Page 1 of 4 issues

Posted: 01 Feb 2018 00:11
by PoltoS
Dear Z-Way/RaZberry users,

Many of you are IT experts so we believe it would be good to share some technical details with you.

You might have noticed that our remote access service called was not working well last months. The reason is a very fast growing number of users. We did a lot of work to heal the service, but just adding more resources to the server was not a solution. The intrinsic limitation of the technology used made it impossible to easily scale our infrastructure.

As a result we decided to follow two steps:
1) We change our infrastructure to scale it horizontally - means adding more servers. This was expected to be a fast solution.
2) Over time (in April-May 2018) switch to another technology we develop since July 2017.

Our Step 1 was expected this month. Last week we have made two test switches to our new servers, but pretty soon we realized that there is a security issue allowing to access boxes of other people. Some of you also noticed that and were gentle to drop us a note about this highly critical issue. Of course we turned the service down and switch back to the old robust and secure server.

This critical issue is fixed now and we would like to share with you how a small bug in our software ended up with a disaster.

As you know, we do not store any information on our server. Even hashes of your passwords are not stored. We only store public keys of your boxes to match them against your box ID to verify your box identity when you connect. This is to make useless to hack our servers. When you connect via Web or mobile apps, our server connects to your Z-Way via the tunnel and tries to login via the login and password you entered in the form. If successful, we send back to your browser the authenticated session. If not, we say login/password incorrect. This means we do not store any logins/passwords/Z-Way session of your boxes.

How has it ended up that one got access to the box of another customer? Good question! It turned out that our passthru authentication daemon after improvements to support new server infrastructure was not initializing the memory and in some cases when entering wrong login and password a session from the last successful authenticated user was returned. Stupid bug that resulted in an awfully problem, agree!

As of today this issue is fixed. We did a lot of internal tests and are now ready to turn the service for public.

We apologize for the inconvenience caused and hope there were no harmful consequence for each of you. We hope that this trouble will not kill your trust in us. We will continue to make our best to provide you a good, robust, secure (and free as before) service.

Out Step 2 is an ongoing work. Security is our primary goal. We will comme up with this new technology around April-May as planned.

We still don't store your data, if you don't trust us, you are always free to disable the remote access service and use your own way to access your box remotely.

Sincerely yours,
Poltorak Serguei
CTO at Z-Wave.Me

Re: issues

Posted: 01 Feb 2018 14:01
by enbemokel
Hi Polto, hi Team,

thanks for informing me/us about the true story behind the problems and an upcoming solution.
I like the Z-Way system and the functions. Personally I started to use VPN to connect to the system but the server
is an easy solution.
Go on and thanks for all your and your teams work in Z-Way.
Best regards

Re: issues

Posted: 03 Feb 2018 16:44
by RolfKunkel
All this sounds promising but the reality unfortunately looks different. Today Alexa Service is not working at all for me. Yesterday it worked pretty well (9 out of 10 commands worked successfully) today every command via Alexa fails. I would prefer to pay a few Euro per month for a stable service instead of having a service for free that is not working. My wife is upset and asked me to look for another system that works. I have not looked yet but if stability will not improve I will do that.

Re: issues

Posted: 07 Feb 2018 00:46
by PoltoS
The service is not finally running smoothly. It works on 3 servers balancing the load between them.

We now finally have time to work on the future service that will be even more efficient and faster to serve even more customers.

Re: issues

Posted: 15 Feb 2018 01:50
by PoltoS
Dear Z-Way/RaZberry users!

We would like to announce that our service is running fine now.

Re: issues

Posted: 19 Feb 2018 00:23
by Brekne
It is not . Backend server error or I get 502 Bad gateway

Re: issues

Posted: 19 Feb 2018 02:35
by PoltoS
Switched to a another server, now back again

Re: issues

Posted: 18 Apr 2018 23:54
by Brekne
I only get "Backend server error" This has been the case for the last days

Re: issues

Posted: 19 Apr 2018 17:48
by Onanov
Im getting the same - Backend server error - been like this for a number of weeks with Alexa not responding to commands. Any update on the fix for this?

Re: issues

Posted: 20 Apr 2018 14:54
by itstrisha
Hello there,

Thanks for updating me about the actual issue and also thanks for providing the solution