Product Security for WiFi Connect Appliances

Version Update:20 January 2018

Industry IoT Attacks

Last updated: 20 January 2018

Archive


GE Appliances is vigilant about securing your connected appliance.

At GE Appliances, we are very aware of the need to protect your appliance. We take steps to protect your appliance by Security-by-Design, a process and methodology that builds in security during all aspects of the development and the manufacturing of your GE appliance. Your appliance is protected using industry standard security methodologies as used in online banking and other electronic commerce.


Questions about Security

We are committed to answering your questions or any concerns you may have. At GE Appliances, our goal is to ensure your satisfaction, while offering the highest levels of professional service.

For security pointers on configuring your home router, good security Internet hygiene, and keeping your devices up-to-date, please read our GE Appliances Connected Home Security Guidance section below.

If this does not address your needs, please call the GE Appliances Connected Home Support Line at 1-800-220-6899, Monday - Friday: 9 a.m. - 11 p.m. ET, Saturday - Sunday: 9 a.m. - 3 p.m. ET or email [email protected].

Or, if you have a specific security concern or believe you have found a security vulnerability with a GE Appliances product, please contact the GE Appliances Product Security Incident Response Team (GEA-PSIRT) at [email protected].

GEA-PSIRT supports PGP encryption using the GE Appliances Connected Home PGP Key to encrypt your email. In your email, please include the following information:

  • GE Appliances Product Name(s), Model(s), and Serial Number(s)
  • Description of the concern or vulnerability
  • Information to help GEA-PSIRT replicate the issue, such as configuration details, a proof-of-concept, or exploit code
  • Whether or not you would like to be contacted in case more information is needed, and
  • Whether or not you would like to be acknowledged in helping us to improve our products. Should you choose to remain anonymous, GEA-PSIRT will not publicly disclose your identity. At GE Appliances, maintaining your privacy is important and we will not publicly disclose your identity unless you inform us otherwise.


GEA-PSIRT will respond if further information is needed to investigate a security issue.  Please note, GE Appliances does not disclose, discuss, or confirm any security issue until a full investigation is complete and any necessary press releases, security patches, and releases are available.

GE Appliances acknowledges security researchers who have selected not to opt-out and who have reported security issues on GE Appliances products through contacting GEA-PSIRT on the GE Appliances Connected Home Security Researchers Credit Page.


GE Appliances WiFi Connect Home Security Guidance

GE WiFi Connect Appliances are designed to deliver a connected home experience while protecting your data. The installation/configuration of these products involves other computer products in your home, such as a smart phone, tablet, and WiFi network. This guide lists tips and best practices regarding security aspects of these devices.

1. Choose a unique SSID (network name)

If your SSID is not unique, GE WiFi connected appliances may have trouble identifying your network or automatically connecting to your network.


2. Change the default administrator password on your home wireless network

Not changing the default administrator password on your home router increases your security risk.


3. Use WPA2 encryption on your home wireless network

The four most common home wireless network configurations are: Open, WEP, WPA, and WPA2. Choose WPA2 for the highest level of protection.

Open (or unsecured mode) does not provide authentication or encryption. If you use this security mode, anyone in close proximity to your WiFi network will be able to join your network, use your Internet connection, and access any shared resources. In addition, they will be able to read much of the data you send over the network. For these reasons, this WiFi mode is highly discouraged.

WEP (Wired Equivalency Protocol) provided protection through encryption when it was first introduced in 1999. Unfortunately, tools are now commonly available that allow an attacker to break into a WEP network in a matter of minutes. For this reason, WEP should also be avoided.

As one of the most robust forms of security offered by WiFi products today, WPA2 (Wireless Protected Access) is strongly recommended. When using WPA2, both TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) options are typically available. While TKIP is still widely considered secure, the AES option is preferred.

Please refer to your router manufacturer's documentation or contact your local computer/network service provider for help ensuring that your WiFi network is adequately secured.


4. Choose a strong password

It is suggested that strong passwords be used, conforming at a minimum to the following rules:

  • At least eight characters long
  • Does not contain your name, email address, or other personal identification
  • Does not contain a complete word
  • Contains characters from all of the following four categories:
    1. Uppercase Letters
    2. Lowercase Letters
    3. Numbers
    4. Symbols found on the keyboard


5. Be careful on using password keepers

Although convenient, it is recommended to not use them at all. Use passphrases for passwords as they tend to be easier to remember.


6. Be careful what you click

Review the URL before you click and go to known and trusted Internet sites. If the URL looks funny, do not click it. A lot of untrusted URLs are variants of trusted ones, with words that at first glance seem that they are spelled correctly but actually are not. Be sure and review the URL address completely.


7. Be careful on opening email attachments or attachments contained on the Internet site

Verify the source sent you the attachment before you open it. If you cannot verify the source, don't open the attachment.


8. Security Patching

Keep your smart phone(s) and tablet(s) up-to-date with security patches provided by the manufacturer. Please refer to your device's operating system and software application manufacturers for appropriate guidance.


9. Smart Phone and Tablet password protection

Ensure that your smart phone and tablet always has a screen lock password and is set to automatically enter a locked state after a short period of inactivity.


10. Loss of your Smart Phone and Tablet

Call the GE Appliances Connected Home Support Line as soon as possible if your lost or stolen smart phone has a GE Connected Appliances app installed. GE Appliances can disable outside-of-the-home control of your appliances. If you cannot reach the GE Appliances Connected Home Support Line immediately, please contact your smart phone provider to notify them of your lost device.


GE Appliances Connected Home Support Line

1-800-220-6899
Monday - Friday: 9 a.m. - 11 p.m. ET
Saturday - Sunday: 9 a.m. - 3 p.m. ET
Email: [email protected]