Menu List

<
Additional Information
Specifications
Cautions on Use
Care and Storage
Safety Precautions
Trademarks
Security Threats

Security Threats

Necessary preparations

Images and video files stored on the RICOH THETA X are important information assets and require appropriate security measures to reduce the risk of information leaks and unauthorized use. To ensure safe use, the operating environment and equipment must be properly configured according to the user's information security policy.

Means of Control

THETA can be controlled via wireless LAN, wired LAN, LTE dongle, USB, Bluetooth®, and buttons/touch panels on the main unit. The security risks for each of these are as follows

Specifications
Control Method Initialization Risk Starting Procedure
Wireless LAN AP (access point) mode OFF SSID and encryption key can be used to remotely connect and control the device, which requires proper management. Enable the function before connecting from the device.
Wireless LAN CL (Client) Mode OFF Even if Digest Authentication is set, proper management is required because the user name and password can be controlled via WebAPI if they are compromised. Enable the function after making the necessary settings for connection using the API.
Wired LAN OFF As with wireless LAN (CL mode), proper management is required. A wired LAN adapter must be connected to the USB port.
LTE Dongle OFF Remote control using WebAPI is not possible. LTE dongle must be connected to the USB port.
USB(MTP) ON Connect to a PC via USB cable to retrieve images and video files stored on THETA. Please note the operating environment. Connection via USB cable capable of data transmission is required.
USB(UVC) OFF Video and audio can be acquired from THETA by connecting to a PC with a USB cable. Pay attention to the operating environment. Requires activation of the function and connection with a USB cable capable of data communication.
Bluetooth® (Low Energy)
(Low Energy)
OFF (~v2.00)
ON(v2.00~)
Communication via NumericComparison or proprietary authentication procedures is available. Please note the environment in which the device is used, as the connection can be allowed by operating the device and information can be acquired via BLEAPI. Connection from the device is required.
Bluetooth® (Classic)
(Classic)
OFF(~v2.00)
ON(v2.00~)
Allows connection to devices with specific profiles. Registration is required from the touch panel on the main unit.
Operation Buttons No Lock The power button turns power on and off, and the touch panel turns wireless LAN and Bluetooth® on and off. Settings can also be reset. Please pay attention to the operating environment. Power ON

The configuration ranges and procedures related to each operating method are as follows

Wireless LAN

Wireless LAN can be set to OFF, AP mode, or CL mode. Wireless LAN is turned off in Sleep mode.

How to use Wireless LAN Settings

Swipe the shooting screen from top to bottom and tap the wireless LAN icon to turn wireless LAN off and on.
By selecting [Client Mode], you can enable the client mode. You can also use the API to select the mode.
By selecting [Wireless Power Saving Settings], [Speed Priority (MIMO)] and [Power Saving Priority (SISO)] can be selected.

Setting Value
Set value Default value Setting Method Description
Network type OFF WebAPI Options._networkType Network type to use
MTPAPI 0xD81D NetworkType
BLEAPI Set network type
Set Options
Wireless LAN antenna settings MIMO (from 2.70)
SISO(~2.70)
WebAPI Options._wlanAntettaConfig
Switch between SISO and MIMO
MTPAPI N/A
BLEAPI Set Options

AP (Access Point) Mode

AP (Access Point) Mode
Network Interface Wireless LAN
1.WPA2-Personal
2.Encryption method: AES
3.Wireless LAN mode: Access Point
The default specifications are as follows
SSID: ""THETA""+""serial number""+"".OSC"""
Encryption key (passphrase): Random 8-digit string (some models after v3.50)
Encryption key (passphrase): last 8 digits of serial number
The encryption key can be checked from [Communication Information] with AP mode enabled.
Service Protocol HTTP
Service Protocol Authentication Method None
Service Protocol Encryption Method None
Provided Services The Web API specification is available at
https://docs-theta-api.ricoh360.com/web-api/index.html
How to use Connecting in AP mode
  1. Turn on the THETA and operate the touch panel to switch to AP mode.
  2. Search for the THETA's SSID (by default, the THETA's serial number (2 letters + 8 digits) + .OSC) from the device you are using.
  3. Connect to THETA's SSID from the device you are using. At this time, you will need to enter the encryption key.
Setting value
Setting value Initial value Setting Method Description
SSID Serial number (2 alphabetic characters + 8 digits) + .OSC WebAPI Options._ssid
Can be set/obtained in WLAN AP mode
Name to identify the THETA's WLAN
MTPAPI N/A
BLEAPI Set Options
Encryption Key (Passphrase) Set per device WebAPI Options.wifiPassword
Encryption key can be set
Options._defaultWifiPassword
Allows you to retrieve the factory default encryption key
Encryption key used when connecting in AP mode
Can be changed using the RICOH360 Smartphone App

