Possible back door with v2.x wifi example file?

fokko · April 18, 2017, 12:29pm

Hey there,

Just configured my first static IP address on the new V2.0 OS. It got my attention there is a resin-sample file in the /resin-boot/system-connections folder. If I understand this correctly, all files in this folder are working networking configurations right?

In this file, the following example is given:

[connection]
id=resin-sample
type=wifi

[wifi]
hidden=true
mode=infrastructure
ssid=My_Wifi_Ssid

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=super_secret_wifi_password

So if I would have a resin-device with a wifi dongle (or even the raspberry pi 3 ) and host a network with SSID My_Wifi_Ssid and the password super_secret_wifi_password it would always connect!

This could be used as a backdoor…

imrehg · April 18, 2017, 12:42pm

Thanks for the report, filed an internal issue and will be taking care of this!

lekkas · February 14, 2018, 2:40pm

Hi @fokko,

Just a quick update, this issue has been resolved since resinOS version v2.2.0.

This might also be a good place to mention that users with affected versions can perform a self-service update - https://docs.resin.io/updates/self-service/#running-an-update.

Thanks again for the report,
Kostas

fokko · February 15, 2018, 8:33pm

Thanks Kostas for the update