Avalon Nano 3 [unofficial thread] - page 8.

CanaanInc.

newbie

Activity: 4

Merit: 5

We apologize for the inconvenience. Tomorrow, we will provide a brick rescue toolkit along with a guidance video. These resources are designed to assist you in updating and fixing your Nano 3. Thank you for your patience, we will keep you posted.

Quote from: whoismeanyway on July 21, 2024, 01:14:39 AM

I download this firmware file to update my nano 3 but now bricked it and not hashing anymore. I need proper firmware file to update and fix my nano 3.
Anyone can help me please?
[/quote]

Same to me since yesterday. What a mess. I emailed them.
[/quote]

whoismeanyway

newbie

Activity: 23

Merit: 1

Quote from: MasterGool on July 22, 2024, 04:49:59 AM

Just updated mine, no issue. Still up and mining

Their technical department is not trained well. They answered me "we dont have any firmware update since last year, where did you get the update?" Cheesy

Really frustrating situation.

Did you got any problems with Braiins pools yesterday? Huh

MasterGool

newbie

Activity: 3

Merit: 0

Just updated mine, no issue. Still up and mining

whoismeanyway

newbie

Activity: 23

Merit: 1

Quote from: CanaanInc. on July 20, 2024, 08:53:00 PM

Dear Valued Customers,

Thank you for your continued support of Canaan and the Avalon Nano 3.

Since its launch, the Avalon Nano 3 has achieved impressive sales volumes and received a positive market response. This success has reinforced our confidence in contributing to the construction of the decentralized Bitcoin network.

Earlier this month, some vigilant community members reported potential security issues with the Avalon Nano 3. Our technical department promptly analyzed and evaluated these concerns. Through comprehensive analysis, we discovered a vulnerability in some of the Nano’s backend web pages related to unverified login credentials. Malicious Trojan programs within the LAN could exploit this vulnerability to submit mining pool configuration information to http:///get_home.cgi via the POST command, thereby stealing computing power. In response, we swiftly developed the necessary firmware updates and provided guidelines for using the Avalon Nano 3 in a secure network environment.

After urgent development and deployment efforts, the latest firmware version and Avalon Remote App were released on July 19, 2024. We request all Avalon Nano 3 users to update their Remote App to the latest version available on the Apple App Store and Google Play Store, and use it to upgrade the firmware on all Nano 3 devices in their local area network.

We sincerely thank our customers for their prompt feedback, which has been invaluable, and we've learned a lot. We are committed to continuously inspecting, analyzing, and enhancing the security of our products.

In designing the Nano, we have always respected user privacy and have not included any intentional backdoor programs. Starting in December, we will gradually open-source relevant programs and release open-source firmware to ensure enhanced security and transparency.

Additionally, we are offering a compensation plan for all customers who purchased the Avalon Nano 3 before July 19, 2024. Each Avalon Nano 3 will be eligible for a $10 coupon from the Canaan official store. Details on how to apply for this coupon will be provided in the next version of the Remote App. Please stay updated with the app for further information.

We firmly believe that the development of a decentralized network relies on the collective efforts of all blockchain participants. As a member of this community, Canaan remains dedicated to expanding the influence of blockchain technology, increasing the number of participants, and providing more convenient and user-friendly methods for blockchain engagement. Once again, we thank all our customers for their support, feedback, and encouragement. We will continue to strive to deliver better products to you.

Yours sincerely,
The Canaan Team

After your latest firmware update for Nano 3 my device is bricked, no Hash no nothing. Made factory reset, changed adapter, pools, nothing. Before that was working ok.

whoismeanyway

newbie

Activity: 23

Merit: 1

[/quote]

I download this firmware file to update my nano 3 but now bricked it and not hashing anymore. I need proper firmware file to update and fix my nano 3.
Anyone can help me please?
[/quote]

Same to me since yesterday. What a mess. I emailed them.

CanaanInc.

newbie

Activity: 4

Merit: 5

Dear Valued Customers,

Thank you for your continued support of Canaan and the Avalon Nano 3.

Since its launch, the Avalon Nano 3 has achieved impressive sales volumes and received a positive market response. This success has reinforced our confidence in contributing to the construction of the decentralized Bitcoin network.

Earlier this month, some vigilant community members reported potential security issues with the Avalon Nano 3. Our technical department promptly analyzed and evaluated these concerns. Through comprehensive analysis, we discovered a vulnerability in some of the Nano’s backend web pages related to unverified login credentials. Malicious Trojan programs within the LAN could exploit this vulnerability to submit mining pool configuration information to http:///get_home.cgi via the POST command, thereby stealing computing power. In response, we swiftly developed the necessary firmware updates and provided guidelines for using the Avalon Nano 3 in a secure network environment.

After urgent development and deployment efforts, the latest firmware version and Avalon Remote App were released on July 19, 2024. We request all Avalon Nano 3 users to update their Remote App to the latest version available on the Apple App Store and Google Play Store, and use it to upgrade the firmware on all Nano 3 devices in their local area network.

We sincerely thank our customers for their prompt feedback, which has been invaluable, and we've learned a lot. We are committed to continuously inspecting, analyzing, and enhancing the security of our products.

In designing the Nano, we have always respected user privacy and have not included any intentional backdoor programs. Starting in December, we will gradually open-source relevant programs and release open-source firmware to ensure enhanced security and transparency.

Additionally, we are offering a compensation plan for all customers who purchased the Avalon Nano 3 before July 19, 2024. Each Avalon Nano 3 will be eligible for a $10 coupon from the Canaan official store. Details on how to apply for this coupon will be provided in the next version of the Remote App. Please stay updated with the app for further information.

We firmly believe that the development of a decentralized network relies on the collective efforts of all blockchain participants. As a member of this community, Canaan remains dedicated to expanding the influence of blockchain technology, increasing the number of participants, and providing more convenient and user-friendly methods for blockchain engagement. Once again, we thank all our customers for their support, feedback, and encouragement. We will continue to strive to deliver better products to you.

Yours sincerely,
The Canaan Team

joker_josue

legendary

Activity: 1722

Merit: 4711

**In BTC since 2013**

Quote from: CoinMLS on July 17, 2024, 09:46:20 AM

The power supplies are now available on the Canaan website. Unfortunately the shipping to the US makes them pretty pricey unless you're ordering multiples.

Which is too expensive for the power supplies or the miner?
If it is the power supplies, it is more worthwhile to buy these power supplies from an electronics company in the USA.

CoinMLS

jr. member

Activity: 192

Merit: 1

The power supplies are now available on the Canaan website. Unfortunately the shipping to the US makes them pretty pricey unless you're ordering multiples.

brontolo10

jr. member

Activity: 58

Merit: 10

Welcome here Canaan !!! Wink

B10

CanaanInc.

newbie

Activity: 4

Merit: 5

We sincerely thank you for your feedback regarding the relevant security issues. Your feedback will help make the Avalon Nano 3 better and better. We apologize for the problem that occurred. Upon seeing your tweet, we immediately gathered our R&D Team to analyze and evaluate the relevant issues.

1. We discovered that the Nano's web backend had an issue where the login username and password were not verified. Malicious trojans in the local network could exploit this vulnerability to submit mining pool configuration information through a POST command to http:///get_home.cgi without logging in, thus stealing hash power. We have started developing the necessary firmware and expect to fix this vulnerability and release the new firmware by July 19.

2. The Nano's design purpose is relatively simple. It runs on a real-time operating system (FreeRTOS), which is not a complex professional network device and is only suitable for secure home intranets. We recommend enabling the router's firewall and not mapping the Nano host to a public IP address to prevent external hackers from directly accessing the Nano. It is also necessary to regularly check for malicious programs in the home network environment. In safe network environments without trojans, such as non-hotel or library public networks, the Nano is secure.

3. In the design of Nano, we respect users' privacy and will never set any backdoor programs. Canaan's products and services are always subject to local and international regulations regarding cybersecurity and data privacy. Canaan remains transparent by disclosing our source codes and encourages industry monitoring of potential vulnerabilities. We are committed to continually improving our products and services.

4. Starting in December, we will gradually open-source the relevant programs and release open-source firmware to ensure that all programs have better security and are compilable.

5. We appreciate every customer's understanding and support. The sales of Nano 3 have far exceeded our expectations, which is due to our customers' high expectations and recognition of us. We are very sorry for the issues that have arisen. Therefore, we will launch a compensation plan together with the release of the new firmware.

