I am here with an update regarding Harmony XMPP access.
Back in December 2018, Harmony released a firmware update that addressed several security vulnerabilities - including disabling access to the Hub’s local API via XMPP. After hearing the frustrations from some members of our community, we paused on our firmware update while we assessed the situation. An optional firmware, version 4.15.210, was then created and uploaded onto a MyHarmony tool that allowed for manual installation. This version allowed access to XMPP only for those that wanted it and understood the potential risks of the use of the option. Ultimately we decided to continue this support and make this access available as an opt-in option for firmware versions going forward.
We’re pleased to announce that beginning with firmware version 4.15.250 and Harmony app version 5.6 for iOS and Android, the option to enable XMPP can now be found in the mobile app settings. We plan to roll out this new firmware starting this Friday, February 15, 2019.
Note: See this article on how to check which firmware version you are on - https://support.myharmony.com/how-to-update-your-firmware
By default, Harmony firmware will keep XMPP disabled. For those of you already using the special firmware version 4.15.210 with XMPP access, when your hub upgrades to 4.15.250, you can easily re-enable it by:
• Perform a sync from your LCD screen based Harmony remote, by going to Menu > Settings > Sync Remote, or
• From your Harmony app, go to: Menu > Harmony Setup > Add/Edit Devices & Activities > Remote & Hub > Enable XMPP
You will not need to use the cumbersome firmware update process as you did in December. If you experience any issues, please let us know. Going forward, future firmware updates will respect your current setting, so this should be a one-time action on your part. Should you encounter any issues, please let us know here.
By enabling XMPP connection you are disabling a critical security feature required to safeguard you against vulnerabilities. This connection may create an unsecured local access point vulnerable to be hacked. We recommend all users disable this connection.
By enabling the XMPP connection, you expressly assume risks and exposures to your network and all connected devices. Further, enabling this connection and/or making unauthorized modifications to Logitech software, you void all warranty and agree to hold Logitech harmless from any claim arising from your use of this product and in no event shall Logitech be liable for any direct, indirect, punitive, incidental, special or consequential damages arising out of or connected with the use or misuse of any of its products.
Please sign in to leave a comment.