5,595,964 Members 31,498 Now Online
XDA Developers Android and Mobile Development Forum

Making Rooted safer than Stock

Tip us?
 
Asphyx
Old
#11  
Senior Member
Thanks Meter 207
Posts: 1,415
Join Date: Dec 2007
Quote:
Originally Posted by bhiga View Post
  1. Chromecast is in setup mode and broadcasting an open AP
  2. Attacker connects to the open AP
  3. Attacker connects to Web Panel and enables ADB/Telnet/SSH (because web panel currently does not require authentication, Team Eureka said authentication is coming)
  4. Attacker connects to Chromecast via ADB, Telnet, or SSH and gets access to the root filesystem, where they can see the cleartext password and SSID of the AP that Chromecast normally connects to (because password is stored in supplicant config file which is accessible)
So the attacker does not need anything more than to see the Chromecastnnnn AP.
Except for the fact that if it is not connected to the router then that means the router is unavailable, and or the Password saved in cleartext isn't working. If it was it would be connected and not in Setup mode.

Thats the point I was trying to get across there....

Sure you could find passwords to APs the CCast was connected to...
But if it isn't connected at the time of the hack then those APs are not available if they were you would not be able to connect to the CCast.
And if they are available then anything saved in the CCast is worthless since the CCast couldn't use it to connect either.

And I told him how to plug that hole far better than via the ROM....
Turn on Mac Filtering so not only do you need the password but need to clone a MAC address as well.

And all of this to get at what?

Your last will and testament and some compromising Pictures?

If you make it difficult enough that the payoff isn't worth the effort they will move on....
 
bhiga
Old
#12  
bhiga's Avatar
Recognized Contributor
Thanks Meter 557
Posts: 1,574
Join Date: Oct 2010

 
DONATE TO ME
Quote:
Originally Posted by Asphyx View Post
Except for the fact that if it is not connected to the router then that means the router is unavailable, and or the Password saved in cleartext isn't working. If it was it would be connected and not in Setup mode.
Ahh, I see your point now.

At least for me, sometimes Chromecast will "miss" the connection shortly after boot, so the setup AP is available for a few minutes after a reboot. To exploit that, someone would need to be sitting and listening for it to pop up - not a "juicy" target, but still possible. People do strange things "just because they can" - at least that's what YouTube teaches me.

As you say, MAC filtering provides an additional deterrent level. Unfortunately the target customer is probably not sophisticated enough to do that. I'm not sure all ISP-provided devices (I avoid integrated hardware that I can't configure) allows setting MAC restrictions though.
-- Brandon // Google Chromecast threads: FAQ - READ THIS FIRST! || Rootable Serial Numbers
Mini-FAQ: What's the big deal with root? || Mini-FAQ: Rooting with FlashCast || Assemble a powered OTG cable
WiFi Bandwidth and Router considerations || Not all 1080p/720p is created equal
Follow the rules / Use 'Search' before posting / Post in the correct sections / Do not spam the board / Press thanks, don't post 'Thanks'
 
frantisek.nesveda
Old
#13  
Member
Thanks Meter 27
Posts: 79
Join Date: Jan 2012
Quote:
Originally Posted by Asphyx View Post
But if it isn't connected at the time of the hack then those APs are not available if they were you would not be able to connect to the CCast.
And if they are available then anything saved in the CCast is worthless since the CCast couldn't use it to connect either.
Well, in theory, you could connect to the CCast when it is in unprotected AP mode, enable ssh, and write a shell script which gets started every boot and sends out the saved wifi password somewhere to the internet. Then, when the CCast owner sets up is wifi, and sometimes later reboots, the wifi passwords will be sent out.

But... since there are probably only a few thousand rooted Chromecasts, and the time window in which to push the script to the Chromecast is so narrow, I doubt anyone would spend any time to try this.
 
Asphyx
Old
#14  
Senior Member
Thanks Meter 207
Posts: 1,415
Join Date: Dec 2007
Quote:
Originally Posted by bhiga View Post
Unfortunately the target customer is probably not sophisticated enough to do that. I'm not sure all ISP-provided devices (I avoid integrated hardware that I can't configure) allows setting MAC restrictions though.
I'm sure thats true but if your not sophisticated enough to control your own Network or let an ISP do it all for you the least of your issues are what might happen in the odd chance CCast is disconnected or in the 30 seconds before it connects to an AP during Bootup. Locking up the holes in a CCast sure isn't going to help you much LOL

Quote:
Originally Posted by frantisek.nesveda View Post
Well, in theory, you could connect to the CCast when it is in unprotected AP mode, enable ssh, and write a shell script which gets started every boot and sends out the saved wifi password somewhere to the internet. Then, when the CCast owner sets up is wifi, and sometimes later reboots, the wifi passwords will be sent out.
Well in theory you could have it do location checks with Google and map location, SSID and Password of every AP it ever connects to...

Like I said to what end would someone do that?
What is the PAYOFF in the end?
I could understand it if your living next to Bill Gates and wanted to steal banking info....

The Average Joe doesn't have anything worth seeing that would make someone go through all of that especially when they could get it much easier by just sniffing WiFi packets and finding the same data and decrypting it.

They could sit there all day and hack the Router but they have such a small window to work with on an unconnected CCast either because they have to catch it rebooting or catch it in a location that it isn't setup for and unless you have written a program to do all of that without Human Intervention you still got a snowballs chance in hell of getting any worthwhile information...

Security only happens when there are multiple layers of protection that make it so difficult to breach that they won't bother unless the payoff is worth it.

Someone really has to hate you in order to go through all that so some of the best security practices you can implement is don't be an AZZ and no one will have it out for you enough to want to get something on you via a Hack! LOL

(Not suggesting anyone in this discussion is just saying in General LOL)
 
frantisek.nesveda
Old
#15  
Member
Thanks Meter 27
Posts: 79
Join Date: Jan 2012
Quote:
Originally Posted by Asphyx View Post
Like I said to what end would someone do that?
Well, would you give me your WiFi password?
I can think of a few things you could do with access to someone's WiFi... Free internet, torrenting on someone else's responsibility, or just messing with someone.

Quote:
Originally Posted by Asphyx View Post
I could understand it if your living next to Bill Gates and wanted to steal banking info...
The real question here is... Would Bill Gates buy a Google Chromecast?
 
Asphyx
Old
#16  
Senior Member
Thanks Meter 207
Posts: 1,415
Join Date: Dec 2007
Quote:
Originally Posted by frantisek.nesveda View Post
Well, would you give me your WiFi password?
I can think of a few things you could do with access to someone's WiFi... Free internet, torrenting on someone else's responsibility, or just messing with someone.


The real question here is... Would Bill Gates buy a Google Chromecast?
Sure! I could very easily give you my router password and you would still not be able to do anything you mentioned until you figured out a MAC address one of my networked devices actually uses.

And to my other point...Is Free Internet or messing with someone really worth the risk of going to a Federal Pen for hacking?

As for what Bill Gates has I wonder if he is even running Windows 8 cause I don't know anyone who has it that likes it! LOL
 
frantisek.nesveda
Old
#17  
Member
Thanks Meter 27
Posts: 79
Join Date: Jan 2012
Quote:
Originally Posted by Asphyx View Post
Sure! I could very easily give you my router password and you would still not be able to do anything you mentioned until you figured out a MAC address one of my networked devices actually uses.
Good point.

I guess that if we really wanted, we could play this cat and mouse game for quite some time, but the outcome would be that if you really care about security, you can make your network secure enough. But that would be just spamming the thread.
 
Asphyx
Old
#18  
Senior Member
Thanks Meter 207
Posts: 1,415
Join Date: Dec 2007
Quote:
Originally Posted by frantisek.nesveda View Post
but the outcome would be that if you really care about security, you can make your network secure enough. But that would be just spamming the thread.
Actually I think what I was trying to say is that no matter how much you care and try to be secure...
If they want you they WILL get you and they don't need nor would they do it through your CCast when there are far better tried and true methods to attack a wireless router directly that doesn't require LUCK of a device not connecting or the timing of catching it while it is booting up in order to catch the weakness.
Any security hole that results from the CCast will likely never amount to anything more than the Prankish "Look what dirtyPorn I put on your screen"

If they want dirt they will go to the router which is always up and doesn't require some act of god or electronics to happen.

You secure your router the best you can and if that isn't enough then you need to keep your wireless off until you need it to be TRULY secure....

And even then there is nothing to stop them from tapping into the pole where your Internet connection comes in and getting you that way!

Security is nothing more than an illusion and a deterrent...Truth is your never secure no matter how much you worry which says to me...Worrying is pointless. Unless you have enemies that really want to get you...and if thats the case all the security in the world won't stop them!
 
mathorv
Old
#19  
mathorv's Avatar
Senior Member - OP
Thanks Meter 64
Posts: 144
Join Date: Jun 2011
Quote:
Originally Posted by Asphyx View Post
Actually I think what I was trying to say is that no matter how much you care and try to be secure...
If they want you they WILL get you and they don't need nor would they do it through your CCast when there are far better tried and true methods to attack a wireless router directly that doesn't require LUCK of a device not connecting or the timing of catching it while it is booting up in order to catch the weakness.
Any security hole that results from the CCast will likely never amount to anything more than the Prankish "Look what dirtyPorn I put on your screen"

If they want dirt they will go to the router which is always up and doesn't require some act of god or electronics to happen.

You secure your router the best you can and if that isn't enough then you need to keep your wireless off until you need it to be TRULY secure....

And even then there is nothing to stop them from tapping into the pole where your Internet connection comes in and getting you that way!

Security is nothing more than an illusion and a deterrent...Truth is your never secure no matter how much you worry which says to me...Worrying is pointless. Unless you have enemies that really want to get you...and if thats the case all the security in the world won't stop them!
MAC access list = joke, blacklist is also a illusion changing MAC address(spoofing MAC) is extremely easy on any platform.
In case of whitelist Attacker will look into it just a bit for a longer, to know list of allowed devices.
At home you will have to whitelist every new device...
In corporate environment it will take you more time also WPA2-PSK is not suitable for serous corporate use.

About absolute security.
Security is relative term. Its just like healthy life style, it will not make you immune to diseases, it will make you generally healthier, less likely to get ill.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Fix the Ambient Light Issues on Your Google Nexus 5 using Xposed

The Google Nexus 5 is a great and rather popular device. This LG-produced … more

Google Glass XE16 Update Factory Image and Rooted Bootloader Now Available

You may recall that early yesterday, we talked about the XE16 … more

Add Swipe Utilities to Your App with SimpleFingerGestures Library

Gestures have become an increasingly important element in smartphone UI … more