Security Threats
Images and video files stored on the RICOH THETA Z1 are important information assets and require appropriate security measures to reduce the risk of information leaks and unauthorized use. To ensure safe use, the operating environment and equipment must be properly configured according to the user's information security policy.
Means of Control
RICOH THETA Z1 (henceforth THETA) can be controlled via wireless LAN, wired LAN, USB, Bluetooth®, and buttons on the unit. The security risks for each of these are as follows
Specifications
| Means of control | Initial Configuration | Risk | Starting procedure |
| Wireless LAN AP (access point) mode | OFF | SSID and encryption key can be used to remotely connect and control the device, which requires proper management. | Enable the function before connecting from the device. |
| Wireless LAN CL (Client) Mode | OFF | Even if Digest Authentication is set, proper management is required because the user name and password can be controlled via WebAPI if they are compromised. | Configure the necessary settings for connection using the API before enabling the function. |
| Wired LAN | OFF | As with wireless LAN (CL mode), proper management is required. | A wired LAN adapter must be connected to the USB port. |
| USB(MTP) | ON | Connect to a PC via USB cable to retrieve images and video files stored on THETA; camera can also be controlled via MTP. Please note the operating environment. | Connection via USB cable capable of data transmission is required. |
| USB(UVC) | OFF | Video and audio can be acquired from THETA by connecting to a PC with a USB cable. Pay attention to the operating environment. | Requires activation of the function and connection with a USB cable capable of data communication. |
| Bluetooth® (Low Energy) (Low Energy) |
OFF (~v3.50) ON(v3.50~) |
Connection using WebAPI or direct access without authentication is available, and information acquisition is enabled by BLEAPI, so please pay attention to the operating environment. | Connection from the device is required. |
| Bluetooth® (Classic) (Classic) |
OFF | Connection to devices with specific profiles is available. | Requires plug-in. |
| Operation Buttons | No Lock | The power button turns power on and off, and the wireless button turns wireless LAN and Bluetooth® on and off. | Power ON |
Setting ranges and procedures related to each operation method are as follows
Wireless LAN
Wireless LAN can be set to OFF, AP mode, or CL mode. Wireless LAN is turned off in Sleep mode.
Wireless LAN is turned off when connected to a PC via USB cable. (~v3.50)
How to use
By pressing the WLAN button, you can switch between OFF, AP mode, and CL mode, in that order. The mode can also be selected using the API.
CL mode can be switched only when router information is set.
Configuration Value
| Configuration Value | Initial value | Setting Method | Description | |
| Network type | OFF | WebAPI | Options._networkType | Network type to use |
| MTPAPI | 0xD81D NetworkType | |||
| BLEAPI | Set network type |
|||
AP (Access Point) mode
Specification AP (Access Point) Mode
| Network Interface | Wireless LAN
1.WPA2-Personal 2.Encryption method: AES 3.Wireless LAN mode: Access Point The default specifications are as follows SSID: ""THETA""+""serial number""+"".OSC""" Encryption key (passphrase): Random 8-digit string Encryption key (passphrase): last 8 digits of the serial number The initial value of the encryption key can be checked by pressing the shutter release button for 2 seconds while holding down the WLAN button. (v3.50~) |
| Service Protocol | HTTP |
| Service Protocol Authentication Method | None |
| Service Protocol Encryption Method | None |
| Provided Services | The Web API specification is available at https://docs-theta-api.ricoh360.com/web-api/index.html |
How to use
- Turn on the THETA and press the WLAN button to switch to AP mode.
- Search for the THETA's SSID (by default, the THETA's serial number (2 alphabetic characters + 8 digits) + .OSC) from the device you are using.
- Connect to THETA's SSID from the device you are using. At this time, you will need to enter the encryption key.
