Lollipop Leak for Sprint Galaxy S5, TWRP for Micromax Canvas Magnus – XDA TV

Android 5.0 Lollipop has been leaked for the Sprint … more

Velocity is Like OpenTable on Steroids

We all enjoy a night out with friends or our significant other from time to time. However, there is … more

Android Lollipop Lands for the Sony Xperia Z Ultra

The undisputed king of the beasts–at least in Sony’s current stable,is the … more

Android 5.0 Lollipop in 3D–EVO 3D, That Is!

It is that time of the year once again. Flowers bloom (or snow falls, depending on which … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Making Rooted safer than Stock

OP mathorv

29th January 2014, 06:09 PM   |  #11  
Senior Member
Thanks Meter: 319
 
1,847 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by bhiga

  1. Chromecast is in setup mode and broadcasting an open AP
  2. Attacker connects to the open AP
  3. Attacker connects to Web Panel and enables ADB/Telnet/SSH (because web panel currently does not require authentication, Team Eureka said authentication is coming)
  4. Attacker connects to Chromecast via ADB, Telnet, or SSH and gets access to the root filesystem, where they can see the cleartext password and SSID of the AP that Chromecast normally connects to (because password is stored in supplicant config file which is accessible)
So the attacker does not need anything more than to see the Chromecastnnnn AP.

Except for the fact that if it is not connected to the router then that means the router is unavailable, and or the Password saved in cleartext isn't working. If it was it would be connected and not in Setup mode.

Thats the point I was trying to get across there....

Sure you could find passwords to APs the CCast was connected to...
But if it isn't connected at the time of the hack then those APs are not available if they were you would not be able to connect to the CCast.
And if they are available then anything saved in the CCast is worthless since the CCast couldn't use it to connect either.

And I told him how to plug that hole far better than via the ROM....
Turn on Mac Filtering so not only do you need the password but need to clone a MAC address as well.

And all of this to get at what?

Your last will and testament and some compromising Pictures?

If you make it difficult enough that the payoff isn't worth the effort they will move on....
29th January 2014, 06:17 PM   |  #12  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 873
 
2,237 posts
Join Date:Joined: Oct 2010
Donate to Me
More
Quote:
Originally Posted by Asphyx

Except for the fact that if it is not connected to the router then that means the router is unavailable, and or the Password saved in cleartext isn't working. If it was it would be connected and not in Setup mode.

Ahh, I see your point now.

At least for me, sometimes Chromecast will "miss" the connection shortly after boot, so the setup AP is available for a few minutes after a reboot. To exploit that, someone would need to be sitting and listening for it to pop up - not a "juicy" target, but still possible. People do strange things "just because they can" - at least that's what YouTube teaches me.

As you say, MAC filtering provides an additional deterrent level. Unfortunately the target customer is probably not sophisticated enough to do that. I'm not sure all ISP-provided devices (I avoid integrated hardware that I can't configure) allows setting MAC restrictions though.
29th January 2014, 07:03 PM   |  #13  
Senior Member
Thanks Meter: 140
 
159 posts
Join Date:Joined: Jan 2012
Quote:
Originally Posted by Asphyx

But if it isn't connected at the time of the hack then those APs are not available if they were you would not be able to connect to the CCast.
And if they are available then anything saved in the CCast is worthless since the CCast couldn't use it to connect either.

Well, in theory, you could connect to the CCast when it is in unprotected AP mode, enable ssh, and write a shell script which gets started every boot and sends out the saved wifi password somewhere to the internet. Then, when the CCast owner sets up is wifi, and sometimes later reboots, the wifi passwords will be sent out.

But... since there are probably only a few thousand rooted Chromecasts, and the time window in which to push the script to the Chromecast is so narrow, I doubt anyone would spend any time to try this.
29th January 2014, 11:02 PM   |  #14  
Senior Member
Thanks Meter: 319
 
1,847 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by bhiga

Unfortunately the target customer is probably not sophisticated enough to do that. I'm not sure all ISP-provided devices (I avoid integrated hardware that I can't configure) allows setting MAC restrictions though.

I'm sure thats true but if your not sophisticated enough to control your own Network or let an ISP do it all for you the least of your issues are what might happen in the odd chance CCast is disconnected or in the 30 seconds before it connects to an AP during Bootup. Locking up the holes in a CCast sure isn't going to help you much LOL

Quote:
Originally Posted by frantisek.nesveda

Well, in theory, you could connect to the CCast when it is in unprotected AP mode, enable ssh, and write a shell script which gets started every boot and sends out the saved wifi password somewhere to the internet. Then, when the CCast owner sets up is wifi, and sometimes later reboots, the wifi passwords will be sent out.

Well in theory you could have it do location checks with Google and map location, SSID and Password of every AP it ever connects to...

Like I said to what end would someone do that?
What is the PAYOFF in the end?
I could understand it if your living next to Bill Gates and wanted to steal banking info....

The Average Joe doesn't have anything worth seeing that would make someone go through all of that especially when they could get it much easier by just sniffing WiFi packets and finding the same data and decrypting it.

They could sit there all day and hack the Router but they have such a small window to work with on an unconnected CCast either because they have to catch it rebooting or catch it in a location that it isn't setup for and unless you have written a program to do all of that without Human Intervention you still got a snowballs chance in hell of getting any worthwhile information...

Security only happens when there are multiple layers of protection that make it so difficult to breach that they won't bother unless the payoff is worth it.

Someone really has to hate you in order to go through all that so some of the best security practices you can implement is don't be an AZZ and no one will have it out for you enough to want to get something on you via a Hack! LOL

(Not suggesting anyone in this discussion is just saying in General LOL)
29th January 2014, 11:27 PM   |  #15  
Senior Member
Thanks Meter: 140
 
159 posts
Join Date:Joined: Jan 2012
Quote:
Originally Posted by Asphyx

Like I said to what end would someone do that?

Well, would you give me your WiFi password?
I can think of a few things you could do with access to someone's WiFi... Free internet, torrenting on someone else's responsibility, or just messing with someone.

Quote:
Originally Posted by Asphyx

I could understand it if your living next to Bill Gates and wanted to steal banking info...

The real question here is... Would Bill Gates buy a Google Chromecast?
30th January 2014, 04:21 PM   |  #16  
Senior Member
Thanks Meter: 319
 
1,847 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by frantisek.nesveda

Well, would you give me your WiFi password?
I can think of a few things you could do with access to someone's WiFi... Free internet, torrenting on someone else's responsibility, or just messing with someone.


The real question here is... Would Bill Gates buy a Google Chromecast?

Sure! I could very easily give you my router password and you would still not be able to do anything you mentioned until you figured out a MAC address one of my networked devices actually uses.

And to my other point...Is Free Internet or messing with someone really worth the risk of going to a Federal Pen for hacking?

As for what Bill Gates has I wonder if he is even running Windows 8 cause I don't know anyone who has it that likes it! LOL
31st January 2014, 07:23 AM   |  #17  
Senior Member
Thanks Meter: 140
 
159 posts
Join Date:Joined: Jan 2012
Quote:
Originally Posted by Asphyx

Sure! I could very easily give you my router password and you would still not be able to do anything you mentioned until you figured out a MAC address one of my networked devices actually uses.

Good point.

I guess that if we really wanted, we could play this cat and mouse game for quite some time, but the outcome would be that if you really care about security, you can make your network secure enough. But that would be just spamming the thread.
31st January 2014, 09:11 AM   |  #18  
Senior Member
Thanks Meter: 319
 
1,847 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by frantisek.nesveda

but the outcome would be that if you really care about security, you can make your network secure enough. But that would be just spamming the thread.

Actually I think what I was trying to say is that no matter how much you care and try to be secure...
If they want you they WILL get you and they don't need nor would they do it through your CCast when there are far better tried and true methods to attack a wireless router directly that doesn't require LUCK of a device not connecting or the timing of catching it while it is booting up in order to catch the weakness.
Any security hole that results from the CCast will likely never amount to anything more than the Prankish "Look what dirtyPorn I put on your screen"

If they want dirt they will go to the router which is always up and doesn't require some act of god or electronics to happen.

You secure your router the best you can and if that isn't enough then you need to keep your wireless off until you need it to be TRULY secure....

And even then there is nothing to stop them from tapping into the pole where your Internet connection comes in and getting you that way!

Security is nothing more than an illusion and a deterrent...Truth is your never secure no matter how much you worry which says to me...Worrying is pointless. Unless you have enemies that really want to get you...and if thats the case all the security in the world won't stop them!
31st January 2014, 12:54 PM   |  #19  
mathorv's Avatar
OP Senior Member
Thanks Meter: 77
 
154 posts
Join Date:Joined: Jun 2011
Angry
Quote:
Originally Posted by Asphyx

Actually I think what I was trying to say is that no matter how much you care and try to be secure...
If they want you they WILL get you and they don't need nor would they do it through your CCast when there are far better tried and true methods to attack a wireless router directly that doesn't require LUCK of a device not connecting or the timing of catching it while it is booting up in order to catch the weakness.
Any security hole that results from the CCast will likely never amount to anything more than the Prankish "Look what dirtyPorn I put on your screen"

If they want dirt they will go to the router which is always up and doesn't require some act of god or electronics to happen.

You secure your router the best you can and if that isn't enough then you need to keep your wireless off until you need it to be TRULY secure....

And even then there is nothing to stop them from tapping into the pole where your Internet connection comes in and getting you that way!

Security is nothing more than an illusion and a deterrent...Truth is your never secure no matter how much you worry which says to me...Worrying is pointless. Unless you have enemies that really want to get you...and if thats the case all the security in the world won't stop them!

MAC access list = joke, blacklist is also a illusion changing MAC address(spoofing MAC) is extremely easy on any platform.
In case of whitelist Attacker will look into it just a bit for a longer, to know list of allowed devices.
At home you will have to whitelist every new device...
In corporate environment it will take you more time also WPA2-PSK is not suitable for serous corporate use.

About absolute security.
Security is relative term. Its just like healthy life style, it will not make you immune to diseases, it will make you generally healthier, less likely to get ill.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes