Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2] 3

Author Topic: Safely networking TV on guest WLAN  (Read 1177 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4182
Re: Safely networking TV on guest WLAN
« Reply #15 on: November 17, 2021, 09:01:20 PM »

I wouldnt laugh so hard, anything is exploitable.

Might as well laugh, before I cry.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10515
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Safely networking TV on guest WLAN
« Reply #16 on: November 18, 2021, 08:18:57 AM »

My wife was involved with a charity that helped people some of whom are genuine security device users, seriously in a bad way. Not good.

We’ve all read about CPE being successfully attacked some years back, albeit from the LAN side, not the WAN afaiaw. Deciding to be worried about something is one thing; wondering whether or not there’s anything to be worried about is just the precautionary principle, no? Having adopted the latter route to wisdom, I sought to call upon the combined brainpower of my kitizen friends and to see if I have missed anything.
« Last Edit: November 18, 2021, 08:53:49 AM by Weaver »
Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1112
Re: Safely networking TV on guest WLAN
« Reply #17 on: November 18, 2021, 09:06:28 AM »

I removed networking configuration from our TV as I was fed up with it always bitching about software updates being available.
Logged

Reformed

  • Reg Member
  • ***
  • Posts: 133
Re: Safely networking TV on guest WLAN
« Reply #18 on: November 18, 2021, 01:49:37 PM »

but far more important, a vulnerability in the TV when it has opened a hole in my firewall by creating a session.

I didn't mention: this isn't an issue. The outbound session should be over TLS anyway and even if it's not an attacker would have to compromise DNS infrastructure somewhere in order to obtain control over the endpoint the TV is trying to reach. Can't spoof into the connection as would require correct TCP sequence number, alongside the port and IP of the existing session and a way to receive responses.

If an attacker can exploit an outbound TCP flow the TV is the least of your concerns - someone is sniffing all your data.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6727
Re: Safely networking TV on guest WLAN
« Reply #19 on: November 18, 2021, 05:26:48 PM »

Do smart TVs have a web browser usually?
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

g3uiss

  • Reg Member
  • ***
  • Posts: 903
  • You never too old to learn
    • Midas Solutions
Re: Safely networking TV on guest WLAN
« Reply #20 on: November 18, 2021, 07:46:00 PM »

Yes most do
Logged
Zen FTTC X 2 HG612 modems VOXI 4G with Vigor 2927

tubaman

  • Addicted Kitizen
  • *****
  • Posts: 8796
Re: Safely networking TV on guest WLAN
« Reply #21 on: November 19, 2021, 08:33:24 AM »

Yes most do

You'd have to be desperate to want to use the one on my Samsung TV!  :lol:
Logged
BT FTTC 55/10 Huawei Cab - Zyxel VMG8924-B10A

g3uiss

  • Reg Member
  • ***
  • Posts: 903
  • You never too old to learn
    • Midas Solutions
Re: Safely networking TV on guest WLAN
« Reply #22 on: November 19, 2021, 09:01:44 AM »

I agree there M most are virtually impossible to use
Logged
Zen FTTC X 2 HG612 modems VOXI 4G with Vigor 2927

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4182
Re: Safely networking TV on guest WLAN
« Reply #23 on: November 21, 2021, 06:50:39 PM »

I washing machine has finally died after about 15 years, and I can't fix it, the drum seems to be melting its way through the plastic outer drum, even though the bearings feel fine.

Anyway the main reason I'm posting is because the new one is wifi enabled, a washing machine! Mind you it does look like it will have its uses.
« Last Edit: November 22, 2021, 01:19:45 PM by Ronski »
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6727
Re: Safely networking TV on guest WLAN
« Reply #24 on: November 21, 2021, 10:03:37 PM »

I washing machine has finally died after about 15 years, and I can't fix it, the drum seems to be melting its way through the plastic outer drum, even though the bearings feel fine.

Anyway the main reason I'm posting is because its wifi enabled, a washing machine! Mind you it does look like it will have its uses.

They made wifi enabled washing machine 15 years ago? O_o
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10515
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Safely networking TV on guest WLAN
« Reply #25 on: November 21, 2021, 10:58:52 PM »

My wife has now set up Kitchen TV on guest WLAN. She even remembered to do some other config in it such as disabling auto software update downloads. I forgot to talk to her about IPv4 address allocation so will do that tomorrow. I’m not going to take its IPv4 out of the small address pool for guests as I don’t want permanent residents eating into it, so I’ll probably allocate its address statically. I will think about that when I’m not so tired.
Logged

Reformed

  • Reg Member
  • ***
  • Posts: 133
Re: Safely networking TV on guest WLAN
« Reply #26 on: November 21, 2021, 11:23:11 PM »

Wouldn't it be better to put the guests behind NAT than spend public IP addresses on them? I presume FBs can do this?
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10515
  • Retd s/w dev; A&A; 3x7km lines; Firebrick
Re: Safely networking TV on guest WLAN
« Reply #27 on: November 22, 2021, 12:55:49 AM »

Certainly could do that. Would make my config slightly messier, but I think you could have NATed sub-subnet like that, I’d have to ask.

At the moment though I’m not even remotely short of IPv4s. Old kit will hopefully be retiring and be made IPv6-only if possible. Already several old devices have just been retired, freeing up a lot of IPv4 addresses too.’

One reason I don’t like to do that at all is that it would make it far more difficult for me to spy on these devices and any other guest devices. I want to know what they’re getting up to if they use my network. We don’t offer ‘accommodation guests’ internet access now and if we ever do, I would require any such future users to indicate that they understand that we will only ever spy on them for the purposes of network admin and also even then only with their prior agreement.

But as for spying on kit:
  • need to find out if it’s phoning home, if so, to where,
  • using too much network capacity; especially upstream; suspicious ports or IP protocol numbers,
    where,
  • is broken - eg horrid NetAtmo weather station that my wife spent good money on, and it kept disappearing from the WLAN and then reappearing and doing an new DHCP request all the time in some crazy fashion.
Say we have a ‘client/user’ category of ‘personal guests - untrusted’, like friends who come to stay and bring kit that I don’t trust - because it could be crawling with nasties. Within this category we have something like ‘long-term resident personal guests untrusted’ and this TV goes into this new sub-sub-category of untrusted long term personal guests. I had part of this design successfully implemented for years until Apple blew the whole thing apart with source MAC address faking, as my design had relied on the insecure, and highly non-maintenance friendly (ie. not sysadmin-scalable) strategy of using certain firewall rules based on whitelisted source MAC addresses.

I need to find out what people do here who know what they’re doing. I’m also thinking about looking into whether or not I can make use of VLANs in my old ZyXEL WAPs which appear to have a feature that looks like it might be useful but who knows what it does because the documentation is a disaster. Written by people who have no idea what it all meant and were too deferential to the gods that are the devs to ask and wouldn’t understand the replies anyway. (From my personal experience of working inside a software company.)
« Last Edit: November 22, 2021, 01:20:59 AM by Weaver »
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4182
Re: Safely networking TV on guest WLAN
« Reply #28 on: November 22, 2021, 01:22:21 PM »

They made wifi enabled washing machine 15 years ago? O_o

Nope, I meant the new one, post edited to reflect that.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

j0hn

  • Kitizen
  • ****
  • Posts: 3719
Re: Safely networking TV on guest WLAN
« Reply #29 on: November 22, 2021, 02:06:04 PM »

I need to find out what people do here who know what they’re doing.

They use NAT.

Giving devices you don't trust a public, globally routeable IPV4 address isn't the place to start.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM
Pages: 1 [2] 3
 

anything