Setting value
| Setting value | Initial value | Setting Method | Description | |
| SSID | Serial number (2 alphabetic characters + 8 digits) + .OSC | WebAPI | Options._ssid Can be set/obtained in WLAN AP mode |
Name to identify the THETA's WLAN |
| MTPAPI | N/A | |||
| BLEAPI | N/A | |||
| Encryption key (passphrase) | Set per device | WebAPI | Options.wifiPassword Encryption key can be set Options._defaultWifiPassword Allows you to get the factory default encryption key |
Encryption key used when connecting in AP mode Can be changed using the RICOH360 Smartphone App Passwords can be set to a length of eight digits, but this makes them vulnerable to brute force attacks. Please take measures such as making the password longer or selecting characters from multiple sets, including uppercase and lowercase letters, numbers, and special characters. |
| MTPAPI | 0xD806 Passphrase |
|||
| BLEAPI | Get Options Get the factory encryption key Read WLAN password state Get encryption key update status |
|||
| Frequency setting | 2.4GHz | WebAPI | Options._wlanFrequency Can be set/retrieved in WLAN AP mode Can be retrieved in WLAN CL mode |
Frequency setting used in AP mode |
| MTPAPI | 0xD821 Wlan Frequency |
|||
| BLEAPI | N/A | |||
CL (Client) mode: Control via WebAPI
Specifications
| Network Interface | Wireless LAN
1.Authentication Method: none, WEP, WPA/WPA2-PSK 2.Encryption method: AES 3.Wireless LAN mode: Client(Station) SSID and password of the access point to be connected must be set. Wired LAN (USB-LAN adapter ) 1.Authentication Method: none, WEP, WPA/WPA2-PSK 2.Encryption method: AES |
| Service Protocol | HTTP Detect the camera IP address using mDNS |
| Service Protocol Authentication Method | HTTP Digest Access Authentication |
| Service Protocol Encryption Method | None |
| Provided Services | The Web API specification is available at https://docs-theta-api.ricoh360.com/web-api/index.html |
How to use
When controlling via the API, digest authentication settings are required. It is also necessary to configure settings according to the network used.
When using the wireless LAN CL mode, information on the router to be connected must be registered. These settings must be configured using wireless LAN or MTP.
When setting up using wireless LAN (AP mode)
- Connect in AP mode.
- Set the user name and password for digest authentication.
- Set the frequency band to be used.
- Register the router to be connected.
When setting up with MTP
- Turn on the THETA.
- Connect to a PC via USB.
- Set the user name and password for digest authentication.
- Register the router to be connected.
Setup value
| Set value | Initial value | Setting Method | Description | |
| Authentication method | digest | WebAPI | N/A | Authentication method used in CL mode |
| MTPAPI | N/A | |||
| BLEAPI | N/A | |||
| Digest Authentication User Name | THETA+ serial number (2 alphabetic characters + 8 digits) | WebAPI | Options._username Can be set in WLAN AP mode |
User name used for digest authentication |
| MTPAPI | 0xD815 Username |
|||
| BLEAPI | N/A | |||
| Digest Authentication Password | Not set or 8 digits of serial number (2 alphabetic characters + 8 digits) | WebAPI | Options._password Can be set in WLAN AP mode |
Password to be used for Digest Authentication. Cannot be used unset. Passwords can be set to a length of eight digits, but this makes them vulnerable to brute force attacks. Please take measures such as making the password longer or selecting characters from multiple sets, including uppercase and lowercase letters, numbers, and special characters. |
| MTPAPI | 0xD816 Password |
|||
| BLEAPI | N/A | |||
| Access Point Information | Not set | WebAPI | camera.setAccessPoint Can be set in WLAN AP mode |
Information on the access point (router) to be connected in WLAN CL mode |
| MTPAPI | 0x99A5 SetAccessPoint |
|||
| BLEAPI | Set Access Point |
|||
| Proxy Information | Not set | WebAPI | camera.setAccessPoint |
Proxy information to connect in wireless LAN CL mode |
| MTPAPI | N/A | |||
| BLEAPI | N/A | |||
Wired LAN
How to use
When controlling via API, digest authentication settings are required. Settings must also be made according to the network used.
These settings must be made using wireless LAN or MTP.
After completing the settings, connect the wired LAN adapter and connect it to the router with a wired LAN cable.
When setting up using wireless LAN (AP mode)
- Connect in AP mode.
- Set user name and password for Digest Authentication.
- Set the wired LAN connection configuration if necessary.
When configuring with MTP
- Turn on the THETA.
- Connect to a PC via USB.
- Set the Digest Authentication user name and password.
- Set the wired LAN connection configuration if necessary.
Configuration Value
| Set value | Default value | Setting Method | Description | |
| Authentication method | digest | WebAPI | N/A | Authentication method used in CL mode |
| MTPAPI | N/A | |||
| BLEAPI | N/A | |||
| Digest Authentication User Name | THETA+ serial number (2 alphabetic characters + 8 digits) | WebAPI | Options._username Can be set in WLAN AP mode |
User name used for digest authentication |
| MTPAPI | 0xD815 Username |
|||
| BLEAPI | N/A | |||
| Digest Authentication Password | Not set or 8 digits of serial number (2 alphabetic characters + 8 digits) | WebAPI | Options._password Can be set in WLAN AP mode |
Password to be used for Digest Authentication. Cannot be used unset. Passwords can be set to a length of eight digits, but this makes them vulnerable to brute force attacks. Please take measures such as making the password longer or selecting characters from multiple sets, including uppercase and lowercase letters, numbers, and special characters. |
| MTPAPI | 0xD816 Password |
|||
| BLEAPI | N/A | |||
CL (Client) mode: Controlled by RICOH360 Cloud
Specifications
| Network Interface | Wireless LAN
1.Authentication Method: none, WEP, WPA/WPA2-PSK 2.Encryption method: AES 3.Wireless LAN mode: Client(Station) SSID and password of the access point to be connected must be set. Wired LAN (USB-LAN adapter) 1.Authentication Method: none, WEP, WPA/WPA2-PSK 2.Encryption method: AES |
| Service Protocol | MQTT |
| Service Protocol Authentication Method | MQTT connection with mutual TLS(mTLS) authentication |
| Service Protocol Encryption Method | TLS |
CL (Client) mode: live streaming
Specifications
| Network Interface | Wireless LAN
1.Authentication Method: none, WEP, WPA/WPA2-PSK 2.Encryption method: AES 3.Wireless LAN mode: Client(Station) SSID and password of the access point to be connected must be set. Wired LAN (USB-LAN adapter ) Tethering connection 1.Authentication Method: none, WEP, WPA/WPA2-PSK 2.Encryption method: AES |
| Service Protocol | WebRTC WebSocket-TLS |
| Service Protocol Authentication Method | JWT |
| Service Protocol Encryption Method | DTLS, SRTP, TLS |
Usage Method
In preparation
Bluetooth® (Bluetooth®)
Bluetooth® Low Energy (BLE) and Bluetooth® Classic are controlled independently; to control THETA, you must connect via BLE.
Specifications
| Interface | Bluetooth® Low Energy
1.Profile: GATT 2.Security: Some models have multiple connections. BLE(standard) - BLE Security mode 1 BLE(proprietary) :Used only by RICOH smartphone apps - BLE Security mode 1 - RICOH proprietary password 3. 3.BLE mode: Peripheral |
| Service Protocol | GATT |
| Service Protocol Authentication Method | BLE(standard) None BLE(proprietary) :Used only by RICOH smartphone apps RICOH proprietary password |
| Service Protocol Encryption Method | BLE(standard) None BLE(proprietary) :Used only by RICOH smartphone apps None |
| Provided Services | The Bluetooth® API specification is available at https://docs-theta-api.ricoh360.com/bluetooth-api/ Camera control command v2 service WLAN Control Command service WLAN Control Command v2 service Registration to RICOH360 Cloud can only be performed with RICOH applications. |
How to use
Connect via Bluetooth®: BLE(standard)BLE is enabled by default. (Disabled until v3.50~). If disabled, it must be enabled using the API or by operating the main unit.
The THETA can be controlled as a peripheral device by following the steps below.
- Turn on the THETA.
- Press and hold the WLAN button.
- Search for the THETA (the last 8 digits of the serial number) via Bluetooth® from the device to be used.
- Connect from the device.
If you are connecting a remote controller, you must connect the device with a plug-in.
Connect via Bluetooth®: BLE(proprietary)
Previously supported by RICOH Smartphone App.
Setting value
| Setting value | Initial value | Setting method | Description | |
| Bluetooth® status | OFF(~v3.50) ON(v3.50~) |
WebAPI | Options._bluetoothPower Can be set/obtained in WLAN AP/CL mode |
Enables/disables Bluetooth® switching |
| MTPAPI | N/A | |||
| BLEAPI | N/A | |||
USB
Specification
| Interface | Compliant with the following standards: USB Spec.3.2 super speed standard USB2.0 High speed standard |
| Service Protocol | MTP (Media Transfer Protocol) UVC (USB Video Class) |
| Service Protocol Authentication Method | None |
| Service Protocol Encryption Method | None | Provided Services | The MTP API specification is available at
https://docs-theta-api.ricoh360.com/usb-api/ |
How to use
When controlling via USB, it must be determined whether the device is to be used as an MTP device or a UVC device.
When setting up via button operation
- Turn on the THETA power.
- Connect to a PC with a USB cable.
- Press the Mode button to switch between still image, movie, and live streaming (UVC).
Operating Device
The operation of the unit's Power button, WLAN button, Shutter button, Mode button, and Fn button cannot be inhibited.
Device Settings
Location and date/time information is recorded in images and videos. These settings affect the integrity of the information.
Location Information
Location information added to images and videos can be set using the API; there is no built-in GPS.
Azimuth information acquired using an electronic compass is recorded in magnetic north.
Setting value
| Set value | Default value | Setting Method | Description | |
| Location | Not set | WebAPI | Options.gpsInfo Can be set/retrieved in WLAN AP/CL mode |
Location information |
| MTPAPI | 0xD801 GpsInfo | |||
| BLEAPI | N/A | |||
Date and time information
Allows you to set the date and time information for this product.
Set value
| Set value | Default value | Setting Method | Description | |
| Date, time, and time zone information | 01/01/2019 00:00:00 |
WebAPI | Options.dateTimeZone Can be set/retrieved in WLAN AP/CL mode |
Date, time, and time zone information |
| MTPAPI | 0x5011 DateTime | |||
| BLEAPI | N/A | |||
Power status setting
The API can be used to control the camera power. However, it is not possible to wake up the camera from a powered-off state.
The camera buttons can be used to control power on, sleep, and power off.
Setup Value
| Setup Value | Default value | Setting Method | Description | |
| Power status | OFF | WebAPI | Options._cameraPower Can be set/retrieved in WLAN AP/CL mode |
Set power status |
| MTPAPI | 0x1013 PowerDown 0xD80E SleepMode |
|||
| BLEAPI | N/A | |||
| Sleep mode transition time | 180 (seconds) |
WebAPI | Options.sleepDelay Can be set/obtained in WLAN AP/CL mode |
Period of inactivity (in seconds) before entering sleep mode |
| MTPAPI | 0xD803 SleepDelay |
|||
| BLEAPI | N/A | |||
| Power OFF transition time | 64800 (sec) |
WebAPI | Options.offDelay Can be set/retrieved in WLAN AP/CL mode |
Period of inactivity from sleep mode to power off (60+ seconds in seconds) |
| MTPAPI | 0xD81B AutoPowerOffDelaySec |
|||
| BLEAPI | N/A | |||
| Restart | WebAPI | N/A | Restart | |
| MTPAPI | 0x99AF Reboot |
|||
| BLEAPI | N/A | |||
Device Log
The device logs at least 1000 events for critical information assets such as images and video files.
This log can be accessed via WebAPI.
How to get
| API Name | getEventLog |
| URL /log/eventLog | /log/eventLog |
| Content-Type | Text/plain; |
| Charset | Charset=UTF-8 |
| method | GET |
Vulnerability Response
We recommend firmware updates to address software vulnerabilities. Firmware update information will be posted on our website and smartphone applications.
https://support.ricoh360.com/system-information
How to update the firmware
Please refer to the User's Manual for instructions on how to update the firmware.
Update using the RICOH360 Smartphone App
https://support.ricoh360.com/manual/z1-ricoh360-app-firm-update-01Update using the basic application for PCs
https://support.ricoh360.com/manual/z1-update-01?apps=ricoh-thetaUpdate from RICOH360 Cloud
https://support.ricoh360.com/manual/ricoh360-web-08Delete and initialize registered information
Connection information stored on the THETA main unit can be initialized by performing the following operations.
To delete the RICOH360 registration on the THETA main unit, delete it from the application.
Images and videos stored on the THETA main unit can also be deleted from a USB-connected PC.
| Registration Information | Initialization to factory defaults | Reset settings | Initialization of connection information | Storage format |
| N/A | API | WLAN + Mode button 6 sec. long press/API | API | |
| Network type | Initialize ( OFF ) | Initialize ( OFF ) | N/A | N/A |
| SSID | Initialize | Initialize | N/A | N/A |
| Encryption key (passphrase) | Initialize | Initialize | Initialize | N/A |
| Frequency setting ( AP mode ) | Initialize ( 2.4GHz ) | Initialize ( 2.4GHz ) | Initialize ( 2.4GHz ) | N/A |
| Digest Authentication User Name | Initialize | Initialize | N/A | N/A |
| Digest Authentication Password | Initialize | Initialize | N/A | N/A |
| Access point information | Initialize ( delete ) | Initialize ( delete ) | N/A | N/A |
| Proxy information | Initialize ( delete ) | Initialize ( delete ) | N/A | N/A |
| Wired LAN connection settings | Initialize | Initialize | N/A | N/A |
| Bluetooth® status | Initialize ( OFF ) | Initialize ( OFF ) | N/A | N/A |
| Connection information with Bluetooth® peripherals | Initialize ( delete ) | Initialize ( delete ) | N/A | N/A |
| Connection information with Bluetooth® terminal | N/A | N/A | N/A | N/A |
| Location information set by API | delete | N/A | N/A | N/A |
| Date and time zone information | Initialize | Initialize | N/A | N/A |
| Sleep mode transition time | Initialize | Initialize | N/A | N/A |
| Power off transition time | Initialize | Initialize | N/A | N/A |
| Still image/video file | Initialize ( delete ) | N/A | N/A | Initialize ( delete ) |
| Device log | Initialize ( delete ) | N/A | N/A | N/A |
| RICOH360 Registration Information | Initialize ( delete ) | N/A | N/A | N/A |
Set value
| Type of processing | Operation Method | Setting Method ( API ) | |
| Initialization to shipping state | N/A | WebAPI | N/A |
| MTPAPI | N/A | ||
| BLEAPI | N/A | ||
| Configuration reset | N/A | WebAPI | camera.reset Can be set/retrieved in WLAN AP/CL mode |
| MTPAPI | 0x1017 ResetDevicePropValue [*1]. |
||
| BLEAPI | N/A | ||
| Connection information initialization | While holding down the WLAN button Press Mode button for 6 seconds |
WebAPI | camera._deleteAccessPoint [*2]. Can be set/retrieved in WLAN AP/CL mode |
| MTPAPI | N/A | ||
| BLEAPI | N/A | ||
| Format | N/A | WebAPI | camera.delete Can be set/retrieved in WLAN AP/CL mode |
| MTPAPI | 0x100B DeleteObject | ||
| BLEAPI | N/A | ||
[*1] Reset the DeviceProperties defined in the MTP.
[*2] Deletes access point information configured via API.