Wifi Config stored on SDCARD Security issue #116
Comments
philross88
changed the title
|
Have you tried moving the file and symlinking it? It should still work (probably ^^TM ) |
|
Sorry, not following you. How would moving a file or symlinking it would make it secure? Encryption would be very difficult because every time the camera boots up the key has to be placed somewhere and since right now, the entire firmware loads from the SDcard, that's not practical. |
|
You yourself can move the |
|
Can this be done via runtime script? or can you actually access the internal storage as well? |
|
Putting a plain-text psk (pre-shared key) in wpa_supplicant.conf hasn't been best practice for a very long time, instead you're supposed to use wpa_passphrase to generate a one-way hash for the configuration. I can't test it because my late model v2 won't work with the openipc firmware, but maybe someone who has an earlier model can try it. See WPA-PSK and WPA2-PSK in the Debian Wiki for details. |
|
@plembo wpa_passpharse won't help in the attack model we're dealing with right now. The worry we have is that someone could just waltz up to the porch, pop out the SD card, and nab the credentials for the network in about 30 seconds. Having the hash from |
My understanding is that the wifi config stays on the sdcard of the camera. I know most of the folks here are interested to use this camera as outdoor (cheap) security camera, however, this is a serious problem. If some one steal the the camera, they can easily read the wifi config from the sdcard, gain access to your home wifi and play around with your home automation or other devices while staying in the parking lot.
The SDConfig should be moved to internal flash as soon as the firmware is installed. May be something like small jffs2 partition like original firmware to store and handle modifications in the htpasswd and wifi config.
The text was updated successfully, but these errors were encountered: