Lumi Cloud Security

• User credentials: User credentails should only be used for direct user access to lumi-tv.com. Do not use these for automation scripting. If compromised, reset your password as soon as possible.
• API Tokens: API tokens allow limited access to remote control for automation scripting. Do not share these publically. If they are compromised, simply delete the affected token and regenerate a new one.
• Lumi TV GUIDs: Device GUIDs should be treated the same as API tokens (do not share publically). If they are compromised, factory reset your Lumi TV and then re-identify the device.
• USB Setup keys: USB Setup keys contain your API token. If they are lost or compromised, delete the affected API token.
• Payments / billing: These can only be accessed using your User Credentials.

Lumi TV security

Lumi TV can provide robust security and tamper resistance in public display signage. Please review this section to ensure your Provisioning settings provide the proper security for your application.

• KIOSK mode: KIOSK mode is your first line of defense against signage device tampering. Lumi TV's KIOSK mode can fully prevent access to any device settings on non white listed applications. KIOSK mode and allowed apps can be selected in your Provisioning Profiles.
• Home screen locks: We recommend using the optional Home screen icon locks and settings password. In combination with KIOSK mode, these prevent users from changing the Home screen or any device settings.
• OTA: Lumi TV is regularly updated to address any Android related security bugs. All you need to do is enable automaticate OTA update checks in your Provisioning profile to stay current. You can also manually check your security updates in devices settings -> about section.
• USB: We recommend using the "Disable USB" option in provisioning in public installations. While KIOSK mode prevents any critical tampering, the apps you are running could still be disrupted by a local USB HID attack.
• ADB: This optional interface allows local network shell access for app installation and file transfer. It is protected by ADB public/private key pairs that must be loaded during provisioning. You can also add new connections by manually accepting the connection via the device GUI (except in KIOSK mode).
• SSH & VNC: These optional interfaces allow local network file transfer and remote control. They are protected by SSH public/private key pairs that must be loaded during provisioning.
• Shell access: Shell access via remote APIs is disabled by default. If you need this it can optionally be enabled.
• Device root: Device root access is unavailable on Lumi TV devices
• DLNA / Airplay: These optional services are disabled by default. They should remain disabled in most commercial installations.
• IR remote: We recommend physically covering the IR detector eye on Lumi TV in commercial application that will be remotely controlled / scheduled. While KIOSK mode prevents any critical tampering, the apps you are running could still be disrupted by a local IR attack.