返回
美国Harman哈曼国际AMX公司
来自哈曼的关于网络安全的回应

2016-02-01 10:40:44

  Dear Valued AMX Partner,

  A number of stories have run today about an independent security firm’s identification of certain potential security vulnerabilities in AMX systems. Unfortunately, these stories are confusing, and we would like to clarify a number of the issues that have been discussed.

  First and foremost, we are not aware of any breaches of any of our systems.“Black widow” was an internal name for a legacy diagnostic and maintenance login for customer support of technical issues. Commonly used in legacy systems, it was not “hidden” as suggested, nor did it provide access to customer information. While such a login is useful for diagnostics and maintenance, during our routine security review in the summer of 2015, we determined that it would be prudent to eliminate this feature as part of a comprehensive software update. This is the update released in December (see below).

  “1MB@tMaN” was an entirely different internal feature that allowed internal system devices to communicate. It was not an external login nor was it accessible from outside of the product. The “1MB@tMaN” internal system device capability also was not related to nor a replacement for the “Black Widow” diagnostic login.  The only connection was the fact that our software update that eliminated “Black Widow” also provided an update to the “1MB@tMaN” internal capability that eliminated this name.

  The firmware update, NX v1.4.65 is applicable to products and systems incorporating the NetLinx NX Control platform and was released on Dec 22, 2015. It is available on AMX.com.  More information on this release can be found at http://www2.amx.com/e/18552/er-NXSecurityBrief-Default-asp/9w1gy8/977053839. This issue has been addressed in legacy NI series by Hotfix v. 4.1.419 and is available from AMX Technical Support.

  We take security very seriously and that is why we are continuously testing our own systems and capabilities and developing more sophisticated updates.

  If you have any questions, please don’t hesitate to contact your local representative or AMX Technical Support.

  Sincerely,

  Kevin Morrison

  Senior Vice President, Enterprise Solutions

  HARMAN Professional