Sierra Wireless Release ALEOS 4.9.3 and 4.4.7

 

Sierra Wireless Release ALEOS 4.9.3 and 4.4.7

 

 

Sierra Wireless have released ALEOS 4.9.3 and 4.4.7 to address recent security vulnerabilities affecting some AirLink gateways. Read on to find out what these updates include.

 

 

 

 

Sierra Wireless recently observed IoTroop/Reaper malware infecting AirLink gateways running older ALEOS firmware.

The malware is known to have the following impacts:

a)    During installation of the malware, the gateway’s user password will be stolen and sent to the malware’s command and control server. This may allow the gateway to be re-infected if the malware is removed but the user password is not changed.

b)    The malware will periodically contact a command and control server for instructions and potentially participate in a Distributed Denial of Service (DDoS) attack. This may result in significant unexpected data charges.

 

In response to this vulnerability, Sierra Wireless have released ALEOS 4.9.3 and 4.4.7 for the following devices:

 

Product

Firmware Upgrade

GX400, GX440, ES440, LS300

4.4.7

GX450, ES450, RV50, RV50X, MP70, MP70E

4.9.3

 

Products not listed are not affected by this issue.

Sierra Wireless strongly recommends customers to upgrade to 4.9.3 or 4.4.7 at the earliest opportunity in order to obtain the benefits of cumulative security enhancements from this and previous releases.

 

Download a copy of the technical bulletin from Sierra Wireless by following this link.

If you have any questions regarding this update, please contact your account manager on info@westbase.io or +44 (0) 1291 437 567.