For the past couple of weeks, I’ve been dealing with the SSL Heartbleed bug in my day job pretty aggressively. The bug is a serious one and likely affects you in your daily Internet browsing, as any “secure” internet connections using SSL are possibly vulnerable.
One thing you might not have considered yet is whether this bug affects SSL traffic on your ISY-994i, the entry point to your entire home’s automation system. The good news is that the answer appears to be NO: you are safe from this bug with your ISY994i.
I’m basing this assertion on two things:
- In this forum post, Michel, a very helpful Universal Devices developer, states: “ISY does NOT use OpenSSL. The https stack is completely and fully developed by us.“
- I’ve tested my own ISY-994i with the online testing tool at filippo.io/Heartbleed. While it returns an error for my device, it’s most likely that Universal Device’s custom implementation isn’t affected by this particular memory exposure bug.