Kalay2.0 impotent updated!

Dear Kalay user,

Hello! Since March 31, 2021, the Kalay APP updated in the app market has undergone a major version upgrade. If you used the unaccounted version in the past, you need to pay attention to the following information: Due to the large scope of this change, we would like to remind you to update before the version, remove the old version used without an account, and then download and install it again, so as to avoid other abnormal situations when using it.

Thank you for your support to our work~

Kalay Team


This version update has made the following adjustments, please refer to it carefully.

1. Compatible with DTLS security mechanism

Adjustment Purpose

The old version of IOTC encryption and device authentication has security loopholes. This loophole may allow malicious attackers to steal sensitive information transmitted by the device without authorization, or use fake devices to steal data. In response to this vulnerability, we have added an authkey/DTLS security mechanism, which is compatible with the normal use of new and old devices.

For more information, please refer to:https://www.throughtek.cn/please-update-the-sdk-version-to-minimize-the-risk-of-sensitive-information-being-accessed-by-unauthorized-third-party

Adjustment Content

a. After the device is added for the first time and the connection is successful, obtain whether the device supports DTLS mode;
b. If it is confirmed that the device is not in DTLS mode, the old API will be called for av connection, if it is confirmed that the device is already in DTLS mode, the new API will be called for av connection.

Impacts and Suggestions

a. If the device uses SDK v3.1.10 and newer versions, please enable AuthKey and DTLS;
b. If the device uses all the old versions before SDK v3.1.10, please upgrade the database to v3.3.1.0 or v3.4.2.0, and enable AuthKey and DTLS.

2. Compatible with authkey connection method

Adjustment Purpose

The old version of IOTC encryption and device authentication has security loopholes. This loophole may allow malicious attackers to steal sensitive information transmitted by the device without authorization, or use fake devices to steal data. In response to this vulnerability, we have added an authkey/DTLS security mechanism, which is compatible with the normal use of new and old devices.

For more information, please refer to:https://www.throughtek.cn/please-update-the-sdk-version-to-minimize-the-risk-of-sensitive-information-being-accessed-by-unauthorized-third-party

Adjustment Content

a. After the device is added for the first time and the connection is successful, obtain whether the device supports the authkey mode;
b. If it is confirmed that the authkey mode is not enabled on the device, the old API will be called for IOTC connection. If the device is confirmed that the authkey mode is enabled, the new API will be called for IOTC connection.

Impacts and Suggestions

a. If the device uses SDK v3.1.10 and newer versions, please enable AuthKey and DTLS;
b. If the device uses all the old versions before SDK v3.1.10, please upgrade the database to v3.3.1.0 or v3.4.2.0, and enable AuthKey and DTLS.