Bryant Evolution Connex WiFi Thermostat & MyEvolution Smartphone App Review

Review of the features, operation, network security and data exposure for the Bryant Evolution Connex WiFi Thermostat and MyEvolution smartphone app.

Series index:

My old central air conditioning & heating system was replaced by a Bryant Evolution high efficiency system with the Evolution® Connex™ Control Model SYSTXBBECC01-A. The Connex thermostat is connected to my home WiFi network which enables:

  • remote Internet control from the MyEvolution web portal, Connex smartphone app or Amazon Alexa voice commands
  • automatic date/time synchronization
  • weather forecast updates
  • send status and diagnostic data to Bryant
  • download software updates

After registering for an account on the MyEvolution web portal for remote access to the WiFi thermostat, I installed the MyEvolution Connex app on my Apple iPhone. Within minutes I had remote access to the thermostat from my iPhone at home or away via the Internet.

Bryant Evolution Connex WiFi Thermostat & MyEvolution Smartphone App Review

The Connex iPhone app is almost identical to the Connex wall control/thermostat. I can view and change nearly everything from the iPhone app except for the wall control Time & Date, which it obtains from the Bryant server via the Internet based on my zip code & time zone. I sat my iPhone on the Connex thermostat to show the user interface similarities in the following photos.

The Home Screen shows the room temperature, weather forecast and status (cooling, heating or blank if the system is idle):

Bryant Evolution Connex WiFi Thermostat and iPhone App - Home Screen

Bryant Evolution Connex WiFi Thermostat and iPhone App – Home Screen

Touching the Home screen on both devices brings up the Main menu:

Bryant Evolution Connex WiFi Thermostat and iPhone App - Main Menu

Bryant Evolution Connex WiFi Thermostat and iPhone App – Main Menu

Touching “menu” at the lower right corner of the display brings up the Menu screen with applets for comfort profiles, schedules, vacation, status, etc:

Bryant Evolution Connex WiFi Thermostat and iPhone App - Menu Screen

Bryant Evolution Connex WiFi Thermostat and iPhone App – Menu Screen

Touching the “operating status” icon above displays what the system is doing. At the moment the 5 stage (speed) air conditioner compressor is running at 100% and the fan is On. I don’t have a humidifier or outdoor air ventilator on my system:

Bryant Evolution Connex WiFi Thermostat and iPhone App - Equipment Operating Status

Bryant Evolution Connex WiFi Thermostat and iPhone App – Equipment Operating Status

The smartphone app and wall control work great! The iPhone app is very convenient, no more going upstairs to change the temperature. Especially when I change the downstairs system setting on my 2nd system and need to synch the two so the house is the same temperature throughout.

Evolution Connex Wall Control WiFi Connectivity

The Connex WiFi connectivity works well although it seems to have some WiFi sensitivities where it’s slow making the initial connection and the radio isn’t the strongest.

The Connex wall control is located in the hallway on the left wall under the attic folding stairs about 15 feet away from my UniFi AP-AC WiFi access point:

UniFi Access Point - Drywall Ceiling Mount

UniFi Access Point – Drywall Ceiling Mount

Examining the Connex wall control in the UniFi Controller reveals it uses a Redpine Signals WiFi module with a bandwidth of 1Mbps (megabits/sec) and currently has a signal strength of 52%:

UniFi WiFi Controller Device Statistics

UniFi WiFi Controller Device Statistics

52% signal strength translates to 4 out of 5 signal bars on the wall control display. I expected the signal strength to be stronger given it’s only 14 feet from the WiFi access point. By contrast other devices placed next to the wall control have 70% signal and 5 bars. If you’re having issues considering installing a WiFi range extender near the Connex wall control.

Bryant Connex WiFi Wall Control Operation

I have a Ubiquiti EdgeRouter with firewall rules that block all incoming traffic from the Internet unless it’s in response to request originated by a device in my network. I was curious how the MyEvolution Connex iPhone app is able to update the wall control settings when I’m away from home? The app can’t be talking directly to the thermostat because unsolicited Internet connections are blocked.

To figure out how the Connex wall control and iPhone app worked I configured port mirroring on my router and analyzed the network traffic with WireShark.