Please join our official telegram group https://t.me/Canaanio

Quote from: Rent_a_Ray on May 28, 2024, 12:20:00 PM

There is probably a backdoor in the firmware. An attacker can change the custom root password (no, it's not root in my case, it's a complex one) or there is a manufacturer password. Stay behind your firewall and do not open any ports to the outside.

Furthermore, the current firmware file 2024032701_110811(Download at Canaan offical) https://www.canaan.io/tmp/file/heaternano3slaverk2102024032701110811-61ee.zip does not make any visible changes and worse, does not change the firmware version in the API or the web backend.

http:///get_home.cgi

API data can be accessed without a password. For example, the Wifi SSID, the mining address, firmware, temperature, pool and so on.
My pool address changed several times. Always directed to https://web.public-pool.io/#/ with changing receiving addresses, but with my own worker name (after the .)

Be careful.

However, one thing is quite funny: the hacker or bot relies on solo mining. Not a good source of income. Grin

hawer357

member

Activity: 182

Merit: 32

Coin, Coin, Bitcoin

Quote from: joker_josue on July 15, 2024, 03:11:33 PM

Quote from: hawer357 on July 15, 2024, 06:21:01 AM

Thank you very much. Did this come via Indiegogo, do you have a link?

You can find it here: https://www.indiegogo.com/projects/avalon-nano-3-blockchain-smart-home#/

But, at this moment, I don't know if it's worth buying via indiegogo, since it's already possible to buy on the official website.

I was actually surprised where the above info is coming from. I already have an Avalon Nano 3, I wouldn't buy an other one, but I wasn't able to find the info you quoted above.

joker_josue

legendary

Activity: 1722

Merit: 4711

**In BTC since 2013**

Quote from: hawer357 on July 15, 2024, 06:21:01 AM

Thank you very much. Did this come via Indiegogo, do you have a link?

You can find it here: https://www.indiegogo.com/projects/avalon-nano-3-blockchain-smart-home#/

But, at this moment, I don't know if it's worth buying via indiegogo, since it's already possible to buy on the official website.

hawer357

member

Activity: 182

Merit: 32

Coin, Coin, Bitcoin

Quote from: jeyzeus on July 09, 2024, 11:54:07 AM

To all the people that acted like it was "just me" here's the official word from Canaan:

We sincerely thank you for your feedback regarding the relevant security issues. Your feedback will help make the Avalon Nano 3 better and better. We apologize for the problem that occurred. Upon seeing your tweet, we immediately gathered our R&D Team to analyze and evaluate the relevant issues.

1. We discovered that the Nano's web backend had an issue where the login username and password were not verified. Malicious trojans in the local network could exploit this vulnerability to submit mining pool configuration information through a POST command to http:///get_home.cgi without logging in, thus stealing hash power. We have started developing the necessary firmware and expect to fix this vulnerability and release the new firmware by July 19.

2. The Nano's design purpose is relatively simple. It runs on a real-time operating system (FreeRTOS), which is not a complex professional network device and is only suitable for secure home intranets. We recommend enabling the router's firewall and not mapping the Nano host to a public IP address to prevent external hackers from directly accessing the Nano. It is also necessary to regularly check for malicious programs in the home network environment. In safe network environments without trojans, such as non-hotel or library public networks, the Nano is secure.

3. In the design of Nano, we respect users' privacy and will never set any backdoor programs. Canaan's products and services are always subject to local and international regulations regarding cybersecurity and data privacy. Canaan remains transparent by disclosing our source codes and encourages industry monitoring of potential vulnerabilities. We are committed to continually improving our products and services.

4. Starting in December, we will gradually open-source the relevant programs and release open-source firmware to ensure that all programs have better security and are compilable.

5. We appreciate every customer's understanding and support. The sales of Nano 3 have far exceeded our expectations, which is due to our customers' high expectations and recognition of us. We are very sorry for the issues that have arisen. Therefore, we will launch a compensation plan together with the release of the new firmware.

tl;dr they're releasing a new firmware for this within 1-2 weeks. after December, they plan on open sourcing the relevant firmware.

