search

Telraam / Telraam-RPi

The scripts that run on the Telraam Raspberry Pi computers, responsible for connecting to the local wifi, traffic monitoring and communicating with the central Telraam servers.
128 stars 19 forks source link

Security? #12

Closed MathiasVDA closed 3 years ago

MathiasVDA commented 4 years ago

Hello,

First of all, thank you for this wonderful and valuable idea. I think it's a great way to help make better decisions!

Secondly, I have some issues/concerns with the security point of view for this project. I am by no means a security expert or a foolproof example either. But I feel obliged to voice my concerns. As I understand it, the raspbian image you advise to load on a pi:

I see a number of ways in which this can go wrong. What if your servers are hacked and a bad script is spread to all the hosts? Or if people gain access to the network and with the default user have unlimited access to the device?

I hope I am wrong and I overlooked something...

If not, I would advise:

Why does samba needs to be active?

pagaille commented 4 years ago

Agreed ! For me the most problematic part is the third point.

Security looks largely overlooked in this project.

I remember I had to contact someone at telraam because his mailer account password (and others) was directly visible on a (not disabled) debug page on the live website !

Matthieu G. (en mode mobile)

Le 28 déc. 2019 à 00:18, Mathias Vanden Auweele notifications@github.com a écrit :

 Hello,

First of all, thank you for this wonderful and valuable idea. I think it's a great way to help make better decisions!

Secondly, I have some issues/concerns with the security point of view for this project. I am by no means a security expert or a foolproof example either. But I feel obliged to voice my concerns. As I understand it, the raspbian image you advise to load on a pi:

Has a default superuser username/password combination Is suppose to be connected to peoples wifi network, on which also other devices are connected. Thus granting access to those other network devices Executes a daily python script that it downloads from your site and executes it with sudo rights I see a number of ways in which this can go wrong. What if your servers are hacked and a bad script is spread to all the hosts? Or if people gain access to the network and with the default user have unlimited access to the device?

I hope I am wrong and I overlooked something...

If not, I would advise:

to ask the user for a new password for the 'pi' user (for example on the first page, besides asking for the wifi login, also ask the user to enter a new password for 'pi') to revise the update strategy and not need sudo rights for daily updates Advise users to put the pi on a guest network that only has outgoing internet access and not access to other clients on the network. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

Jefwillems commented 4 years ago

This is a major issue and no-one at @Telraam cares enough to answer.

Telraam commented 4 years ago

One of our top priorities in the undergoing development phase is solving these security related issues. As always we are grateful for all of you for pointing out weak points in our setup, and we encourage you to continue to do so in the future too. On the other hand we need to ask some time, we are very busy on multiple fronts, we are also working on making our whole back-end side more secure and robust, which is a large project on its own. Thank you for your patience!

Telraam commented 4 years ago

Please see our update over the security issues here: https://github.com/Telraam/Telraam-RPi/issues/16