the advanced features that are possible with keyless systems. We also believe that there is far more value for our customers in these systems than the price of the subscription. For customers who agree with this, they will continue with Teleporte Enterprise or Standard.  

For customers who don’t see the value, or customers who simply have budgets cut (like many of our municipal customers did at the start of the pandemic), then we have Teleporte Basic. It’s free, and allows the locks to maintain basic keyless access functionality, but they otherwise behave like mechanical locks, with no reporting and no advanced features. It’s our way of providing assurance that we’re never going to hold you (or your property) hostage. 

We sell new hardware with a minimum one-year Teleporte Enterprise or Standard subscription. We want our customers to have some time with a subscription package to experience the value to their application and organization, and then make an informed decision whether to renew. We also offer packages for customers who prefer to just pay once, up-front.  

Selling a one-time purchase can be easy. Keeping loyal customers, who renew their subscriptions, requires a different level of service, reliability, and product quality. We want our customers to love, value, and renew their Teleporte subscriptions, and we do the work to keep them happy.  

We see good reasons for some offerings to be structured as subscriptions. Ultimately, the decision on whether a subscription is a good value and a smart buy is up to the customer. In our view, it’s really important that the structure and costs of an offering is clearly explained in advance, so that the customer can make an informed decision.  

If you’d like to learn more about Teleporte and our access control hardware solutions, book a demo at https://www.sera4.com/demo/

Sera4 IoT Devices: Designed With Security in Mind

We continue to see security threats affecting IoT devices. In this recent Ars Technica article, they share that a lot of these devices are exposed because they are built with old TCP/IP network stacks that use old security paradigms. That’s one of the risks in using open-source code.  And the risks are really serious – opening back-doors in otherwise secure networks for all sorts of nefarious activity. 

We want to remind people that such attacks aren’t possible on Teleporte-controlled locks. 

  • No TCP/IP stack – we aren’t vulnerable to this specific attack because we don’t use the Internet Protocol 
  • No open-source code – we have designed and implemented ALL embedded code in-house (Canada) 
  • No connectivity to customer networks – there’s no way to open a back door into your network when our devices aren’t even on the network. 

You can continue to rely on Teleporte‘s security because, from the start, we’ve incorporated a security-first approach. While IoT risks in the world are some of the most serious and difficult ones, they don’t have to be if the systems are designed with security in mind. 
 
Trust in us, as security is our #1 focus, and we’ll continue to deliver secure solutions to the market. 

Cloud Security is Not the Culprit in Recent Cyberattacks

Last week, Silicon Valley-based Internet of Things (IoT) security and surveillance provider Verkada announced a major cyberattack, which allowed hackers to gain access to live feeds and archive video associated with 150,000 cloud-connected devices. Most organizations affected by the attack found out about it when their surveillance imagesincluding footage from inside prisons, hospitals, and software providersstarted circulating online. The attackers were able to gain access to the command-and-control systems of these cameras, which gave them unfettered access to cameras in organizations across the world. 

access control cloud security

Whenever there is a cyberattack of this nature, it leads people to question the security of cloud solutions. However, this shouldn’t cause general fear, uncertainty, or doubt around using systems that have a cloud architecture. A well-designed cloud system is perfectly secure. 

While the details of the compromise are not yet available to the public, there are several hints as to the vulnerabilities of this specific hack, and some key actions enterprise IoT users can take to protect themselves against similar attacks. 

“The attack targeted a Jenkins server used by our support team to perform bulk maintenance operations on customer cameras.” 

A note from CEO Filip Kaliszan, Verkada 

The system was compromised by accessing a vulnerable support server. The fact that a support server has either direct access to the command-and-control of cameras themselves, or the fact that it could be used to penetrate another system with access, suggests vulnerabilities in the vendor’s overall design. Simply, their network infrastructure is not configured with a model of zero trust. Founded by former Forrester Vice-President and Principal Analyst John Kindervag, zero trust is a security framework that reduces the potential for data breaches by removing default trust/access to systems, even those within the firewall. 

“…we have no evidence at this time that this access was used maliciously against our customers’ networks.” 

Filip Kaliszan 

If the IoT device is installed within a corporate network, it’s easy to setup the network so devices don’t have access to anything within the network. VLANs and Layer 2 switching make physical separation of networks easy, and can avoid security concerns. Most hacks are not due to the inherent security of the solution, but the mistakes made in securing it. 
 
Enterprise IoT customers can also ensure that any connected device coming into the organization is updated from default passcodes or admin passwords. In an interview regarding the Verkada breach with CCTVBuyersGuide, Asaf Hecht, Cyber Research Team Leader from CyberArk commented, “The potential for breaching common IoT devices, like security cameras, is something we’ve been talking about for years. Cameras, much like other hardware devices, are often manufactured with built-in or hard coded passwords that are rarely, if ever, changed by the customer.” 

“While we can’t be sure that’s what happened in this case, recent breaches certainly have ‘scale’ in common, demonstrating attackers’ growing confidence and precision – and ability to efficiently extrapolate weaknesses for impact.” 

Is Sera4’s Teleporte cloud solution for keyless access control safe?
TL;DR YES! 

At Sera4, we easily argue that our Teleporte cloud architecture enhances your organization’s security. 

Cloud Security By Design 

Teleporte implements a network design that doesn’t have support servers connected to our private cloud. Teleporte implements its services in independently ISO 27001 managed data centers; there is no dependence or connectivity on support servers in our office. The office is a place to worknot a place we depend on to run our products. 

Teleporte, when implemented in the cloud instead of an enterprise network, means our customers don’t have to worry about compromised systems affecting Teleporte services—and neither do we. Internal enterprise systems, and even your employees, don’t have direct access to the Teleporte servers. 

Finally, Teleporte locks and lock controllers don’t have IP addresses.  They aren’t directly connected to the Internet, and as such can’t be opened en mass by an external hacker. Equally, they could never be taken over to compromise your enterprise network. 

Cloud Security By Experts 

Ultimately, there are many examples of products that operate effectively from the cloud. The best cloud products were built by experts who approach products and solutions with a security first mindset. The Sera4 team is comprised of network, mobile, and embedded experts, and a security first approach is in our DNA. Our solutions were purpose built to provide the most secure, scalable, and reliable keyless access control on the market. Book a demo of our Teleporte solution and you’ll find that the decision is easier to trust than the alternatives. 
 

Hidden Access Control: Security through Obscurity

Sometimes the best way to protect something is to hide it.

To some people, a keyhole or a padlock or a handle on something will act as a public notice that reads Valuables Inside. Those who are motivated to steal notice these signals. And when they’re identified by those people, they can tell the story about how to break them at a glance.

With keyless access, you can design a more secure system to protect your assets with a fully hidden mechanism. Imagine how the hood of your car opens, and you’ll have a good idea of what we mean. With a Sera4 Lock Controller, you can design a door, a panel or other secure hinged compartment that pops open by the touch of a smartphone. A door like this is more secure because it’s more hidden. It won’t have a handle, a keyhole, a padlock or other signals that it opens. And even when somebody might want to break in, it’s not clear where or how to start an attack.

Vertical Infrastructure: AX5 controlling access on a smart light pole.

5G demands denser networks in urban areas. This means that communications equipment is being installed in places like fake trees, park benches and lamp posts. These are places where people aren’t expecting to find anything valuable, and keeping access points obscure keeps them out of sight and out of mind. The only way to tell that there is an access point is to check with the Teleporte app on your phone.

Reliability

In the unfortunate event of a system failure, a door without a handle can be a difficult thing to open. The most common type of failure is a power failure: dead batteries. This is where our Access Pad can help. It provides a power connector (for a common 9V battery) to conveniently and discreetly power a dead system to get it open. In the rare case of a radio or app incompatibility, the Access Pad enables our Failsafe Unlock feature.

Sera4 Access Pad

With the latest technology, access points can be designed to be more secure and look better at the same time.

Please reach out to us. Each application is a little bit unique. We’d love to discuss how we can help conceal your access points.

How Teleporte achieves Scale, Security & Reliability

Our own Jeff Klink is interviewed by SiliconAngle at Kubecon 2020 and authored an article in InformationAge, sharing how Teleporte Cloud is designed for scale, security and reliability. Both pieces focus on Sera4’s leading transformation into a distributed microservices cloud architecture, with some recommendations for others who want to follow us.

Security Update June 2020

Last week the NVD (National Vulnerabilities Database) was updated with 19 new vulnerabilities affecting IoT devices.

Specifically, the ICS-Cert advisory for vulnerabilities in the TCP/IP stack used by some IoT devices, highlight important aspects of design and function of security devices. Sera4 products are not vulnerable to any of these attack vectors.

Security by Design

Our locks and controllers use the Teleporte Embedded software stack, which:

  • does not include a TCP/IP stack,
  • includes the capacity to perform software updates, and
  • is regularly tested, maintained, and updated.

As a part of Security by Design, it’s important to limit the number of software and libraries used in developing a service. Some vendors may include a TCP/IP stack or services simply because the device’s operating system includes those features. Teleporte Embedded integrates only components that it strictly requires.

In-Field Updates

Equally, it is important that IoT devices are maintained and can be updated (in the field after entering service) to ensure security certificates don’t expire, and devices are left without security or support.

Teleporte is actively maintained, with regular updates to features and capabilities – the mobile application and lock software are always improving.

Keeping these in mind, rest assured that Sera4 leads the way in innovation and security for your critical application. To learn more about Sera4’s security innovations, contact us. We’d love to talk with you.

