Print Page | Close Window

Apex Controller Security

Printed From: Utah Reefs
Category: Main
Forum Name: General Discussion
Forum Description: Posts that don't fit in any of the other categories.
Printed Date: March 25 2019 at 3:48pm

Topic: Apex Controller Security
Posted By: knowen87
Subject: Apex Controller Security
Date Posted: April 16 2018 at 9:57am
I have been an apex owner for a long time 5+years. It used to be a lot more complicated to set up especially if you did not have a lot of knowledge about networks and routers. Back then, you had to set up a port forward to allow the apex access to control your tank while you were away.  The other day, I found this story on Reddit and it made me worried about my apex." rel="nofollow -

So I emailed Apex and they send me this response
"Thank you for your inquiry and concern.  Based on our understanding of those articles that were published the owners of the aquarium exposed their controllers (we aren't sure if they are an Apex of not) to the Internet via port forwarding.  Port forwarding allows for inbound communication to your network- which is not recommended.  Most of your Internet browsing and things of that nature is outbound communication- and is much safer.  Fortunately, the Apex and our Apex Fusion cloud services only use outbound communication to monitor and control your aquarium.  "

So in summary, as long as you use the normal conventions with your Apex (as most our users do) and do not configure port forwarding in your router to expose your controller directly to the Internet, then your cause for concern should be minimal."

"You can utilize Apex Fusion exclusively.  Apex Fusion was released in 2014 and since that time port forwarding has not been needed" 

Looks like I will be closing my port this afternoon. 

Posted By: knowen87
Date Posted: April 16 2018 at 10:03am
Does someone with more tech experience want to expand on the security of apex fusion? Once my port is closed should I still be concerned with the apex allowing in hackers?

Posted By: Krazie4Acans
Date Posted: April 16 2018 at 11:25am
Even with port forwarding turned on for the apex, as long as you are not using the default username and password, it would be very hard for a hacker to gain access to that device through the port forward compromise the device enough to gain access to the network and then hack other data.

On top of that they would need a reason to think they would be getting something worth their effort on your network. A Casino is a valid target, a home with an Apex is probably not the best use of their time to hack it.

Port forwarding is not really a bad thing when done correctly (this falls back on that knowledge of networks and routers part of your post). The issue is that most people pick ports that are known open access ports that Hackers target. Picking ports that are normally reserved for things like Firwalls, routers, intrusion detection systems and things like that make it much less likely that a hacker is going to try.

On to Fusion. Fusion is cloud based and uses public and private key authentication to talk to your Apex. What that means is that only Fusion knows what the access key is to talk to your apex. It is not sent through the communication between Fusion and your Apex at all so hacking it is extremely hard. It is further complicated because a client trying to access your apex can only do so by being authenticated to the Fusion servers. It's quite secure and again a Hacker is going to need to have a reason to believe that there is a significant value of what they will get from your network in order to spend the time to try and hack through any of these systems to get to your data.

My ocean.
90g (yup, won it!), 40g, 28g, & 10g Systems
PADI Advanced Open Water" rel="nofollow - Tank Thread:

Print Page | Close Window