Saturday, June 11, 2011

Gadget Insecurity

OK, I'm a gadget geek.  I admit it.  Give me a little machine that has blinking lights and beeps, and it will amuse me for hours.  If you really want to get my attention, give it a screen and put a video game on it. I'm weak and immature, but for the most part, it's harmless.

A few months ago, I bought a Roku media player.  Basically, it's a teeny little box you connect to your TV and configure on your network.  It pulls down Netflix, Amazon, Pandora, and a whole bunch of other streaming content from the Internet.  Since we got it, we use our cable TV a lot less.  The convenience of being able to just grab what we want is wonderful.

The only drawback to the Roku is the remote.  It's fully functional, and does everything you need to do on the box, but it's tiny.  It's about 1/2 inch by 1 1/4 inches by about 4 inches, about the size of a double-stack 9mm pistol magazine.  It's in a continual state of 'lost'.

I mentioned this to a co-worker today at lunch, and he suggested that I download a free app for my phone (gadget geek alert) that emulated the remote.  I wondered how it worked since the iPhone doesn't have an IR port, but gave it a swing, and it works like a champ.  The app goes out onto the wireless network, finds a Roku to control, and give it commands across the network.  It was easy. I didn't even have to verify that I was indeed the owner of the box.

While that's pretty neat, it made the hair on the back of my neck stand up.  One of the hats I have at work is Designated Guilty Bastard for Security, and I just about had a fit over this.  I basically have a little computer on my network that will take commands from anything on my network that knows the correct magic incantation.  While I lock down my wireless network as well as I can, it's pretty trivial for just about anyone to overcome even the best wireless security and get on a network.  Plus, the express purpose of this device is to go out on the Internet and pull down large amounts of content.  It would be exceedingly easy for someone do a man-in-the-middle attack between my Roku and Netflix and start telling my little box to start doing bad things.

If it's got a command interface and a network interface, it can be a spambot or worse.

Something tells me this isn't unique to the Roku.  Most of the new TV's I lust after at Sam's Club* come with a network port.  How much do you want to bet they don't have much security baked into them either?  BlueRay players are the same, and I've heard tell that the car manufacturers are putting networked computers into their cars now.  So how long until h4x0rs and organized crime find a way to turn all of these into moneymakers as botnets?  

Excuse me while I go finish putting up that fine copper mesh around the volume of the house.

*Yes, I'm a guy, and I want a TV that I have to step on my tiptoes to look over.

3 comments:

Laura said...

our BluRay player is connected to the wireless, and ... i'm not a fan. we never use it for anything other than watching movies on media, though, so i guess it could be worse.

still...ergh. i'm glad *my* Netflix account isn't accessible through it...

DaddyBear said...

We skipped the BlueRay thing. There wasn't anything about it that compelled us to upgrade from DVD, and now that we can get just about anything we want from a streaming service like Netflix or Amazon, there's even less to make me buy one.

Laura said...

i can honestly say i wouldn't have spent the money on it...so we didn't. this was a present for his birthday last year. we rarely use it, thanks to netflix instant.

Creative Commons License
DaddyBear's Den by DaddyBear is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 United States License.
Based on a work at daddybearden.blogspot.com.