We have received reports from customers receiving notifications from Xfinity, Cox, and other ISPs flagging network activities from Awair devices as 'connecting to malicious IPs', or that it is 'blocking attempts of the Awair device to contact a known malicious IP address', similar to the screenshots below:
This happens when your Awair device accesses the Awair timeserver to get an accurate sense of time. The service has not been breached and it does not pose any risk. The only service it provides to the devices is the current time based on the timezone of the requesting device. Since the ISPs mainly warn, but could also block access to this service, the worst that could happen is that the device display may not report the accurate time or the clock could drift over time.
It is something we have noticed on Cox, Comcast, and a few other ISPs with advanced security firewalls. Several large ISPs appear to be using a “smart” automated firewall list that shuts off traffic to certain IP addresses on the internet. Awair's time synchronization server IP got swept up in an automated system and gets flagged as suspicious.
Regarding your ISP security flagging your device as a potential threat, this is a false positive report; there is no compromised server. The firewall is being flagged when the device does an hourly time synchronization.
What is this server endpoint / IP address responsible for?
- This is a time synchronization server. When the device contacts the server it returns the current time.
Has this service been compromised?
We are attempting to contact these ISPs to get our IP address whitelisted/taken off the automated list.
In the meantime, we are working on an update for our device firmware to use a different subdomain and IP address for the time synchronization. This will require an automatic firmware update in the future.
Some customers have been able to work with their ISP directly to remove the Awair timeserver from their blocklist.
If you encounter the same issue again, please provide some screenshots like the ones above and kindly forward them to us through our support channel.