Products: AirLink® Gateways running ALEOS 4.5.2 or older

Date of issue: 4 September 2017

The Sierra Wireless security team has discovered a new malware threat targeting gateways running ALEOS 4.5.2 or older that are directly reachable from the public internet and not on a private network. Read the Full Bulletin Here

We take such threats seriously and are actively working with law enforcement, network operators and affected customers to conclusively determine the source of the malware and assist in remediation of affected gateways.
To date, we have only received reports of LS300, GX400 and GX440 gateways being affected. However, we advise all customers running ALEOS 4.5.2 or older on any devices to immediately follow the recommended actions below.

Recommended Actions

To reduce your exposure to online security threats, Sierra Wireless recommends that all customers
immediately perform the following three actions:

1. Ensure that strong, unique passwords are used for both the user and viewer accounts on the
gateway:
a. In ACEmanager or ALMS, navigate to Admin > Change Password
b. Set a strong, unique password for both the user and viewer accounts.

2. Disable remote access to ACEmanager if it is not required:
a. In ACEmanager or ALMS, navigate to Services > ACEmanager
b. Set ACEmanager Access – OTA to OFF

3. Ensure you are running to most recent available firmware for your gateway. The following
details the most current firmware for all AirLink® Products:

Product Most recent firmware version
LS300 4.4.4.p05
GX400 4.4.4.p05
GX/ES440 4.4.4.p05
GX/ES450 4.8.1
RV50 4.8.1
MP70 4.8.1

Configuration changes and firmware updates can be performed on individual gateways using
ACEmanager or on multiple gateways at the same time using AirLink Management Service (ALMS).
ALMS is free for customers with up to 15 gateways. For more information please visit
http://airvantage.net.

 

Contact USAT for more details-

 

For consultation on your next M2M / IoT project contact a USAT Representative

For all your M2M connectivity needs visit ExpressM2M a service of USAT

 

Share this Article..Email this to someoneShare on FacebookDigg thisTweet about this on TwitterShare on TumblrShare on StumbleUponShare on RedditPrint this pagePin on PinterestShare on LinkedInShare on Google+