Before going into a lot of technical details, I learned the Connex app and wall control operates as follows:

  • Changes made by through the MyEvolution web portal or smartphone app are written to the Bryant servers.
  • The Connex wall control polls the Bryant MyEvolution API Server roughly every 30 seconds to send status updates and check if any settings have been updated via the MyEvolution web portal, smartphone app or Amazon Alexa.
  • The wall control downloads the latest settings and applies the changes.
  • The new system status is sent by the wall control to the Bryant servers.
  • I chose to have an e-mail notice sent to me anytime a setting is changed, whether manually at the wall control or remotely.

Because the wall control is polling (originating traffic from my network) to the Bryant servers it’s allowed by my firewall rules. The following diagram illustrates the communications processes:

Bryant Evolution Connex WiFi Thermostat and MyEvolution App Protocols Diagram

Bryant Evolution Connex WiFi Thermostat and MyEvolution App Protocols Diagram

MyEvolution Connex app on iTunes

The MyEvolution Connex app has a 2 out of 5 star rating as of this writing (June 2017). It’s a full featured app and I really like it. Now that I understand how the wall control, servers and apps work together I suspect the reason for the poor reviews are connectivity problems with remote Internet, in-home WiFi or not understanding the roughly 30 second polling cycle. If you’re having problems changing the thermostat check the following:

  • Is the wall control WiFi signal good?
  • Do you have a reliable Internet connection on your smartphone when away?
  • It takes roughly 30 seconds for the wall control to poll the Bryant server for changes.
    After making changes via the App be sure to return to the previous screen so it’s not waiting for additional user inputs.
  • The compressor has a “3.5 minute time delay after last cycle, initial power up, return from brown-out condition.” See page 7 of the 189BNV Service Manual. The delay is to protect the compressor from rapid start/stop cycles (slamming).
  • Have you enabled the change confirmation e-mail option in the MyEvolution web portal?

Depending on the system status it could be 4+ minutes before temperature setting changes are effected. In my experience changes take effect in under 1 minute including receipt of the confirmation e-mail.

Bryant Evolution Connex WiFi Wall Control: Security & Data Exposure Risks

Internet of Things (IoT) devices tend to have a poor track record regarding security vulnerabilities and data exposure issues. I examined the WireShark packet traces and found the Connex system has some outdated security and data exposure risks. I don’t plan to stop using the product but the gaps should be corrected.

Connex iPhone App Security

The MyEvolution Connex iPhone app uses Transport Layer Security (TLS) v1.2 to establish a secure and encrypted connection to the Bryant servers. See the above diagram. This a best practice. The WireShark trace shows the iPhone app “Client Hello” message sent to the Bryant server IP address to begin the TLS negotiation:

Transmission Control Protocol, Src Port: 60166, Dst Port: 443, Seq: 1, Ack: 1, Len: 215
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
   Content Type: Handshake (22)
   Version: TLS 1.0 (0x0301)
   Length: 210
   Handshake Protocol: Client Hello

which is followed by the Server Hello. My iPhone IP address is 10.10.3.50 and the www.app-api.eng.bryant.com API server is 128.11.139.135:

128.11.139.135 10.10.3.50 TLSv1.2 231 Server Hello, Change Cipher Spec, Encrypted Handshake Message
Secure Sockets Layer
   TLSv1.2 Record Layer: Handshake Protocol: Server Hello
   Content Type: Handshake (22)
   Version: TLS 1.2 (0x0303)
   Length: 81
   Handshake Protocol: Server Hello
      Handshake Type: Server Hello (2)
      Length: 77
      Version: TLS 1.2 (0x0303)
      Random
      Session ID Length: 32
      Session ID: f3678d565e24cf700f4aa7c451e5e0ffc41d3becfe81d769...
      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
      Compression Method: null (0)
      Extensions Length: 5
      Extension: renegotiation_info
  TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
      Content Type: Change Cipher Spec (20)
      Version: TLS 1.2 (0x0303)
      Length: 1
      Change Cipher Spec Message
  TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
      Content Type: Handshake (22)
      Version: TLS 1.2 (0x0303)
      Length: 64
      Handshake Protocol: Encrypted Handshake Message

and encrypted message dialog:

10.10.3.50 128.11.139.135 TLSv1.2 827 Application Data
Secure Sockets Layer
   TLSv1.2 Record Layer: Application Data Protocol: http-over-tls
      Content Type: Application Data (23)
      Version: TLS 1.2 (0x0303)
      Length: 752
      Encrypted Application Data: 9201b7e5b4b7415bba2290af7defa46e51325e20ec714ca3...