The case against Remote Unlock

Every now and again we are asked the question “can we remotely unlock things with Teleporte?”  We understand where the question comes from. Most IoT devices are focused on remote sensing or control from a distance. Smart devices allow you to do things like set your home’s temperature from the other side of the world. It’s easy to assume that smart locks should behave in a similar way.

We often get asked to include this feature but we have purposefully built Teleporte so that a person is required in the physical presence of the device. We wanted to render unlocking something remotely from a command center impossible. And it is important for you, our customers to understand why.

Practical Risks

First, we do allow you to remotely enable a user, so there is no argument for someone new or unexpected needing access. In what situation then would you want to release a lock without an individual there? We can’t think of a practical scenario. Having someone on-site means that when the lock is opened the asset is being watched the whole time. Someone can close a gate behind them, reducing the time an asset is not secured. And most importantly, a person on-site can lock up again. Many locks are designed to fall or pop open when unlocked, and without someone there to close them, a remote unlock function would not guarantee a corresponding and critical lock function. 

Second, you don’t just want anyone on site when access is granted: you want to know who is getting in. With a remote unlock, there is little guarantee that the person going into a site is the one who is supposed to be. Smartphones are actually very sophisticated to identify a user with passwords and biometrics and their location with GPS. A local virtual key is much more reliable than a remote unlock process.

Cybersecurity

Finally, we want to mitigate the risks of hacking and cybercrime. In 2019, artificial intelligence designed and carried out more cyberattacks than people did. The attacks are getting more sophisticated. At Sera4, we use the best cybersecurity practices, but no one can predict everything.  If there is a logical path to remotely unlock something, there is a risk that it will happen; be it a sophisticated hacking attack or something as innocent as an error in an API integration. Imagine the catastrophe if the locks on a critical infrastructure network were all remotely opened at the same time. We designed Teleporte to ensure that this is impossible. 

We appreciate the excitement around technical feasibility and fancy features such as remote unlock, but every feature comes at a cost. Our goal is to the safety and security of our systems first, ensuring less risk and more reliability to you.

BIAS against Bluetooth

Another vulnerability of the Bluetooth security stack has been revealed this week: Bluetooth Impersonation AttackS (BIAS).

Unfortunately, this highlights another concern with the Bluetooth stack and is, in-part, due to the wide range of devices and configurations that Bluetooth has to support. The suggested remedy is for “the Bluetooth SIG [to update] the Bluetooth Core Specification”. (Source: bluetooth.com)

All this implies it will be up to chipset vendors to find and work around the problem in the interim.

Credit: The Hacker News tells us more …

The biggest risk is likely to be against mobile devices (mobile phones and laptops). Previously-paired devices can no longer be trusted. i.e. you could be communicating with a bad actor (impersonator).

As a word of caution: other Bluetooth-enabled smart locks and mobile software solutions may incorporate this same flaw. This would allow you to pass the digital keys to the wrong device: A “man-in-the-middle” attack.

Rest assured: Teleporte relies on digitally signed certificates to ensure that communications are encrypted. Only true Sera4 locks or lock controllers have the decryption key. All this happens without using the Bluetooth security stack — so access to your Teleporte locks remains secure and unaffected by BIAS.

High-Security Keyless

In protecting your assets, there is always a tradeoff between convenience and security. For example, when you go into your office every day, you want to get in through the main doors without any delay.  But when the asset requires the highest security,  added rigour such as additional security checks are necessary.

The vault application is a good example of how keyless solutions are catching up with old standards for addressing high-security requirements.

  • Vaults often include locks whereby 2 keys are required and placed more than 6 feet apart. Two individuals, each of whom have their own unique key, must open the lock at the same time for the door to open. This approach prevents a single rogue actor from opening a door when they do not have authorized access
  • Another high-security standard opens a door after several minutes of unlock delay. This delay, connected with alarms, is a strong deterrent for criminals. They know that law enforcement will be coming while they are waiting for the door to open.

Bringing these features to Keyless

Sera4 has released Teleporte Cloud server 3.5 and Teleporte Mobile application 5.2. All Teleporte Enterprise customers now have access to high-security protocols to match the use cases above. 

  • The new Multi-Authentication Unlock feature requires two or more users to unlock a lock. Each user has their own key for that one lock and each user must issue the unlock command to the same lock. The lock only opens after all required users try to open the lock on their own account.
  • The new Delayed Open feature can be enabled on a lock-by-lock basis. The administrator can configure the delay. When someone unlocks a Sera4 lock in the Teleporte Mobile application, it will open only after the specified delay.

At Sera4, we envision a fully keyless world. With these innovations, we bring keyless benefits to the highest-security applications, such as vaults. We expect that there will be many applications for these new features that we haven’t even imagined yet.

For more information on the available features on the Teleporte Cloud server, click here. Or simply and contact us to arrange for a demo. We’re excited to show off our latest innovations.