Signagelive Help Centre

IMPORTANT: Samsung C Series Panels Connectivity

Follow

Hi Customer,

Last night Rackspace at around 19.30 BST performed emergency security maintenance on our server infrastructure as a result of a security vulnerability found by Google with SSL 3.0 which could allow secure connections to be viewed in plain text.

This is a global vunerability discovered by Google see http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html and affects all web applications not just ours.

SSL 3.0 is over 18 years old but is still supported by a wide number of clients, however has long been superseded by TLS 1.0, 1.1 and 1.2 (we use TLS 1.2 by default) so SSL 3.0 should not be used if the client supports TLS 1.0 and above.

However if the client does not support the default protocol used by the server then the HTTPS protocol permits connections to be downgraded.

The globally accepted fix to the vulnerability is to simply switch off SSL 3.0 as Rackspace have done, which for the most part is a safe change to make however we have discovered that the Samsung C series panels only support SSL 3.0 and not the new TLS standard therefore stopping these panels connecting to Signagelive.

We are trying to implement a temporary solution for C series players so connectivity will be restored as soon as possible.

This is only be a temporary measure as we need to ensure that Signagelive is a secure as possible, therefore we are working with Samsung to determine if they can issue an emergency firmware update for the C series panels to support TLS 1.0 and above.

Unfortunately this firmware update will need to be manually applied to all C series panels by visiting the site(s) as the C series does not support remote firmware updates.

Please note that this does not affect any other client devices, or the Samsung D series which supports TLS 1.0 and 1.1

We apologise for any inconvenience that this has caused and we will provide further details as we have them, along with when we expect a firmware update to be available when we will switch off SSL 3.0 as the firmware update will need to be applied before then to ensure the panels continue to connect to Signagelive.

If you have any questions at all please get in touch with us by emailing support@signagelive.com or using our live chat service.

Regards,
Marc Benson
Chief Technical Officer

Was this article helpful?
0 out of 0 found this helpful

Comments

  • Avatar
    Ian Maison

    Further to the email which we sent out yesterday regarding Samsung "C" series panels which stopped connecting due to a security vulnerability found by Google SSL 3.0, more information here. We have made the only change possible that will restore connectivity to the Samsung "C" Series panels which is to change the route that they connect to our API by using an unsecured URL.

    This is only a temporary measure and is our only option until a firmware update is available. This is not a decision we have taken lightly and we are working hard with Samsung to implement a better solution. The connectivity issue is for the C series only, the D series remains unaffected.

    To force this update to happen all that needs to be done is to switch any C series panels off and back on.

    If you have any questions at all please get in touch with us by emailing support@signagelive.com or using our live chat service.

    Regards,
    Marc Benson
    Chief Technical Officer

  • Avatar
    Ian Maison

    Further to the previous communications regarding support for SSL 3.0 on Samsung C Series SSSPs we have now received a beta firmware update from Samsung that resolves the issue by adding support for TLS 1.0 and 1.1.

    We are going to internally test the beta firmware update over the coming month and work with Samsung to fix any issues prior to a final release of the firmware at the start of December.
    We will then test the final firmware version and we expect to be able to publically release the firmware update mid December.

    Please note as previously communicated that this firmware update will need to be manually installed on each panel as the C series does not support remote firmware upgrades. Due to the effort and planning that this requires we will maintain our temporary solution until the end of February.

    I will be in contact at the end of November with further updates.
    Should you have any questions please don't hesitate to contact our support desk on support@signagelive.com

    Regards,

    Marc Benson
    Chief Technical Officer

  • Avatar
    Ian Maison

    Further to my email on the 3rd November with regards to Samsung SSSP C Series Connectivity.

    We have now successfully completed testing of the beta release and it has resolved the problem as Samsung have implemented support for TLS 1.0 and 1.1.

    Samsung are due to release a final firmware build imminently, which we will complete final tests on in the next few weeks prior to issuing it to our end users mid December as previously communicated.

    Please note that this firmware update will need to be manually installed on each panel as the C series does not support remote firmware upgrades. Due to the effort and organisation that this requires we will leave our temporary solution in place until the end of February, giving end users 2.5 months to install the updated firmware.

    I will be contact in 2 weeks time with further updates and instructions for installing the firmware update.

    If you have any questions please do not hesitate to contact our support team via support@signagelive.com or ‘Live Chat’ within Signagelive

    Best Regards,

    Marc Benson
    Chief Technical Officer - Signagelive.com

Powered by Zendesk