Passwords can be set to a length of eight digits, but this makes them vulnerable to brute force attacks. Please take measures such as making the password longer or selecting characters from multiple sets, including uppercase and lowercase letters, numbers, and special characters.
MTPAPI 0xD806 Passphrase
BLEAPI Set Options
Allows you to set the encryption key
Get Options
Allows you to retrieve the factory default encryption key
Read WLAN password state
Allows you to retrieve the encryption key update status
Frequency setting 2.4GHz WebAPI Options._wlanFrequency
Can be set/retrieved in WLAN AP mode
Can be retrieved in WLAN CL mode
Frequency setting used in AP mode
MTPAPI 0xD821 Wlan Frequency
BLEAPI Set Options

CL (Client) mode: Control via WebAPI

Specification
Network Interface Wireless LAN
1.Authentication Method: none, WEP, WPA/WPA2-PSK
2.Encryption method: AES
3.Wireless LAN mode: Client(Station)
SSID and password of the access point to be connected must be set.
Wired LAN (USB-LAN adapter) 1.Authentication Method: none, WEP, WPA/WPA2-PSK
2.Encryption method: AES
Service Protocol HTTP
Detect the camera IP address using mDNS
Service Protocol Authentication Method HTTP Digest Access Authentication
Service Protocol Encryption Method None
Provided Services The Web API specification is available at
https://docs-theta-api.ricoh360.com/web-api/index.html
How to use Connect in wireless LAN CL mode

When controlling via the API, digest authentication settings are required. It is also necessary to configure settings according to the network used.
When using the wireless LAN CL mode, information on the router to be connected must be registered. These settings must be configured using wireless LAN or BLE or MTP. Router information can also be registered by operating the unit.

When using wireless LAN (AP mode)

  1. Connect in AP mode.
  2. Set the user name and password for digest authentication.
  3. Set the frequency band to be used.
  4. Register the router to be connected.

When setting up via Bluetooth® (standard)

  1. Turn on the THETA.
  2. Search for Bluetooth® (8-digit alphanumeric code) from the device to be used.
  3. When connecting from the device, a 6-digit PIN code will appear on both the device and the THETA, make sure both are the same and select OK.
    • Depending on the device, you may be asked for permission to connect before the PIN code is displayed.
  4. Set the user name and password for Digest Authentication.
  5. Register the router to be connected.
    (A) Register router information directly (using Camera Control Command v2).
    (B) Detect the router with THETA (using WLAN Control Command v2)

When setting up via MTP

  1. Turn on the THETA.
  2. Connect to PC via USB.
  3. Set the user name and password for digest authentication.
  4. (The router to be connected via MTP cannot be registered.

When setting up router information using the THETA

  1. Turn on the THETA.
  2. Swipe the shooting screen from top to bottom.
  3. Select [Client Mode] and then [ON].
  4. Select the router you wish to connect to.
    • If you select [Add Network], you can also register using the information scanned from the QR code.
  5. Enter the password. Tap [Aa1#] in the lower left corner to change the input character. <>Use <> to move to the next character.
  6. When you have finished entering (selecting) the password, tap [Connect] in the upper right corner.
Set value
Set value Initial value Setting Method Description
Authentication method digest WebAPI N/A Authentication method used in CL mode
MTPAPI N/A
BLEAPI N/A
Digest Authentication User Name THETA+ serial number (2 alphabetic characters + 8 digits) WebAPI Options._username
Can be set in WLAN AP mode
User name used for digest authentication
MTPAPI 0xD815 Username
BLEAPI Set Options
Digest Authentication Password Not set or 8 digits of serial number (2 alphabetic characters + 8 digits) WebAPI Options._password
Can be set in WLAN AP mode
Password to be used for Digest Authentication.
Cannot be used unset.

