uWatch Vulnerability Disclosure Policy
1. Weak/Hardcoded Passwords.
Passwords must contain upper- or lower-case characters, numbers, special characters. The Cube as no hardcoded or default password.
2. Insecure Networks.
The system is hosted on iso 27001 certified servers, in the UK. There is no human intervention in any of the data transfer processes. The SIM APN is hard coded into the Cube device which cannot operate with any other SIM.
3. Insecure Ecosystem Interfaces.
All interfaces take place though an api. No keyboard or other manual input device access is available to the Cube IOT device.
The Remote LoRa tags exist within in house developed protocols and are not operated as part of LoRaWAN.
4. Insecure Update Mechanisms.
Firmware is specific to the Cube and developed in house. No systems from outside agencies have access to the Cube.
5. Insecure or Outdated Components.
All systems use current versions and cloud-based systems are regularly updated with patches as required.
The host servers are on UpToDate releases of proprietary operating systems.
6. Lack of Proper Privacy Protection.
No uWatch systems store any financial details of its users.
7. Improper Device Management.
The Cube’s audit trail records in logs exactly what transactions have transpired, what data has been moved and when.
With no human input the system can only action what the firmware and system configuration has been programmed to do.