Because the TLS session is encrypted I was unable to view the content of the data exchange, which is how it should be.

Connex WiFi Wall Control Security & Data Exposure

The Connex wall control falls short on Internet security and data exposure because:

  • It uses an outdated Open Authentication (OAuth) version 1.0 with known vulnerabilities.
    • Note that OAuth only protects your MyEvolution user name and password login credentials.
  • All traffic is transmitted as plain text over insecure HTTP.
    • This is vulnerable to Man in the Middle attacks where an attacker could intercept and modify the wall control settings. For example, an attacker could turn Off the heat causing the water pipes to freeze and burst in the winter.
      • Recall that OAuth does not detect or prevent the XML message payload with the control settings from being modified. More on XML later.
    • Leaks non-personally identifiable information including the Zip Code, Date/Time and all system serial numbers, PIN, status & operating parameters and my Ubiquiti EdgeRouter MAC Address. An adversary could learn about your habits from the Home, Away, Sleep and Vacation schedules.

Software updates are required to fix the wall control and API server vulnerabilites:

  • Implement OAuth 1.0a or better 2.0.
    The 1.0a specification was released in 2009. Oauth 2.0 was published in 2012.
  • Secure wall control traffic with HTTPS (HTTP over TLS) instead of plain text HTTP for security and privacy.
    This will also encrypt the OAuth headers.

Sample traces of the MyEvolution Connex wall control with sensitive values redacted follow below.

DNS Queries

After the wall control powers-up and connects to WiFi it sends DNS queries to resolve the API server and a DDNS service (no-ip.info):

10.10.3.65 10.10.0.1 DNS Standard query 0x00ab A www.api.eng.bryant.com
10.10.3.65 10.10.0.1 DNS Standard query 0x00ab A carrier.no-ip.info

The Connex WiFi wall control is at 10.10.3.65 and my EdgeRouter is the DNS server at 10.10.0.1 which forwards DNS requests to my chosen providers.

HTTP GET Alive Method

Next it sends “I’m alive” messages to the Bryant MyEvolution API server:

GET /Alive?sn=my_serial_number HTTP/1.1
Host: www.api.eng.bryant.com
Authorization: OAuth realm="http://www.api.eng.bryant.com/Alive?sn=08********0",
  oauth_consumer_key="9**************7",
  oauth_nonce="149**********68",
  oauth_signature_method="HMAC-SHA1",
  oauth_timestamp="1********5",
  oauth_token="081********",
  oauth_version="1.0",
  oauth_signature="X9n*********************Kww="
Content-Type: application/x-www-form-urlencoded

The results of the GET request are returned in the API server 200 OK response:

APPHTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 22 Jun 2017 02:07:09 GMT
Content-Length: 5
alive

HTTP POST Systems Method

The Systems POST sends the wall control serial #, configuration, zones, schedule and your zip code to the server in XML format. XML is easier to read if properly indented to show the nested structure but that was lost with copy & paste here:

POST /systems/my_serial_number HTTP/1.1
Host: www.api.eng.bryant.com
Authorization:
OAuth realm="http://www.api.eng.bryant.com/systems/my_serial_number",
oauth_consumer_key="9**************7",
oauth_nonce="149***********5",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1********2",
oauth_token="0*********0",
oauth_version="1.0",
oauth_signature="kq**********************aDU="
Content-Type: application/x-www-form-urlencoded
Content-Length: 53252
data=<system version="1.7">
<config>
<mode>auto</mode>
<cfgem>F</cfgem>
<cfgauto>on</cfgauto>
<cfgtype>heatcool</cfgtype>
<cfgdead>2</cfgdead>
<cfgcph>4</cfgcph>
<cfgfan>on</cfgfan>
<cfgpgm>on</cfgpgm>
<cfgchgovr>30</cfgchgovr>
<cfgsimultheatcool/>
<cfgrecovery>on</cfgrecovery>
<cfgzoning>on</cfgzoning>
<cfghumid>off</cfghumid>
<cfgvent>off</cfgvent>
<cfguv>off</cfguv>
<filtertype>air filter</filtertype>
<filterinterval>3</filterinterval>
<ventinterval>90</ventinterval>
<uvinterval>12</uvinterval>
<huminterval>12</huminterval>
<humidityfan>off</humidityfan>
<statpressmon>on</statpressmon>
<odtmpoff>0</odtmpoff>
<humoff>0</humoff>
<ducthour>13</ducthour>
<heatsource>system</heatsource>
<erate>0.75</erate>
<grate>0.50</grate>
<fueltype>gas</fueltype>
<gasunit>therm</gasunit>
<blight>80</blight>
<screensaver>off</screensaver>
<sound>on</sound>
<filtrrmd>on</filtrrmd>
<humrmd>on</humrmd>
<ventrmd>on</ventrmd>
<uvrmd>on</uvrmd>
<windowprotect>
<enabled>on</enabled>
<rhtg>9</rhtg>
<ventprotect>off</ventprotect>
</windowprotect>
<humidityHome>
<humid>manual</humid>
<rhtg>4</rhtg>
<rclg>1</rclg>
<rclgovercool>off</rclgovercool>
<humidifier>on</humidifier>
<venthtg>auto</venthtg>
<ventspdhtg>high</ventspdhtg>
<ventclg>auto</ventclg>
<ventspdclg>high</ventspdclg>
</humidityHome>
<humidityAway>
... more stuff ...
</humidityAway>
<humidityVacation>
... more stuff ...
</humidityVacation>
<vacat>off</vacat>
<vacstart/>
<vacend/>
<vacmint>60.0</vacmint>
<vacmaxt>80.0</vacmaxt>
<vacfan>off</vacfan>
<torqueControl>off</torqueControl>
<staticPressure>0.46</staticPressure>
<calcMinCFM>300</calcMinCFM>
<blowerSpeed>997</blowerSpeed>
<systemCFM>1050</systemCFM>
<blowerActualCFM/><blowerCoolingCFM/>
<blowerHeatingCFM/><blowerPower/>
<utilityEvent>
<enabled>false</enabled>
<priceResp>offset</priceResp>
<priceLimit>10</priceLimit>
<priceOffset>4</priceOffset>
<priceHtAbs>60</priceHtAbs>
<priceClAbs>82</priceClAbs>
<demandResp>offset</demandResp>
<demandOffset>4</demandOffset>
<demandHtAbs>60</demandHtAbs>
<demandClAbs>82</demandClAbs>
<minLimit>50</minLimit>
<maxLimit>90</maxLimit>
<restoreDefaults>off</restoreDefaults>
</utilityEvent>
<wholeHouse>
<holdActivity>none</holdActivity>
<hold>off</hold>
<otmr/>
<activities>
<activity id="home">
<blight>80</blight>
</activity>
<activity id="away">
<blight>80</blight>
</activity>
<activity id="sleep">
<blight>50</blight>
</activity>
<activity id="wake">
<blight>80</blight>
</activity><activity id="manual">
<blight>80</blight>
</activity>
</activities>
</wholeHouse>
<weatherPostalCode>my_zip_code</weatherPostalCode>
<zones>
<zone id="1">
<name>ZONE 1</name>
<enabled>on</enabled>
<holdActivity>manual</holdActivity>
<hold>on</hold>
<otmr>17:00</otmr>
<setback>on</setback>
<airflowlimit>high</airflowlimit>
<cfmlimit>3375</cfmlimit>
<tempoffset>0</tempoffset>
<activities>
<activity id="home">
<htsp>68.0</htsp>
<clsp>75.0</clsp>
<fan>off</fan>
</activity>
<activity id="away">
<htsp>65.0</htsp>
<clsp>75.0</clsp>
<fan>off</fan>
</activity>
<activity id="sleep">
<htsp>67.0</htsp>
<clsp>73.0</clsp>
<fan>off</fan>
</activity>
<activity id="wake">
... more stuff ...
</activity>
<activity id="manual">
... more stuff ...
</activity>
</activities>
<program>
<day id="Sunday">
<period id="1">
<activity>home</activity>
<time>06:00</time>
<enabled>on</enabled>
</period>
<period id="2">
<activity>home</activity>
<time>08:00</time>
<enabled>on</enabled>
</period>
... more stuff ...
</day>
<day id="Monday">
... more stuff ...
<day id="Saturday">
... more stuff ...
</day>
</program>
</zone>
</zones>
</config>
</system>

Next the Connex wall control sends PIN, firmware version, model and serial numbers of the wall control, outdoor condenser and furnace. I’m thinking with since this data uploaded to the API server that feeds the MyEvolution web portal shouldn’t the product warranty registration be automatic? Since I have all the model and serial numbers it here it can just copy & paste it in the registration website.

