institute scenario - Google Chromecast

Hi. I'm working in a school, and we're evaluating use the crhomecast to show contents on a tv.
The scenario is --> Have multiple nearby classrooms.
The teacher can connect their classroom Chromecast.
Mainly need if the teacher sends a video, another person cannot interrupt this (teasing the class)
Multiple platform like Android, iOS, Windows, mac, etc...
Is a must root the device?
Is it posible?
I heard something called kiosk mode, is it true?
Thanks

Pranksters can hijack your Chromecast to show whatever they want. It's a feature, not a bug.
Somebody needs to make an AlternativeTo...

This is possible and it does not require the device to be rooted, but it does require you to set up a private WiFi network. You could then hook up the Chromecast to the private network (password protected) and it wouldn't show up for anyone who is not on the network.

I work for the technology consortium at our county ISD. We service about 50 schools and a good deal of them have chromecast in all the classrooms.
We had to deal with this exact problem and right now the only solution was as already pointed out a separate private network for the chromecast. Actually all of our staff devices are on separate networks from the students. The teachers can see the Chromecasts from their issued MacBook, iPad, Chromebooks, desktop PCs etc.
What we've done is to use PSKs for each device so that even if a student were to go to say the teachers Windows based computer for example and steal the network key it wouldn't work for them. We had to go this route because of a projector debacle we had. All of our classroom Epson projectors are networked and the students had figured out the wireless key and used the wireless key along with the Epson wifi remote app to turn off projectors during class lol that is definitely something I would have done when I was in school!
Anyway after that happened we went to separate student and staff networks and everything has a PSK now.
Unfortunately when Google designed the chromecast they were not really thinking classroom. As more and more schools are switching away from iPads and going to Chromebooks and using things like chromecast I would think that at some point they would develop in features for education or have a separate model for education that has these types of securities but right now this is about the best you can do.
I can definitely tell you that whenever we talk to our rep from Google we ***** about the Chromecast not having better security because ultimately we want a solution that allows the students to use them too but not hijack them. We would like each student who's presenting to be able to connect to them when the teacher allows. Unfortunately there's just no management that can do that easily that I'm aware of.

primetechv2 said:
Pranksters can hijack your Chromecast to show whatever they want[/url]. It's a feature, not a bug.
Somebody needs to make an AlternativeTo...
Click to expand...
Click to collapse
I didn't mean this. Just the opposite

kdoggy said:
I work for the technology consortium at our county ISD. We service about 50 schools and a good deal of them have chromecast in all the classrooms.
We had to deal with this exact problem and right now the only solution was as already pointed out a separate private network for the chromecast. Actually all of our staff devices are on separate networks from the students. The teachers can see the Chromecasts from their issued MacBook, iPad, Chromebooks, desktop PCs etc.
What we've done is to use PSKs for each device so that even if a student were to go to say the teachers Windows based computer for example and steal the network key it wouldn't work for them. We had to go this route because of a projector debacle we had. All of our classroom Epson projectors are networked and the students had figured out the wireless key and used the wireless key along with the Epson wifi remote app to turn off projectors during class lol that is definitely something I would have done when I was in school!
Anyway after that happened we went to separate student and staff networks and everything has a PSK now.
Unfortunately when Google designed the chromecast they were not really thinking classroom. As more and more schools are switching away from iPads and going to Chromebooks and using things like chromecast I would think that at some point they would develop in features for education or have a separate model for education that has these types of securities but right now this is about the best you can do.
I can definitely tell you that whenever we talk to our rep from Google we ***** about the Chromecast not having better security because ultimately we want a solution that allows the students to use them too but not hijack them. We would like each student who's presenting to be able to connect to them when the teacher allows. Unfortunately there's just no management that can do that easily that I'm aware of.
Click to expand...
Click to collapse
Thanks for your input

kdoggy said:
I work for the technology consortium at our county ISD. We service about 50 schools and a good deal of them have chromecast in all the classrooms.
We had to deal with this exact problem and right now the only solution was as already pointed out a separate private network for the chromecast. Actually all of our staff devices are on separate networks from the students. The teachers can see the Chromecasts from their issued MacBook, iPad, Chromebooks, desktop PCs etc.
What we've done is to use PSKs for each device so that even if a student were to go to say the teachers Windows based computer for example and steal the network key it wouldn't work for them. We had to go this route because of a projector debacle we had. All of our classroom Epson projectors are networked and the students had figured out the wireless key and used the wireless key along with the Epson wifi remote app to turn off projectors during class lol that is definitely something I would have done when I was in school!
Anyway after that happened we went to separate student and staff networks and everything has a PSK now.
Unfortunately when Google designed the chromecast they were not really thinking classroom. As more and more schools are switching away from iPads and going to Chromebooks and using things like chromecast I would think that at some point they would develop in features for education or have a separate model for education that has these types of securities but right now this is about the best you can do.
I can definitely tell you that whenever we talk to our rep from Google we ***** about the Chromecast not having better security because ultimately we want a solution that allows the students to use them too but not hijack them. We would like each student who's presenting to be able to connect to them when the teacher allows. Unfortunately there's just no management that can do that easily that I'm aware of.
Click to expand...
Click to collapse
Thanks for your input

Related

Slingbox users beware...At&t limiting 3g access

Do you have a slingbox and mobile sling software for your windows mobile phone? Well it seems at&t thinks the iphone is a computer and not a phone and has put a stop to 3g access for slingplayer on the iphone.
According to this wired article released last week:
http://www.wired.com/epicenter/2009/05/slingplayer-iphone-app-crippled-by-apple-att/
As far as AT&T is concerned, the iPhone is not a phone. It’s a computer.
“Applications like this, which redirect a TV signal to a personal computer, are specifically prohibited under our terms of service,” stated AT&T. “We consider smartphones like the iPhone to be personal computers in that they have the same hardware and software attributes as PCs.”
However, this policy is obviously inconsistent. Owners of the Samsung Blackjack, Motorola Q, Blackberry, and other smartphones are able to stream Slingbox content over AT&T’s 3G network. Only Sling’s iPhone app is crippled in this way.
I worry that at&t will limit access on windows mobile phones as well like my tilt as I use my slingbox alot from my phone.
Jim
If so then just tunnel the info via SSH and a linux box on your network. It's encrypted and tunneled.
I do have a linux box (FC10) on my network here at the house, but not sure how I would tunnel the connection from my phone.
I found a program called zatunnel
zaTunnel is SSH tunnel and port forwarding for Pocket PC. Tunneling, or port forwarding, is a way to forward otherwise insecure TCP traffic through SSH Secure Shell for Workstations
Will fool with this.
Thanks
Jim
I'll try that program out, I've been using Putty for WM, which is complicated.
I was able to install the program and connect to my linux server but was not able to do anything else from there. Still fooling with it...
Jim
Do you know how to make tunnels?
My suggestion is to make the tunnels to the ports that the slingbox uses and then somehow you have to tell the slingbox to look at the IP "localhost"
Yeah not sure thats possible to do what your saying. I was able to connect to my local server with this program but I get nothing on my tilt saying I am connected. When I grep the logs on my linux box it shows me connected. If I pull up a browser and connect to localhost it tells me this is a proxy and no web content has been setup yet. I thought maybe it was because I have ssh running on a port other than 22, so I connected to another server that I have which runs on 22 and I get the same results.
I guess its time to head over to the software forum and do a request for an application that will do this for us. Not only will it will useful for the slingbox but just about anything else too.
Jim
I wouldn't think that you can get something other then a connection. Use the WM Putty and you will get the terminal to type in as well as the tunnels being open.
How does sling player work?
Does it have an ip and some ports that you open in your router?
Does it have an application to use?
If so.
You can close the ports and then make a tunnel to that IP/port, and hopefully in the app you can direct it to locahost/port instead of your xxx.xxx.xxx.xxx IP for your home.
I use this method for VPN all the time. I really only have port 22 open on my router.
Chumley, Check your pm.
Jim
Rumor has it that AT&T is developing their own software that does the same thing Slingplayer does, so it's no surprise that they're crippling the competition with some BS explanation that the iPhone is a PC. That's ridiculous. However, there's a simple way around using 3G for the Slingplayer if you have a jailbroken iPhone. All ya ned is to visit Cydia and download "Tricker 3G". That's it. The stream is awesome and as far as AT&T trying to cripple users I hope Apple goes to Verizon or another carrier in the future because it's actions like this that make me hate being an AT&T customer.
OK guys, put you penises away and relax .
Please keep this on topic and friendly. I have deleted the delightful too and fro between Chum and ronfin44.
Please remember the forum rules:
Flar said:
2. Be polite and respect your fellow xda-dev user.
There is no need for cursing, flaming, racism or personal attacks. There are a lot of different nationalities on this forum all with different cultures, this means that no matter what you're like, you'll have to adjust to people that are most definitely not like you. It will gain you a lot of respect if you help to keep the peace. It's disrespectful and therefore not permitted to create Alias Member names in an attempt to deceive others.
Click to expand...
Click to collapse
Thanks
Dave

Asterisks IAX2 Client

Does anyone know of any IAX2 Client VOIP software for the Dream Google G1
IAX2 Cuts through the firewalls just like skype does so its reliably easy for when you are on the go to be able to connect with less hassle (unlike SIP mucking around with forward ports)
Could I not port some sort of IAX2 client from some Linux project or has someone already done this?
I am on the road allot and encounter many different types of wifi networks. I carry a laptop now with a headset and connect where ever I can to check messages and make calls sometimes even receive some. I love the fact that my small business runs asterisks allowing me to use many different voip providers (that use sip or IAX2) I have 2 numbers in bound giving me 4 different channels of call into a cheap $12 a month professional phone system. I even recently been using a provider that gives me $0.00348 cents a min for Canadian outbound.
(I scoured the threads for keywords like trixbox, asterisks, IAX, IAX2, Elastics, freepbx and was unable to find any serious discussion on this)
Why do you need to forward ports for SIP? Just keep a connection open to the SIP server and it will signal you there.
I use to spend most of my free time in my car trying to get a open connection then attempting to get my sip client to connect to my home server. A pain in the butt. When it worked its nice to get your voicemails and heck catch a call once in a while pickup a job on the run. Even make all your calls if you got a clear enough connection.
Seems they make it easy to connect to your sip provider but when it comes to your own asterisk server at home you have to fight with the provider. Sympatic o seems to block the rtp ports or disrupt the communication in some way allowing only the sip 5060 ports to connect make the phone ring but not let you talk. they play all sorts of games. It worked fine up to march 2008 when all thr providers (big boys Rogers Sympatico) Upgraded to the world of packet level control. Things got fun from there. All home extension to business PBX's I setup for clients stopped working with no changes. (all sorts of different providers spead out around ontario)
I was one of the few voip asterisk consultants till voip started to take off
Does not matter if you manage to prove it and make it past the supastars ( ISP tech the PBX is on or client is connected with)to someone who actually has some control or packet level understanding to clear you a route to your home box. Unless you pay for static ip your ip will change (bell charges a ransom for a static ip) I also noticed if you setup a pbx in a major data center they seem to have a clear route. but anything DSL or Business Cable type connection there is something wrong .that use to work for 2 years prior.
Not to mention what ever router you seem to connect with might not pass things proper .
IAX2 is a dream come true it is supported by many providers and cuts through all the mess of games and such using only one port thats not tcp but udp and slices through your average router and provider with no hassle just like skype but with the freedom of your own setup. the jitter controls work wounders compared to SIP giving you a better voip experience when your wireless.
skype is very limited and very controlled when it comes to receiving calls and sending them especially when you travel.
I am not here to argue with anyone over the finer points of the more common sip. but unless I run a vpn (using sip) IAX2 is the simplest breath of fresh air in the world of voip especially if your savvy enough to build your own asterisk server and would like to take advantage of all sorts of voip providers in one box. Or heck hook one of your clients up hassle free to his Business/home phone system you setup for them.
I really just want to know if anyone has a decent IAX2 client for the G1
If you want to argue VOIP head over to voip-info.org [remove this space] /wiki/view/IAX
so i guess no software for iax2 clients.
Any ware I can pay someone to write one?
Nice found a project...
thought I would update anyone who is interested!
code.google.com/p/androvoip/wiki/Roadmap
I would be interested in such a software. However this project doesn't look very active at the moment.
warenlikesfreedom said:
so i guess no software for iax2 clients.
Any ware I can pay someone to write one?
Click to expand...
Click to collapse
Have you tried Zoiper? it supports both of SIP & IAX2 .... wwwDOTzoiperDOTcom

[Q] Peer based ISP possible?

I'm just curious about how an ISP actually becomes an ISP. I'm still learning networking so these thoughts might be completely idiotic and not possible but here goes.
Given the correct software, could a group of computers act as an ISP? For instance, say an entire cities population has the correct software on their computers, could they act as an ISP. All sharing the load and acting as one giant server. Similar to the group computing that certain organizations (eg. NASA) have done to do large calculations.
The infrastructure is there as far as the cables and such so would something like this be possible? If so, how hard would it be?
Moved to Off-Topic.
Even if the town is all connected, wouldn't they only be accessing each others websites and information? How do they access their neighboring towns? Isn't this known as an intranet or something? Excuse my ignorance I'm just thinking off the top of my head.
That's why I'm asking. I'm wondering how exactly an ISP connect's to the WAN (internet) and if it would be possible for a group of computers working in tandem as one giant server to do the same. I have a pretty good understanding (for my purposes at least) how a LAN/intranet works. Obviously there are certs involved in order to allow an ISP to connect to different servers but that's obviously not the key otherwise we wouldn't need an ISP at all.
An ISP is not a giant server or many small computers acting as a server. An ISP is a conglomerate of routers and switches used to connect many people to the internet. It doesn't really need a server, per se other than authentication of users and control of the switches/routing.
It is just a company with routers and switches with access to a massive pipeline connected to the internet.
So to accomplish something like this, more hardware would be required aside from what most people have (router, computer, etc)? Is there no way software could stand in place of the switches?
KCRic said:
So to accomplish something like this, more hardware would be required aside from what most people have (router, computer, etc)? Is there no way software could stand in place of the switches?
Click to expand...
Click to collapse
This link may help give you an idea.
http://aacable.wordpress.com/2011/07/19/mikrotik-dmasoftlab-rm-squid-zph-linux-bridgecomplete-guide/

Making Rooted safer than Stock

Dear Team Eureka there is one thing you may do with security of Chromecast that Google did not.
You may add the missing security feature:
"if there is no connection to preset network" - "do not enable unprotected wifi ap mode" unless user will press reset button for short time (something like enable/disable wifi feature with openwrt)
There is plenty of things you ma use button for in future
(you may use different functions within different interval)
press
1-5 seconds
6- 15... and so on
I like this feature!
I agree that the way it is currently working is not as secure as it could be...
But I think the better way to do all of this is the following:
1 - Never have the CCast automatically connect to an Open Wireless unless specifically told to via Setup (not sure if it does this now or not)
2 - (and this would be the alternative to your suggestion) CCast doesn't leave any unprotected network sans AP connection for setup. It's default setup mode is a protected WiFi either WEP or WPA
CCast should instead set a random pin/pass and WPA/WEP connection for use in setup when it can't find an authorized AP.
Since you should have access to the screen it is plugged into and hackers would not, you would make the connection to the CCast in protected mode using the PIN that is displayed on the screen to make the connection to the protected network. Once connected you set up the device normally.
Much better than walking over to the TV and device to press a button and much more secure because the only way to set up or take over the unit requires access to the TV it is plugged into.
As far as the Button is concerned I would really like to see it used to switch modes and add a DLNA device mode to the custom rom. Unless the ROM could add this feature while still in CCast mode.
Asphyx said:
1 - Never have the CCast automatically connect to an Open Wireless unless specifically told to via Setup
2 - (and this would be the alternative to your suggestion) CCast doesn't leave any unprotected network sans AP connection. It's default setup mode is a protected WiFi either WEP or WPA
CCast should instead set a random pin/pass and WPA/WEP connection for use in setup when it can't find an authorized AP.
Since you should have access to the screen it is plugged into and hackers would not, you would make the connection to the CCast in protected mode using the PIN that is displayed on the screen to make the connection to the protected network. Once connected you set up the device normally.
Click to expand...
Click to collapse
AFAIK Chromecast never does #1 - it won't auto-connect to any AP unless it's already set up.
Agree on #2 though. Actually, both yours and mathorv's suggestion could be used in conjunction - Chromecast should use WEP security* on its setup AP and turning on the setup AP could be set to require human interaction.
*mainly for compatibility with clients/routers that don't support WPA or better - yes, they still exist - crackable, yes, but still better than completely open as it is now.
Since the serial number is easily accessible on the unit itself and its box, that could be an easy-to-get password, and the 4-character alphanumeric ID shown on the TV could be a secondary confirmation for Setup, not just a convenient way to make sure you're connected to the correct Chromecast (does Google really think/hope there will be that many Chromecasts out there being set up at the same time?).
Also if http will be protected with https also passwords it may be better to config Chromecast wireless options via https/ssh.
Is there any way to implement power save for example trigger via ssh/https?
bhiga said:
AFAIK Chromecast never does #1 - it won't auto-connect to any AP unless it's already set up.
Agree on #2 though. Actually, both yours and mathorv's suggestion could be used in conjunction - Chromecast should use WEP security* on its setup AP and turning on the setup AP could be set to require human interaction.
*mainly for compatibility with clients/routers that don't support WPA or better - yes, they still exist - crackable, yes, but still better than completely open as it is now.
Since the serial number is easily accessible on the unit itself and its box, that could be an easy-to-get password, and the 4-character alphanumeric ID shown on the TV could be a secondary confirmation for Setup, not just a convenient way to make sure you're connected to the correct Chromecast (does Google really think/hope there will be that many Chromecasts out there being set up at the same time?).
Click to expand...
Click to collapse
Thats why I think whenever it can't find an AP to connect to it shouldn't take anything for it to generate a random password (changes everytime) that can be used until setup is complete...
As for HTTP access i it is not connected to an AP there really is no HTTP available until you have connected to it in some way.
I would be happy if Google allowed us some config tools but I don't think they are all that interested in us having control over the unit for DRM purposes.
The devs at Plex have even said that Google will not allow them to implement sending to CCast as part of their Local PlexWeb (Plex.TV is fine though)
This suggests they really do not want anything they can't approve or any usage that could expose how the device is talked to being left open to the public.
I guess they figure that if we can see how linkage and communication is done we will reverse engineer it to play and do things they don't want us doing or bypassing DRM schemes as they currently work.
bhiga said:
Agree on #2 though. Actually, both yours and mathorv's suggestion could be used in conjunction - Chromecast should use WEP security* on its setup AP and turning on the setup AP could be set to require human interaction.
*mainly for compatibility with clients/routers that don't support WPA or better - yes, they still exist - crackable, yes, but still better than completely open as it is now.
Click to expand...
Click to collapse
WEP is broken for over 10 years now! No sane human being is using it. Cracking WEP is extremely fast and easy. WEP is a false protection, illlusion of security. Using WEP is BLASHEMY.
mathorv said:
WEP is broken for over 10 years now! No sane human being is using it. Cracking WEP is extremely fast and easy. WEP is a false protection, illlusion of security. Using WEP is BLASHEMY.
Click to expand...
Click to collapse
Obviously you feel strongly about WEP.
I'm not going to argue that, because you are right that WEP is easily broken. WPA can be broken too, but with more effort.
That said, WEP is an illusion of security only if you expect it to be unbreakable, just like passwords and everything else.
Seat belts won't save you in every accident, but if you don't expect them to, they are still helpful in the event of an accident.
Now if you're driving recklessly because you think seat belts and air bags will save you, then yes it is a false sense of security and you're foolish to take extra risks.
But for the Chromecast setup AP that is temporary by nature, are you suggesting that it is better to not use any security at all, just as it is right now?
You know what I always say.....
"Just because you are Diagnosed Paranoid doesn't mean people aren't out to get you!"
LOL
This is the second conversation regarding CCast vulnerability and so far all we have identified as a REAL security concern is that someone could set up the CCast to connect to some WiFi other than yours which would lead to the grand total tragedy that they could send content to your TV.
The other conversation was in regards to the Rooted ROM having SSH and Telnet installed that could be used to hack your Router Password provided you had already hacked the router password to make the connection to the CCast in the first place to use those tools to get what you already have!
Here is something folks should take into account....NOTHING IS SECURE EVER!
Even the Servers in Iran's Nuke Plant that had no connection to the outside world whatsoever were compromised, Hacked and attacked by Stuxnet!
There is no security ever the only thing you can ever really do is make the hack hard enough and as time consuming as possible that they will move onto someone else's system to pry into their Word Docs and that private folder you keep your IFriends profile pictures in instead. LOL
Yes WEP can be hacked. Imagine how much fun someone will have after they set up your CCast to use their network and try to send content to a TV never knowing if you actually noticed it or not because they can't see your TV.
It's still a damn site better than leaving an Open WiFi AP on the CCast until setup which takes no hacking skill at all to crack.
The way I look at it if the person is smart enough to hack they are also smart enough to know there is no point in hacking a CCast...Not when there is a WiFi router that gets them a hell of a lot more personal info and much more access than just displaying content to your TV.
Asphyx said:
This is the second conversation regarding CCast vulnerability and so far all we have identified as a REAL security concern is that someone could set up the CCast to connect to some WiFi other than yours which would lead to the grand total tragedy that they could send content to your TV.
Click to expand...
Click to collapse
While this would be a great dorm prank, at least with the current functionality of Chromecast, that's all they get to do... turn on the TV and send whatever video to the TV they want, which would be quite scary/annoying. Think of the beginning of Back to the Future Part II where all the screens in the house turn on with Marty's boss telling him he's fired.
Asphyx said:
The other conversation was in regards to the Rooted ROM having SSH and Telnet installed that could be used to hack your Router Password provided you had already hacked the router password to make the connection to the CCast in the first place to use those tools to get what you already have!
Click to expand...
Click to collapse
Actually I think the scenario @mathorv described is a little different and easy to exploit.
Chromecast is in setup mode and broadcasting an open AP
Attacker connects to the open AP
Attacker connects to Web Panel and enables ADB/Telnet/SSH (because web panel currently does not require authentication, Team Eureka said authentication is coming)
Attacker connects to Chromecast via ADB, Telnet, or SSH and gets access to the root filesystem, where they can see the cleartext password and SSID of the AP that Chromecast normally connects to (because password is stored in supplicant config file which is accessible)
So the attacker does not need anything more than to see the Chromecastnnnn AP.
Sadly, the WPA authentication seems to be stored the same way on phones/tablets as well. The only thing that shields phones/tablets from the same type of attack is not all of them have root and they usually aren't accessible from the network. Hence, with root comes extra responsibility, which is why root often is made difficult.
Asphyx said:
Here is something folks should take into account....NOTHING IS SECURE EVER!
Click to expand...
Click to collapse
Yup. What we commonly call "security" is really just a deterrent. It increases the effort and the hope is that the attacker will pick an easier target. It's why we put locks on doors when it's often relatively simple to bypass them.
bhiga said:
Chromecast is in setup mode and broadcasting an open AP
Attacker connects to the open AP
Attacker connects to Web Panel and enables ADB/Telnet/SSH (because web panel currently does not require authentication, Team Eureka said authentication is coming)
Attacker connects to Chromecast via ADB, Telnet, or SSH and gets access to the root filesystem, where they can see the cleartext password and SSID of the AP that Chromecast normally connects to (because password is stored in supplicant config file which is accessible)
So the attacker does not need anything more than to see the Chromecastnnnn AP.
Click to expand...
Click to collapse
Except for the fact that if it is not connected to the router then that means the router is unavailable, and or the Password saved in cleartext isn't working. If it was it would be connected and not in Setup mode.
Thats the point I was trying to get across there....
Sure you could find passwords to APs the CCast was connected to...
But if it isn't connected at the time of the hack then those APs are not available if they were you would not be able to connect to the CCast.
And if they are available then anything saved in the CCast is worthless since the CCast couldn't use it to connect either.
And I told him how to plug that hole far better than via the ROM....
Turn on Mac Filtering so not only do you need the password but need to clone a MAC address as well.
And all of this to get at what?
Your last will and testament and some compromising Pictures?
If you make it difficult enough that the payoff isn't worth the effort they will move on....
Asphyx said:
Except for the fact that if it is not connected to the router then that means the router is unavailable, and or the Password saved in cleartext isn't working. If it was it would be connected and not in Setup mode.
Click to expand...
Click to collapse
Ahh, I see your point now.
At least for me, sometimes Chromecast will "miss" the connection shortly after boot, so the setup AP is available for a few minutes after a reboot. To exploit that, someone would need to be sitting and listening for it to pop up - not a "juicy" target, but still possible. People do strange things "just because they can" - at least that's what YouTube teaches me.
As you say, MAC filtering provides an additional deterrent level. Unfortunately the target customer is probably not sophisticated enough to do that. I'm not sure all ISP-provided devices (I avoid integrated hardware that I can't configure) allows setting MAC restrictions though.
Asphyx said:
But if it isn't connected at the time of the hack then those APs are not available if they were you would not be able to connect to the CCast.
And if they are available then anything saved in the CCast is worthless since the CCast couldn't use it to connect either.
Click to expand...
Click to collapse
Well, in theory, you could connect to the CCast when it is in unprotected AP mode, enable ssh, and write a shell script which gets started every boot and sends out the saved wifi password somewhere to the internet. Then, when the CCast owner sets up is wifi, and sometimes later reboots, the wifi passwords will be sent out.
But... since there are probably only a few thousand rooted Chromecasts, and the time window in which to push the script to the Chromecast is so narrow, I doubt anyone would spend any time to try this.
bhiga said:
Unfortunately the target customer is probably not sophisticated enough to do that. I'm not sure all ISP-provided devices (I avoid integrated hardware that I can't configure) allows setting MAC restrictions though.
Click to expand...
Click to collapse
I'm sure thats true but if your not sophisticated enough to control your own Network or let an ISP do it all for you the least of your issues are what might happen in the odd chance CCast is disconnected or in the 30 seconds before it connects to an AP during Bootup. Locking up the holes in a CCast sure isn't going to help you much LOL
frantisek.nesveda said:
Well, in theory, you could connect to the CCast when it is in unprotected AP mode, enable ssh, and write a shell script which gets started every boot and sends out the saved wifi password somewhere to the internet. Then, when the CCast owner sets up is wifi, and sometimes later reboots, the wifi passwords will be sent out.
Click to expand...
Click to collapse
Well in theory you could have it do location checks with Google and map location, SSID and Password of every AP it ever connects to...
Like I said to what end would someone do that?
What is the PAYOFF in the end?
I could understand it if your living next to Bill Gates and wanted to steal banking info....
The Average Joe doesn't have anything worth seeing that would make someone go through all of that especially when they could get it much easier by just sniffing WiFi packets and finding the same data and decrypting it.
They could sit there all day and hack the Router but they have such a small window to work with on an unconnected CCast either because they have to catch it rebooting or catch it in a location that it isn't setup for and unless you have written a program to do all of that without Human Intervention you still got a snowballs chance in hell of getting any worthwhile information...
Security only happens when there are multiple layers of protection that make it so difficult to breach that they won't bother unless the payoff is worth it.
Someone really has to hate you in order to go through all that so some of the best security practices you can implement is don't be an AZZ and no one will have it out for you enough to want to get something on you via a Hack! LOL
(Not suggesting anyone in this discussion is just saying in General LOL)
Asphyx said:
Like I said to what end would someone do that?
Click to expand...
Click to collapse
Well, would you give me your WiFi password?
I can think of a few things you could do with access to someone's WiFi... Free internet, torrenting on someone else's responsibility, or just messing with someone.
Asphyx said:
I could understand it if your living next to Bill Gates and wanted to steal banking info...
Click to expand...
Click to collapse
The real question here is... Would Bill Gates buy a Google Chromecast? :laugh:
frantisek.nesveda said:
Well, would you give me your WiFi password?
I can think of a few things you could do with access to someone's WiFi... Free internet, torrenting on someone else's responsibility, or just messing with someone.
The real question here is... Would Bill Gates buy a Google Chromecast? :laugh:
Click to expand...
Click to collapse
Sure! I could very easily give you my router password and you would still not be able to do anything you mentioned until you figured out a MAC address one of my networked devices actually uses.
And to my other point...Is Free Internet or messing with someone really worth the risk of going to a Federal Pen for hacking?
As for what Bill Gates has I wonder if he is even running Windows 8 cause I don't know anyone who has it that likes it! LOL
Asphyx said:
Sure! I could very easily give you my router password and you would still not be able to do anything you mentioned until you figured out a MAC address one of my networked devices actually uses.
Click to expand...
Click to collapse
Good point.
I guess that if we really wanted, we could play this cat and mouse game for quite some time, but the outcome would be that if you really care about security, you can make your network secure enough. But that would be just spamming the thread.
frantisek.nesveda said:
but the outcome would be that if you really care about security, you can make your network secure enough. But that would be just spamming the thread.
Click to expand...
Click to collapse
Actually I think what I was trying to say is that no matter how much you care and try to be secure...
If they want you they WILL get you and they don't need nor would they do it through your CCast when there are far better tried and true methods to attack a wireless router directly that doesn't require LUCK of a device not connecting or the timing of catching it while it is booting up in order to catch the weakness.
Any security hole that results from the CCast will likely never amount to anything more than the Prankish "Look what dirtyPorn I put on your screen"
If they want dirt they will go to the router which is always up and doesn't require some act of god or electronics to happen.
You secure your router the best you can and if that isn't enough then you need to keep your wireless off until you need it to be TRULY secure....
And even then there is nothing to stop them from tapping into the pole where your Internet connection comes in and getting you that way!
Security is nothing more than an illusion and a deterrent...Truth is your never secure no matter how much you worry which says to me...Worrying is pointless. Unless you have enemies that really want to get you...and if thats the case all the security in the world won't stop them!
Asphyx said:
Actually I think what I was trying to say is that no matter how much you care and try to be secure...
If they want you they WILL get you and they don't need nor would they do it through your CCast when there are far better tried and true methods to attack a wireless router directly that doesn't require LUCK of a device not connecting or the timing of catching it while it is booting up in order to catch the weakness.
Any security hole that results from the CCast will likely never amount to anything more than the Prankish "Look what dirtyPorn I put on your screen"
If they want dirt they will go to the router which is always up and doesn't require some act of god or electronics to happen.
You secure your router the best you can and if that isn't enough then you need to keep your wireless off until you need it to be TRULY secure....
And even then there is nothing to stop them from tapping into the pole where your Internet connection comes in and getting you that way!
Security is nothing more than an illusion and a deterrent...Truth is your never secure no matter how much you worry which says to me...Worrying is pointless. Unless you have enemies that really want to get you...and if thats the case all the security in the world won't stop them!
Click to expand...
Click to collapse
MAC access list = joke, blacklist is also a illusion changing MAC address(spoofing MAC) is extremely easy on any platform.
In case of whitelist Attacker will look into it just a bit for a longer, to know list of allowed devices.
At home you will have to whitelist every new device...
In corporate environment it will take you more time also WPA2-PSK is not suitable for serous corporate use.
About absolute security.
Security is relative term. Its just like healthy life style, it will not make you immune to diseases, it will make you generally healthier, less likely to get ill.

Protect Chromecast

Hello guys,
I am thinking about buying a Chromecast. The only thing that stops me is the protection of it.
I currently live in a big student house with 16 other people. The wifi network is shared with all of us. I'm pretty sure some of my housemates are going to troll me with the Chromecast since it's so easy to connect to it.
The question is if there is a way to protect my future Chromecast by whatever method (whitelist, password etc).
I have no control over the router and I dont think I will get that. I also dont want to spend a lot money in buying (network) stuff.
I don't mind rooting and stuff like that.
Thanks in advance,
Badeend1337
An hdmi cable would be a cheaper, more compatible bet, sounds like.
Can't harvest your data with a device that's secure.
Badeend1337 said:
Hello guys,
I am thinking about buying a Chromecast. The only thing that stops me is the protection of it.
I currently live in a big student house with 16 other people. The wifi network is shared with all of us. I'm pretty sure some of my housemates are going to troll me with the Chromecast since it's so easy to connect to it.
The question is if there is a way to protect my future Chromecast by whatever method (whitelist, password etc).
I have no control over the router and I dont think I will get that. I also dont want to spend a lot money in buying (network) stuff.
I don't mind rooting and stuff like that.
Thanks in advance,
Badeend1337
Click to expand...
Click to collapse
Either an HDMI able or an Ezcast device that actually supports a password. Chromecast likely will just get you trolled all day long im afraid.
As far as I know the ezacst doesn't support android and my phone (oneplus one) doesn't support a hdmi cable...
Really the only way to truly protect it would be to buy yourself a Travel Router with WISP support and make your own private network that only you would have the login to access.
If they have a Wired Connection then you could get any wireless router and protect it and make your own private network that still uses the main internet connection.
Other than those two methods there really is no way to protect someone from seeing and sending streams to the CCast other than unplugging it when you are not using it.
Which won't really stop them from messing with you WHILE you are using it.
So you need to select a method to create a private network within your current network that only you have access to.

Categories

Resources