Passwords can be set to a length of eight digits, but this makes them vulnerable to brute force attacks. Please take measures such as making the password longer or selecting characters from multiple sets, including uppercase and lowercase letters, numbers, and special characters.
MTPAPI 0xD816 Password
BLEAPI Set Options
Access Point Information Not set WebAPI camera.setAccessPoint
Can be set in WLAN AP mode
Information on access point (router) to be connected in WLAN CL mode
MTPAPI N/A
BLEAPI Set Access Point
Proxy Information Not set WebAPI camera.setAccessPoint
Proxy information to connect in wireless LAN CL mode
MTPAPI N/A
BLEAPI N/A

Wired LAN

How to use Connected via wired LAN

When controlling via API, digest authentication settings are required. Settings must also be made according to the network used.
These settings must be made using wireless LAN or BLE (standard/proprietary specifications) or MTP.
Also, swipe the shooting screen from top to bottom and set [USB Power Settings] to [Automatic].
After completing the settings, connect the wired LAN adapter and connect it to the router with a wired LAN cable.

When setting up in wireless LAN (AP mode)

  1. Connect in AP mode.
  2. Set user name and password for Digest Authentication.
  3. Set the wired LAN connection configuration if necessary.

When configuring via Bluetooth® (standard)

  1. Turn on the THETA.
  2. Search for Bluetooth® (8-digit alphanumeric code) from the device to be used.
  3. When connecting from the device, a 6-digit PIN code will appear on both the device and the THETA, make sure both are the same and select OK.
    • Depending on the device, you may be asked for permission to connect before the PIN code is displayed.
  4. Set the user name and password for Digest Authentication.
  5. Set the wired LAN connection configuration if necessary.

When configuring via MTP

  1. Turn on the THETA.
  2. Connect to a PC via USB.
  3. Set the user name and password for Digest Authentication.
  4. Wired LAN connection configuration cannot be set via MTP.
Setting value
Set value Default value Setting Method Description
Wired LAN connection settings ipAddressAllocation="dynamic" WebAPI Options._ethernetConfig
Can be set/retrieved in WLAN AP/CL mode
Configuration for wired LAN connection
MTPAPI N/A
BLEAPI N/A
Authentication method digest WebAPI N/A Authentication method used in CL mode
MTPAPI N/A
BLEAPI N/A
Digest Authentication User Name THETA+ serial number (2 alphabetic characters + 8 digits) WebAPI Options._username
Can be set in WLAN AP mode
User name used for digest authentication
MTPAPI 0xD815 Username
BLEAPI Set Options
Digest Authentication Password Not set or 8 digits of serial number (2 alphabetic characters + 8 digits) WebAPI Options._password
Can be set in WLAN AP mode
Password to be used for Digest Authentication.
Cannot be used unset.

Passwords can be set to a length of eight digits, but this makes them vulnerable to brute force attacks. Please take measures such as making the password longer or selecting characters from multiple sets, including uppercase and lowercase letters, numbers, and special characters.
MTPAPI 0xD816 Password
BLEAPI Set Options