POST /systems/my_serial_number/profile HTTP/1.1
Host: www.api.eng.bryant.com
Authorization:
OAuth realm="http://www.api.eng.bryant.com/systems/my_serial_number/profile",
oauth_consumer_key="9************587",
oauth_nonce="149***********6",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="149******9",
oauth_token="0*********0",
oauth_version="1.0",
oauth_signature="0F*********************Eccs="
Content-Type: application/x-www-form-urlencoded
Content-Length: 3358

data=<system_profile version="1.7">
<pin>********</pin>
<brand>Bryant</brand>
<model>SYSTXBBECC01-A</model>
<serial>0*********0</serial>
<firmware>CESR131493-14.01</firmware>
<routerMac>2**********0</routerMac>
<idutype>furnace</idutype>
<idusource>gas</idusource>
<idustages>2</idustages>
<iducapacity>54</iducapacity>
<pwmblower>off</pwmblower>
<indoorModel>315AAV036070AGJA</indoorModel>
<indoorSerial>0********8</indoorSerial>
<iduversion>CESR131516-24</iduversion>
<odutype>multistgac</odutype>
<oducapacity>36</oducapacity>
<outdoorModel>189BNV036000FA</outdoorModel>
<outdoorSerial>2********6</outdoorSerial>
<oduversion>CESR131564-10</oduversion>
<samType>ING</samType>
<uvpresent>off</uvpresent>
<humpresent>off</humpresent>
<ventpresent>off</ventpresent>
<sampresent>off</sampresent>
<sammodel/><samserial/>
<samversion/>
<nimpresent>off</nimpresent>
<nimmodel/>
<nimserial/>
<nimversion/>
<ewtsensorpresent>off</ewtsensorpresent>
<zoneboards>
<board id="1">
<present>off</present>
<model/>
<serial/>
<version/>
</board>
<board id="2">
<present>off</present>
<model/>
<serial/>
<version/>
</board>
</zoneboards>
<zones>
<zone id="1">
<present>on</present>
<sensortype>user interface</sensortype>
<ssmodel>N/A</ssmodel>
<ssserial>N/A</ssserial>
<ssversion>N/A</ssversion>
</zone>
<zone id="2">
<present>off</present>
<sensortype>remote sensor</sensortype>
<ssmodel>N/A</ssmodel>
<ssserial>N/A</ssserial>
<ssversion>N/A</ssversion>
</zone>
... more stuff ...
</zones>
</system_profile>

HTTP GET Weather Method

The Connex wall control gets the weather forecast that’s displayed on the Home screen by sending a GET request to the API server for your zip code. I’ve omitted the OAuth header for brevity:

GET /weather/my_zip_code/forecast HTTP/1.1
Host: www.api.eng.bryant.com

The forecast is given in the 200 OK response:

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 1664
Content-Type: application/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 22 Jun 2017 02:07:24 GMT

<weather_forecast version="1.22"
   xmlns:atom="http://www.w3.org/2005/Atom">
   <atom:link rel="self" href="http://www.api.eng.bryant.com/weather/my_zip_code/forecast"/>
   <atom:link rel="http://www.api.eng.bryant.com/rels/weather"
      href="http://www.api.eng.bryant.com/weather/my_zip_code"/>
   <timestamp>2017-06-22T01:05:23.4711113Z</timestamp>
   <ping>240</ping>
   <day id="Wednesday">
      <timestamp>2017-06-21T00:00:00-04:00</timestamp>
      <min_temp units="f">70</min_temp>
      <max_temp units="f">81</max_temp>
      <status_id>8</status_id>
      <status_message>Rain</status_message>
      <pop>55</pop>
   </day>
   <day id="Thursday">
      <timestamp>2017-06-22T00:00:00-04:00</timestamp>
      <min_temp units="f">72</min_temp>
      <max_temp units="f">79</max_temp>
      <status_id>8</status_id>
      <status_message>Rain</status_message>
      <pop>74</pop>
   </day>
   <day id="Friday">
      ... more stuff ...
   </day>
   <day id="Saturday">
      ... more stuff ...
   </day>
   <day id="Sunday">
      ... more stuff ...
   </day>
   <day id="Monday">
      ... more stuff ...
   </day>
</weather_forecast>

HTTP GET Time Method

The wall control gets the time & date for your time zone by asking the API server. The is a nice feature that avoids local clock drift:

GET /time/ HTTP/1.1
Host: www.api.eng.bryant.com

The GET time 200 OK response:

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 170
Content-Type: application/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 22 Jun 2017 01:05:24 GMT

<time version="1.22"
   xmlns:atom="http://www.w3.org/2005/Atom">
   <atom:link rel="self" href="http://www.api.eng.bryant.com/rels/time"/>
   <utc>2017-06-22T01:05:24Z</utc>
</time>

HTTP GET Release Notes

The wall control goes to a different URL to download a brief set of release notes:

GET http://www.ota.eng.bryant.com/releaseNotes/systxbbec-14.01.txt HTTP/1.1
Host: www.ota.eng.bryant.com

HTTP GET Systems

The wall control queries the API server roughly every 30 seconds to check for configuration changes you’ve made from the smartphone app, MyEvolution web portal or Amazon Alexa:

GET /systems/my_serial_number/config HTTP/1.1
Host: www.api.eng.bryant.com

HTTP POST Outdoor Unit Status (ODU)

Wall control sends the outdoor condenser/compressor status to the API server:

POST /systems/my_serial_number/odu_status HTTP/1.1
Host: www.api.eng.bryant.com

HTTP POST Indoor Unit Status (IDU)

Wall control sends the outdoor condenser/compressor status to the API server:

POST /systems/my_serial_number/idu_status HTTP/1.1
Host: www.api.eng.bryant.com

HTTP POST Systems Status

The POST Systems Status also checks the API server for updates:

POST /systems/my_serial_number/status HTTP/1.1
Host: www.api.eng.bryant.com
Authorization: OAuth realm="http://www.api.eng.bryant.com/systems/my_serial_number/status",
   oauth_consumer_key=<remained of oauth header fields omitted for brevity>

and the server 200 OK response:

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 971
Content-Type: application/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 22 Jun 2017 00:38:12 GMT

<status version="1.22"
   xmlns:atom="http://www.w3.org/2005/Atom">
   <atom:link rel="self" href="http://www.api.eng.bryant.com/systems/my_serial_number/status"/>
   <atom:link rel="http://www.api.eng.bryant.com/rels/system"
      href="http://www.api.eng.bryant.com/systems/my_serial_#"/>
   <timestamp>2017-06-22T00:38:12Z</timestamp>
   <pingRate>10</pingRate>
   <iduStatusPingRate>0</iduStatusPingRate>
   <iduFaultsPingRate>86400</iduFaultsPingRate>
   <oduStatusPingRate>0</oduStatusPingRate>
   <oduFaultsPingRate>82800</oduFaultsPingRate>
   <historyPingRate>75600</historyPingRate>
   <equipEventsPingRate>79200</equipEventsPingRate>
   <rootCausePingRate>72000</rootCausePingRate>
   <serverHasChanges>false</serverHasChanges>
   <configHasChanges>false</configHasChanges>
   <dealerHasChanges>false</dealerHasChanges>
   <dealerLogoHasChanges>false</dealerLogoHasChanges>
   <oduConfigHasChanges>false</oduConfigHasChanges>
   <iduConfigHasChanges>false</iduConfigHasChanges>
   <utilityEventsHasChanges>false</utilityEventsHasChanges>
</status>

Ping rates appear to be in seconds. For example “<iduFaultsPingRate>86400</iduFaultsPingRate>” where 86,400 seconds equals 24 hours.

The “HasChanges” fields are obvious enough, where “<serverHasChanges>false</serverHasChanges>” means the API server doesn’t have changes for the wall control settings.

MyEvolution Connex WiFi Wall Control Final Thoughts

The MyEvolution iPhone app and wall control are really nice from homeowner perspective. The iPhone app uses strong encryption however the Connex WiFi wall control security and data protection needs updating. I haven’t installed the MyEvolution Desktop app because it requires Adobe AIR which includes Flash Player that is known for security vulnerabilities.

It’s all too common that manufacturers who are great in their primary line of business aren’t that good at IoT security. Hopefully a wall control software update will close the security and privacy gaps.

Best,

Bob

Copyright © 2017 HandymanHowTo.com   Reproduction strictly prohibited.

,

No comments yet.

Leave a Reply