How is the Camio Box software updated?

Camio Box Software Updates

The Camio Box software itself is updated automatically.

  1. Every change to the software code or installation scripts is reviewed and approved by at least one other teammate.
  2. The approved code changes are built automatically into a Release Candidate (RC), which is posted on camio.com servers.
  3. The RC is first deployed only on devices manually whitelisted by MAC of the Camio Box to detect bugs that may appear only after long periods of operation.
  4. The RC is approved as a Release for gradual rollout as a percentage of all devices (e.g. 10%, 20%, 50%, 100%)
  5. Camio Box checks for the availability of new software every 6 hours, and when the MAC and User-Agent of a particular Box require a software update, the Camio servers send a command to the Box to begin the software update process.
  6. The upgrade command retrieved from camio.com includes the URL from which to download the new software release.
  7. The downloaded Release file may also include optional maintenance scripts that apply OS-level patches or updates required prior to the use of the new Release.
  8. The existing release is copied to a backup directory prior to the application of the new Release, so that a failure in applying the new Release can be reverted to the prior Release.
  9. The Camio Box process is restarted, which results in a brief (1-second) interruption in video recording as the streams reconnect. (This 1-second outage will be removed with the release of Camio Flex, which runs on Kubernetes)

Information Security

  1. All of communication between Camio Box and Camio servers to retrieve software updates is TLS 1.3 encrypted using Perfect Forward Secrecy key rotation.
  2. All https requests include SSL Cert Verification without permitting the specification of a CA_BUNDLE (i.e. SSL inspection is disallowed) to prevent man-in-the-middle vulnerabilities.
  3. Camio Box doesn't pin Certificates today. The risks of operating in a hostile environment (e.g. malicious DNS) seem lower than the risks of service interruptions in responding to compromised keys or Certificate Authority revocations.
Have more questions? Submit a request

Comments