Owl Labs Security Hub
At Owl Labs we are committed to providing industry-leading and secure products and services to our customers. We welcome and encourage reports from external sources that are concerned with security. Owl Labs defines a security vulnerability as an unintended weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of our products.
If you believe you have uncovered a potential security vulnerability with any of Owl Labs’ products, software or systems, we look forward to receiving your report through our Bugcrowd platform directly, or by using the below submission form. Our dedicated team will investigate your report and contact you as soon as possible. We appreciate your help in disclosing the issue to us responsibly.
For other information:
Privacy: To learn more about the privacy and security features of our products, please see our Privacy and Security support site for commonly asked questions, or you can review our Privacy Policy
Security: To contact the Owl Labs Security Team, email us at security@owllabs.com
Product: If you have a question about your Owl Labs products, please contact support
Protocol: Click here to view Owl Labs' Security Protocol
Submit Report
Using the form below, you are about to submit a report to Owl Labs. Please provide all detailed information available about the potential issue you have discovered. The more information you provide, the quicker we will be able to validate the issue.
Owl Labs Security Protocol
The recommended patch level with security update is 6.3.
Owl Labs web applications use HTTPS with TLS 1.2 and above with key strength AES 256 SHA 256.
Owl Labs IOT devices use MQTT protocol and TLS 1.2 with encryption key minimum AES 128 SHA 256.
The over the air update package (OTA update) is encrypted using TLS 1.2 and key strength RSA 2048 SHA 256.
When connecting to the device through bluetooth connection, the desktop, mobile application and Device bluetooth uses app level encryption using AES256 GCM key.
Owl Connect uses WPA2 CCMP which is AES 128 encryption using Pre-Shared key (PSK) per each secondary device using 256 bits.
Owl Labs devices never record, collect, transmit or store any video or audio data from any meetings.
When connected to WiFi, the MQTT connection sends meeting-related device specific analytics to the AWS Cloud including length of meetings and number of meetings.
Owl Connect uses its own WiFi network to communicate between two or three Owl Labs devices. The WiFi network is a private network created among the Owl Labs devices. It does not use corporate WiFi to establish a wireless connection between Owl Labs devices. The protocol and keys are WPA2 CCMP which is AES 128 encryption using Pre-Shared Key (PSK ) per each secondary device using 256 bits.
All the public-facing sites and MQTT uses TLS 1.2 and AES keys. Which meets FIPS 140-2 FIPS Standards.