There's a vulnerability in the miner that can allow a trojan to override the the mining pool info without the proper credentials

Thank you very much. Did this come via Indiegogo, do you have a link?

jeyzeus

member

Activity: 82

Merit: 52

To all the people that acted like it was "just me" here's the official word from Canaan:

We sincerely thank you for your feedback regarding the relevant security issues. Your feedback will help make the Avalon Nano 3 better and better. We apologize for the problem that occurred. Upon seeing your tweet, we immediately gathered our R&D Team to analyze and evaluate the relevant issues.

1. We discovered that the Nano's web backend had an issue where the login username and password were not verified. Malicious trojans in the local network could exploit this vulnerability to submit mining pool configuration information through a POST command to http:///get_home.cgi without logging in, thus stealing hash power. We have started developing the necessary firmware and expect to fix this vulnerability and release the new firmware by July 19.

2. The Nano's design purpose is relatively simple. It runs on a real-time operating system (FreeRTOS), which is not a complex professional network device and is only suitable for secure home intranets. We recommend enabling the router's firewall and not mapping the Nano host to a public IP address to prevent external hackers from directly accessing the Nano. It is also necessary to regularly check for malicious programs in the home network environment. In safe network environments without trojans, such as non-hotel or library public networks, the Nano is secure.

3. In the design of Nano, we respect users' privacy and will never set any backdoor programs. Canaan's products and services are always subject to local and international regulations regarding cybersecurity and data privacy. Canaan remains transparent by disclosing our source codes and encourages industry monitoring of potential vulnerabilities. We are committed to continually improving our products and services.

4. Starting in December, we will gradually open-source the relevant programs and release open-source firmware to ensure that all programs have better security and are compilable.

5. We appreciate every customer's understanding and support. The sales of Nano 3 have far exceeded our expectations, which is due to our customers' high expectations and recognition of us. We are very sorry for the issues that have arisen. Therefore, we will launch a compensation plan together with the release of the new firmware.

tl;dr they're releasing a new firmware for this within 1-2 weeks. after December, they plan on open sourcing the relevant firmware.

There's a vulnerability in the miner that can allow a trojan to override the the mining pool info without the proper credentials

jeyzeus

member

Activity: 82

Merit: 52

Quote from: wolverine5pl on July 07, 2024, 04:05:20 PM

honestly no one having issue with unable to log back to webgui??

I had an issue logging in via the web gui after my unit was hacked.

If you wanna reset your miner to default settings & password, then open the Avalon remote app and remote the miner.

Disconnect the miner.

Then power it back on and press the FUNC function key (before the indicator flashes red), for five seconds until the white light flashes to indicate success. Then press RESET or disconnect the power to restart. Then add back all of the network credentials via the app, then connect to the web gui.

You might need to a couple of factory resets for the login credentials to revert back too root/root

whoismeanyway

newbie

Activity: 23

Merit: 1

Quote from: wolverine5pl on July 07, 2024, 04:05:20 PM

honestly no one having issue with unable to log back to webgui??

try a different browser, also check if something running in the background blocks the page to get refreshed.Otherwise try a plugin to do that.

Also delete cache and history.

brontolo10

jr. member

Activity: 58

Merit: 10

Hi,
Now available PSU on Canaan Shop here

https://shop.canaan.io/products/adaptor-for-nano-us?VariantsId=10406

B10

hawer357

member

Activity: 182

Merit: 32

Coin, Coin, Bitcoin

Quote from: wolverine5pl on July 07, 2024, 04:05:20 PM

honestly no one having issue with unable to log back to webgui??

Honestly, the UI is crap. On my device, I chanced the login password and it never accepted it. It still is the default one. Many functions are broken on the UI. Showing always same Hash rate, no valid JSON response, etc. etc.

If I were you, I would try finding the old firmware and reflash the device. How about support from Canaan?

whoismeanyway

newbie

Activity: 23

Merit: 1

Hi there! Just ordered a second Nano. After I will add it to my app, will I use the same credentials for the pool to add it with the first?

wolverine5pl

sr. member

Activity: 437

Merit: 250

honestly no one having issue with unable to log back to webgui??

Topic: Avalon Nano 3 [unofficial thread] - page 8. (Read 7787 times)