CL (Client) Mode: Controlled by RICOH360 Cloud

Specifications of RICOH360 Cloud
Network Interface Wireless LAN
1.Authentication Method: none, WEP, WPA/WPA2-PSK
2.Encryption method: AES
3.Wireless LAN mode: Client(Station)
SSID and password of the access point to be connected must be set.
Wired LAN (USB-LAN adapter)
4G LTE (USB-LTE adapter)
Tethering connection
1.Authentication Method: none, WEP, WPA/WPA2-PSK
2.Encryption method: AES
Service Protocol MQTT
Service Protocol Authentication Method MQTT connection with mutual TLS(mTLS) authentication
Service Protocol Encryption Method TLS
How to use

https://support.ricoh360.com/manual/x-ricoh360-app-upload-02?apps=ricoh360-app

CL (Client) mode: live streaming

Specifications
Network Interface Wireless LAN
1.Authentication Method: none, WEP, WPA/WPA2-PSK
2.Encryption method: AES
3.Wireless LAN mode: Client(Station)
SSID and password of the access point to be connected must be set.
Wired LAN (USB-LAN adapter)
4G LTE (USB-LTE adapter)
Tethering connection
1.Authentication Method: none, WEP, WPA/WPA2-PSK
2.Encryption method: AES
Service Protocol WebRTC
WebSocket-TLS
Service Protocol Authentication Method JWT
Service Protocol Encryption Method TLS, SRTP, TLS
Methods in use

In preparation

Mobile network (LTE dongle)

How to use Connecting via mobile network

Connect the LTE dongle and use the main unit menu to configure mobile network settings as needed.

Bluetooth®

Bluetooth® Low Energy (BLE) and Bluetooth® Classic are controlled simultaneously. Bluetooth® Classic is enabled by default; to control THETA, you must be connected via BLE.
Note that Bluetooth® Classic is turned off in sleep mode.

Specifications
Interface Bluetooth® Low Energy
1. Profile: GATT
2. Security: Some models have multiple connections.
BLE(standard)
- BLE Security mode 1
- BLE Security Connections level4
- Numeric Comparison Pairing (Bluetooth® standard 4.2 or higher)
* Supports characteristics that correspond to BLE Security mode 1/BLE Security Connections level 4.
BLE(proprietary) :Used only by RICOH smartphone apps
- BLE Security mode 1
- RICOH proprietary pairing
3. BLE mode: Peripheral
Service Protocol GATT
Service Protocol Authentication Method BLE(standard)
    FIPS, Numeric Comparison Pairing
BLE(proprietary) :Used only by RICOH smartphone apps
    RICOH proprietary pairing
Service Protocol Encryption Method BLE(standard)
    AES-CCM
BLE(proprietary) :Used only by RICOH smartphone apps
    None
Provided Services The Bluetooth® API specification is available at
https://docs-theta-api.ricoh360.com/bluetooth-api/
Camera control command v2 service
WLAN Control Command service
WLAN Control Command v2 service
Registration to RICOH360 Cloud can only be performed with RICOH applications.
Usage Connect via Bluetooth®: BLE(standard)

BLE/Bluetooth® Classic is enabled by default (v2.00~).
If disabled, it must be enabled using the API or by operating the main unit. The THETA can be controlled as a peripheral device by following the steps below.


  1. Turn on the THETA.
  2. Swipe the shooting screen from top to bottom and tap the Bluetooth® icon to enable Bluetooth®.
  3. Search for the THETA (the last 8 digits of the serial number) via Bluetooth® from the device you are using.
  4. Once connected from the device, a 6-digit PIN code will appear on both the device and the THETA, make sure both are the same and select OK.
    • Some devices may ask permission to connect before the PIN code is displayed.

When connecting an external device such as a headset or remote controller, the device must be connected using the unit's controls.



Connecting via Bluetooth®: BLE(proprietary)

BLE/Bluetooth® Classic is enabled by default (v2.00~).
If disabled, it must be enabled using the API or by operating the unit. The THETA can be controlled as a peripheral device when connected according to the following procedure.


  1. Turn on the THETA.
  2. Swipe the shooting screen from top to bottom and tap the Bluetooth® icon to enable Bluetooth®.
  3. Connect from the RICOH Smartphone App.
  4. A connection permission request from the app will be displayed, allow it.

To connect an external device such as a headset or remote controller, the device must be connected via the unit's operation.


Setting value
Setting value Initial value Setting method Description
Bluetooth® status OFF(~v2.00)
ON(v2.00~)
WebAPI Options._bluetoothPower
Can be set/obtained in WLAN AP/CL mode
Enables/disables Bluetooth® switching
MTPAPI N/A
BLEAPI Set Options

USB

Specifications
InterfaceCompliant with the following standards:  
    USB Spec.3.2 super speed standard
    USB2.0 High speed standard
Service Protocol MTP (Media Transfer Protocol)
UVC (USB Video Class)
Service Protocol Authentication Method None
Service Protocol Encryption Method None
Provided Services The MTP API specification is available at
https://d ocs-the ta-api.ricoh360.com/usb-api/
How to use Connecting via USB

When controlling via USB, it must be determined whether the device is to be used as an MTP device or a UVC device.

When setting up via button operation

  1. Turn on the THETA power.
  2. Connect to a PC with a USB cable.
  3. Press the Mode button to switch between still image, movie, and live streaming (UVC).
    • Swipe the shooting screen from top to bottom and set [Auto Switch Live Streaming] to [On] to automatically switch to UVC when connected to a PC.

Operating Device

Operation of the unit's power button, mode button, and touch panel cannot be inhibited.

Device Settings

Location and date/time information is recorded on images and videos. These settings affect the integrity of the information.

Location Information

You can specify whether to add location information to images and videos. If positioning is not possible with the built-in GPS, location information can be set using the API.
The azimuth information acquired using the electronic compass is recorded in magnetic north.
When the icon is white, built-in GPS positioning is available.

Setting value
Setting value Default value Setting Method Description
Location Not set WebAPI Options.gpsInfo
Can be set/retrieved in WLAN AP/CL mode
Location information
MTPAPI 0xD801 GpsInfo
BLEAPI Set Options
Assign location information on WebAPI Options._gpsTagRecording
Can be set/retrieved in WLAN AP/CL mode
Select whether to add location information
MTPAPI 0xD832 GPStagRecording
BLEAPI Set Options

Date and time information

Allows you to set the date and time information for this product.
When date and time information is obtained from NTP, the time is also corrected, but the time zone is not.
The time zone can also be set by operating the main unit. Swipe down from the top of the shooting screen and select [Date/Time Settings].

Set value
Set value Default value Setting Method Description
Date, time, and time zone information 2021/01/01 00:00:00
WebAPI Options.dateTimeZone
Can be set/obtained in WLAN AP/CL mode
Date, time, and time zone information
MTPAPI 0x5011 DateTime
BLEAPI Set Options

Set power status

The API can be used to control the camera power. However, it is not possible to wake up the camera from a powered-off state.
The camera buttons can be used to control power on, sleep, and power off.

Setup Value
Setup Value Default value Setting Method Description
Power status OFF WebAPI Options._cameraPower
Can be set/retrieved in WLAN AP/CL mode
Set power status
MTPAPI 0x1013 PowerDown
0xD80E SleepMode
BLEAPI Set Options
Sleep mode setting ON WebAPI Options._powerSaving
Can be set/retrieved in WLAN AP/CL mode
Power saving mode enable/disable setting
MTPAPI N/A
BLEAPI Set Options
Sleep Mode Transition Time 180 (seconds)
WebAPI Options.sleepDelay
Can be set/obtained in WLAN AP/CL mode
Period of inactivity (in seconds) before entering sleep mode
MTPAPI 0xD803 SleepDelay
BLEAPI Set Options
Power off transition time 43200 (seconds)
WebAPI Options.offDelay
Can be set/retrieved in WLAN AP/CL mode
Period of inactivity from sleep mode to power off (60+ seconds in seconds)
MTPAPI 0xD81B AutoPowerOffDelaySec
BLEAPI Set Options

Device Log

The device logs at least 1000 events for critical information assets such as images and video files.
This log can be accessed via WebAPI.

How to get
API Name getEventLog
URL /log/eventLog/eventLog /log/eventLog
Content-Type Text/plain;
Charset Charset=UTF-8
method GET

Vulnerability Response

We recommend firmware updates to address software vulnerabilities. Firmware update information will be posted on our website and smartphone applications.
https://support.ricoh360.com/system-information

How to update the firmware

Please refer to the User's Manual for instructions on how to update the firmware.

Update using the RICOH360 Smartphone App

https://support.ricoh360.com/manual/x-ricoh360-app-firm-update-01

Update using the basic application for PCs

https://support.ricoh360.com/manual/x-update-02?apps=ricoh-theta

Update from RICOH360 Cloud

https://support.ricoh360.com/manual/ricoh360-web-08

Update via THETA itself

When connected via wireless LAN CL mode, wired LAN, or LTE dongle, the THETA can check for firmware updates. If an updated firmware is found, the update can be performed.
Swipe the shooting screen from top to bottom and select [Firmware Update] to check for firmware updates.

Deleting and initializing registered information

The connection information stored on the THETA main unit can be initialized by performing the following operations.
To delete the RICOH360 registration on the THETA main unit, delete it from the application.
Images and videos stored on the THETA main unit can also be deleted from a USB-connected PC.

THETA X
Registration information Initialization to factory defaults Reset settings Initialization of connection information Storage Format
API Swipe down from the top of the shooting screen to select/API Swipe down from the top of the screen to select/API Swipe down from the top of the shooting screen to select/API
Network Type Initialize ( OFF ) Initialize ( OFF ) N/A N/A
Wireless LAN Antenna Settings Initialize ( MIMO ) N/A N/A N/A
SSID Initialize Initialize N/A N/A
Encryption key (passphrase) Initialize Initialize N/A N/A
Frequency setting ( AP mode ) Initialize ( 2.4GHz ) Initialize ( 2.4GHz ) N/A N/A
Digest Authentication User Name Initialize Initialize N/A N/A
Digest Authentication Password Initialize Initialize N/A N/A
Access point information Initialize ( delete ) Initialize ( delete ) N/A N/A
Proxy information Initialize ( delete ) Initialize ( delete ) N/A N/A
Wired LAN connection settings Initialize Initialize N/A N/A
Mobile network settings Initialize N/A N/A N/A
Bluetooth® Status Initialize Initialize N/A N/A
Connection information with Bluetooth® peripherals Initialize ( delete ) N/A Initialize ( delete ) N/A
Connection information with Bluetooth® terminal Initialize N/A Initialize N/A
Location information set by API delete N/A N/A N/A
Assign location information Initialize ( ON ) Initialize ( ON ) N/A N/A
Date, time, and time zone information Initialize Initialize N/A N/A
Power saving mode setting Initialize ( ON ) Initialize ( ON ) N/A N/A
Sleep mode transition time Initialize Initialize N/A N/A
Power off transition time Initialize Initialize N/A N/A
Still image/video file Initialize ( delete ) N/A N/A Initialize ( delete )
Device log Initialize ( delete ) N/A N/A N/A
RICOH360 Registration Information Initialize ( delete ) N/A N/A N/A

Set value
Type of processing Operation Method Setting Method ( API )
Initialization to shipping state N/A WebAPI camera._initializeDevice
Can be set/obtained in WLAN AP/CL mode
MTPAPI N/A
BLEAPI N/A
Reset Settings Swipe down from the top of the shooting screen
Select [Reset Settings
WebAPI camera.reset
Can be set/retrieved in WLAN AP/CL mode
MTPAPI 0x1017 ResetDevicePropValue [*1].
BLEAPI N/A
Initialize connection information Swipe down from the top of the shooting screen and select
Select [Reset Connection Information
WebAPI camera._deleteAccessPoint [*2].
Can be set/obtained in WLAN AP/CL mode
MTPAPI N/A
BLEAPI N/A
FORMAT Swipe down from the top of the shooting screen to
Select [Format: Internal Memory] or
[Initialize: Card].
WebAPI camera.delete
Can be set/retrieved in WLAN AP/CL mode
MTPAPI 0x100B DeleteObject
BLEAPI N/A

[*1] Reset the DeviceProperties defined in the MTP.
[*2] Deletes access point information configured via API.

Supplementary Information