Possible back door with v2.x wifi example file?

wifi

#1

Hey there,

Just configured my first static IP address on the new V2.0 OS. It got my attention there is a resin-sample file in the /resin-boot/system-connections folder. If I understand this correctly, all files in this folder are working networking configurations right?

In this file, the following example is given:

[connection]
id=resin-sample
type=wifi

[wifi]
hidden=true
mode=infrastructure
ssid=My_Wifi_Ssid

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=super_secret_wifi_password

So if I would have a resin-device with a wifi dongle (or even the raspberry pi 3 :open_mouth: ) and host a network with SSID My_Wifi_Ssid and the password super_secret_wifi_password it would always connect!

This could be used as a backdoor… :see_no_evil:


#2

Thanks for the report, filed an internal issue and will be taking care of this!


#5

Hi @fokko,

Just a quick update, this issue has been resolved since resinOS version v2.2.0.

This might also be a good place to mention that users with affected versions can perform a self-service update - https://docs.resin.io/updates/self-service/#running-an-update.

Thanks again for the report,
Kostas


#6

Thanks Kostas for the update :+1: