GeekMagicClock / smalltv-ultra

Ultra version firmware of GeekMagic smalltv
155 stars 14 forks source link

Huge vulnerability - fallback to AP mode (GifTV) ! #103

Open mnemologic opened 2 months ago

mnemologic commented 2 months ago

When any power outage occurs and device can't connect to current WiFi network (after three attempts) it falls back to GifTV AP Mode that anyone can connect to (Open WiFi, no password protected).

The problem is that device configuration site remembers previous settings (proper WiFi SSID, password, OpenWeather API Key, etc.) And everything is in plain text exposing entire WiFi network credentials!

So in circumstances like this practically anyone, with no special IT skills, can connect to GifTV hotspot and see your current wifi password.

GeekMagicClock commented 2 months ago

Hi, that is a strategy for users to re-configure it, actually in recent production version, the password is hidden on the web.

mnemologic commented 2 months ago

They used to say the same over two decades ago - "It's not a bug, it's a feature!" ;)

Best solution would be:

  1. Randomly generated GifTV hotspot password that is required and displayed on device screen to protect from literally anyone. (or even fixed password to lower the random access risk)

and / or

  1. Password protected configuration site to protect from hostile individuals inside your WiFi network.
GeekMagicClock commented 2 months ago

Your sarcasm makes sense. :)

Although this is a low probability event, I admit that it is not impossible. And your solution is great. I hope to add this function without increasing the user complexity, so let me try something. I might be inclined to still use open WIFI and add a site that randomly generates passwords and the passwords are displayed on the screen. What do you think?

mnemologic commented 2 months ago

You can leave it "as is" ;)

It's not my project, but in my opinion it would be much more honest to either provide at least minimum security for GifTV AP Mode or inform/warn buyers about such a "feature".

Especially when leaving this useful device turned on and unattended for a long time in home or office network environment when such scenario can happen at any moment.

GeekMagicClock commented 2 months ago

Yeah, thank for the posting. I just came out another idea, If this device is in AP mode, and no one connected for like 2 minutes, then turn off the AP mode.

Ashwagada commented 2 months ago

Hello,

The best solution is to generate a random password (numbers, letters, special characters) displayed on the screen & turn off AP mode after a few minutes.

PS: Let's take care of our privacy and security!

mnemologic commented 2 months ago

Since no new firmware update and you want to know my opinion:

As simple solution as a one cheap physical tactile button and a bit of code tweaks would solve the issue. If user wants to enter configuration mode (AP mode) he/she has to press the button during boot time. Every other time the device will boot into normal (client) mode.

Many of us (buyers) are able to use soldering iron. You would just have to explain which GPIO pins we have to solder wires to.

No need for overgrowing amount of source code. Just fork the code for those who are able to do soldering procedure themselves.

gthb96 commented 1 month ago

Quick and dirty fix in the meantime, just show asterisks but a proper solution would be great afterwards.

JavierCervilla commented 2 weeks ago

They used to say the same over two decades ago - "It's not a bug, it's a feature!" ;)

Best solution would be:

  1. Randomly generated GifTV hotspot password that is required and displayed on device screen to protect from literally anyone. (or even fixed password to lower the random access risk)

and / or

  1. Password protected configuration site to protect from hostile individuals inside your WiFi network.

This is the good solution, also if you want to reduce more user complexity at same time, you can add a QR code with the password so is easier, idk if a qr code algo fits but... just my 2 cents