On February 26th, after a year in the field, an exploit was discovered that could provide unauthorized access to the MojoBox digital lockbox.
On 1pm EST, February 27th, we released a firmware update for all MojoBoxes. It completely resolves the Feb 26th exploit. You can immediately push this update to each of your MojoBoxes from your mobile app.
To do so, just follow these steps:
- Open the ShowMojo or MojoLock app (depending on the service you use).
- Select a MojoBox.
- Look for an “Upgrade Firmware” link at the bottom of the specific MojoBox screen.
- Click the link and follow the steps in the app.
This will need to be done in physical proximity of each MojoBox. We apologize for any inconvenience this may cause.
While perceptions of risk may vary, we strongly recommend all customers act quickly on this update.
We built the MojoBox to be a secure and affordable digital lockbox. While we wish our testing had uncovered this issue before the MojoBox was released a year ago, we hope the quick resolution of this exploit helps to make the point that we stand by the product we built.
We have a lot more to say and share. However, we feel it is seriously reprehensible to publicly discuss or disclose zero day exploits. Responsible actors provide the users of products at least a minimum amount of time to secure systems and patch vulnerabilities — as opposed to turning users into hapless victims. Our current focus is on ensuring ShowMojo customers and MojoBox users have the information and time they need to update their devices.
Stay tuned for more.