Important KiwiSDR security information
last updated 19 July 2021 18:00 UTC
Update: KiwiSDRs that remain unpatched
will no longer be listed on
It is extraordinarily important
that you verify your Kiwi has updated to
released on 15 July 2021
to fix a security vulnerability.
From a user connection look on the "stats" tab of the main control panel. You will find the text "v1.NNN" where NNN should
equal 461 if the Kiwi has updated.
For the original "genuine" KiwiSDR an auto-update to v1.461 should occur between 2-6 AM local
time if there are no active user connections (WSPR autorun and kiwiclient connections excluded).
To update, the Kiwi must be on a network that has Internet access and also able to reach the github.com site. On the admin page "control" tab click the restart button to force an immediate update.
For Kiwi hardware "clone" devices see here
If your (genuine) Kiwi is stuck on a much earlier version and refuses to auto-update, or manually update using controls on the admin page "update" tab, you have several choices:
Re-flash from the backup sd card supplied with your Kiwi.
After it reboots it will be running v1.2. Let the auto-update process run.
This will take the better part of one hour.
Unfortunately, all your customizations will be lost.
But this will eliminate any problems being stuck due to filesystem or git clone damage.
If you've misplaced the original supplied sd card you can copy a Kiwi image onto a
new card by following
After re-flashing using the new card a network update to get v1.461 will still be required
(the downloaded image is an older version).
If you know how to login as root to the Beagle/Linux on your Kiwi (e.g. using ssh or PuTTY) do so
and use the following commands.
Remember that unless you've explicitly set it the Linux root password is either the Kiwi admin password or, if the admin password is blank, the Kiwi's serial number as shown on the admin page network tab or written in the white silkscreen box on the top of the Kiwi circuit board.
Assuming there is not widespread filesystem damage this will install
a fresh copy of v1.461 but save your Kiwi customizations:
- cdp [go to project directory]
- mst [stop the Kiwi server]
- cd [go to home directory]
- mv Beagle_SDR_GPS B.bad [move Kiwi directory out of the way]
- gclone Beagle_SDR_GPS [git clone fresh copy from Github]
- cdp [go to project directory]
- m [make, takes 10-15 minutes, more for older versions]
- mi [make install]
- ku ["kiwi up", takes 45 seconds before Kiwi responds]
If you are unable to use the above methods contact us at email@example.com and we will assist you directly.
For the KiwiSDR hardware "clones" running a modified version of the KiwiSDR software it appears action has been taken in one case and perhaps not in another:
Github commit Removes the admin page console tab functionality.
It appears the network portion of this security issue was removed some time ago.
No commits since March 31 on master or dev branches.
Someone with access to their forum please request some action.
We are unaware how the software update mechanisms of these clone devices work.
Anyone with additional info please post on the associated clone forums or reputable
sources such as RTL-SDR.com