Possible back door with v2.x wifi example file?

fokko · April 18, 2017, 12:29pm

Hey there,

Just configured my first static IP address on the new V2.0 OS. It got my attention there is a resin-sample file in the /resin-boot/system-connections folder. If I understand this correctly, all files in this folder are working networking configurations right?

In this file, the following example is given:

[connection]
id=resin-sample
type=wifi

[wifi]
hidden=true
mode=infrastructure
ssid=My_Wifi_Ssid

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=super_secret_wifi_password

So if I would have a resin-device with a wifi dongle (or even the raspberry pi 3 ) and host a network with SSID My_Wifi_Ssid and the password super_secret_wifi_password it would always connect!

This could be used as a backdoor…

imrehg · April 18, 2017, 12:42pm

Thanks for the report, filed an internal issue and will be taking care of this!

lekkas · February 14, 2018, 2:40pm

Hi @fokko,

Just a quick update, this issue has been resolved since resinOS version v2.2.0.

This might also be a good place to mention that users with affected versions can perform a self-service update - https://docs.resin.io/updates/self-service/#running-an-update.

Thanks again for the report,
Kostas

fokko · February 15, 2018, 8:33pm

Thanks Kostas for the update

Topic		Replies	Views
RPi1: cannot connect with v2.0.0 (but v1.24.1 is OK) Product support	13	1660	April 26, 2017
Resin-wifi-connect 2.0.x release Product support	10	2365	February 16, 2017
Set wifi SSID and password offline Product support wifi	5	1680	March 25, 2018
Resin Wifi Connect only works if I plug in ethernet first Product support wifi	3	989	March 21, 2018
Resin-wifi-connect: ethernet vs wifi Product support	2	479	October 12, 2018

Possible back door with v2.x wifi example file?

Related topics