wifi security

New members questions
Post Reply
Topcat
Posts: 18
Joined: Sat Feb 02, 2013 8:03 pm

wifi security

Post by Topcat »

Hi,

Is there any security on the wifi server as in a user name and password, once you forward the port its open to the world.

Thanks
Tony
rimai
Posts: 12857
Joined: Fri Mar 18, 2011 6:47 pm

Re: wifi security

Post by rimai »

There is a pending implementation in the git repo.
https://github.com/reefangel/Libraries/issues/71
The problem is that if I enable it, it will break all apps we have available.
It has not been tested either.
If you would like to help testing it, you are more than welcome to help :)
Roberto.
Topcat
Posts: 18
Joined: Sat Feb 02, 2013 8:03 pm

Re: wifi security

Post by Topcat »

Hi,

Thanks

So not even basic http authentication on the webserver?

as is .htaccess files?

Thanks
Tony
User avatar
lnevo
Posts: 5422
Joined: Fri Jul 20, 2012 9:42 am

Re: wifi security

Post by lnevo »

It's a very basic web server...it's not even a web server per se...it's just an http implementation.
Smotz
Posts: 401
Joined: Sat Mar 30, 2013 5:02 pm
Location: CT, USA

Re: wifi security

Post by Smotz »

This is important to me. Any update on this? A hacker could potentially crash any reefangel controlled tank.
rimai
Posts: 12857
Joined: Fri Mar 18, 2011 6:47 pm

Re: wifi security

Post by rimai »

There is a branch in github with this implemented, but it would break all the apps we have and it has not been tested.
So, it needs to be tested to make sure it works and we have to change all the apps to work accordingly too.
If you look at the 2nd post in this thread, you will see where the branch is located.
Roberto.
Smotz
Posts: 401
Joined: Sat Mar 30, 2013 5:02 pm
Location: CT, USA

Re: wifi security

Post by Smotz »

rimai wrote:There is a branch in github with this implemented, but it would break all the apps we have and it has not been tested.
So, it needs to be tested to make sure it works and we have to change all the apps to work accordingly too.
If you look at the 2nd post in this thread, you will see where the branch is located.
I understand. Is it something that is being worked on? As is it is a potential risk.
rimai
Posts: 12857
Joined: Fri Mar 18, 2011 6:47 pm

Re: wifi security

Post by rimai »

Yeah, that branch is probably stale already as it had been developed a few updates back, but I can bring it back current. We still need to test though. Last time, there was no interest from anyone to test it.
Roberto.
User avatar
lnevo
Posts: 5422
Joined: Fri Jul 20, 2012 9:42 am

Re: wifi security

Post by lnevo »

I dont really see this as a big deal..

Set a portalkey if your worried and restrict access to reefangel.com on your router.

Then someone would have to break into roberto's server and know your portalkey.

Implementing some other authentication doesn't really help IMO.
Smotz
Posts: 401
Joined: Sat Mar 30, 2013 5:02 pm
Location: CT, USA

Re: wifi security

Post by Smotz »

I am happy to help test.

Inevo - not sure what you mean. I did set a portal key. However, you can still get to http://myipaddress:2000/wifi
I actually changed the port also.

If I restrict access to just reefangel.com then I cannot get to it from my phone, work pc, etc..
User avatar
lnevo
Posts: 5422
Joined: Fri Jul 20, 2012 9:42 am

Re: wifi security

Post by lnevo »

You may still be able to get to it, but without putting the key into the URL you should not be able to execute any commands...

If you restrict it you would increase the security...

The old iphone app used to have an option to relay commands through the portal for this exact situation... and maybe the android has it too where the portal would forward the command from the phone.... you might even be able to hack that functionality by changing the URL to the portal URL with all the arguments required. Curt would have to advise if that's possible...
binder
Posts: 2865
Joined: Fri Mar 18, 2011 6:20 pm
Location: Illinois
Contact:

Re: wifi security

Post by binder »

having the android app forward a command through the portal is not currently possible. I would have to look into how that could work. the best option would for me to implement the portal key ability and then we would not have to worry about it. well.... unless you wanted to lock down communication to only come from the portal.
guess I will need to take a look at how that can be done... the relaying of commands. of course, Roberto will probably chime in on how that is possible.

Sent from my Nexus 7
rimai
Posts: 12857
Joined: Fri Mar 18, 2011 6:47 pm

Re: wifi security

Post by rimai »

I think the patch I made a while ago would use the portal key in the controller too.
I need to revisit it to bring it back to current.
So, every request to the webserver would have to include the key.
For example:
http://ipaddress:2000/r99&key=myportalkey
If the key wasn't included, the command would be ignored.
Roberto.
solasido

Re: wifi security

Post by solasido »

I am still not satisfied with RA security.

It should at least support SSL, and then perform user authentication over SSL.

Generally the motivation to harm someone should be low; but we cannot ignore the possibility of some anti-social people. If someone intend to cause harm to someone or the family, obtain the key (e.g. via network sniffing) and try to overheat the devices by overloading it over and over, causing fire sparks and fire; or cause flooding and hopefully if the wiring is not well designed, it will cause short-circuit by salt-water (marine tank).
wtitb
Posts: 32
Joined: Sun Nov 17, 2013 3:32 pm

Re: wifi security

Post by wtitb »

Hi,

I was also not happy with this. So my solution to secure the access is like this: First, I restrict port 2000 to my local network only. So only at home I can control the RA with the app. For secure remote access, I use connectbot for Android to login at home with a secure SSH connection and portforward 2000 to the RA (no root required!). In the RA app I use the "away" profile for this with address localhost:2000.
One can setup connectbot with a private key file, so connecting with my home network is just one click.

cheers,
Christian
User avatar
lnevo
Posts: 5422
Joined: Fri Jul 20, 2012 9:42 am

Re: wifi security

Post by lnevo »

SSL should not be in play here at all. There is no data here we are trying to protect like credit card or personal data. The only thing that is needed is a better authentication so that the RA cannot be controlled by unauthorized access. Personally I think the portal key is sufficient for this, but obviously more can be done. This is an arduino device. If you want SSL you are welcome to try and implement it. But theres a lot of crypto and effort that would be required. The most effective thing to do would be as wtibib said and lock down who can access port 2000 on your network and access your network via some type of secure VPN. The outbound connection to update the portal for monitoring does not require inbound access.
Post Reply