Kodak Wireless Picture Frames Open To Public 185
Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."
Mac address anatomy (Score:5, Insightful)
Havent thought about this for awhile, but IIRC the first three octets are supposed to indicate the manufacturer of the device, so if we can assume the NIC in these frames is always from the same manufacturer, the address space to search becomes much smaller. Still, it's going to be pretty huge, with probably the largest number of possible URLs invalid, and most of the valid ones full of normal junk no one but family/friends really want to see anyhow. The probability of one or two really nice racy pictures in there will no doubt motivate someone to search the space eventually though.
If you see anything good, or even just really strange, be sure and post it here!
cue ... (Score:2, Insightful)
How many people will get their brand new frame... (Score:5, Insightful)
Re:How many people will get their brand new frame. (Score:1, Insightful)
With the right script and an image recognition software, everyone in a few hours.
Re:zero day vulnerability? (Score:5, Insightful)
No don't mess yourself up in the first place.
It's called a cloudfeature being so it's not a bug it's a KODAK ;)
Share your memories and your nude girlfriends with your friends, enemies, law enforcement agencies and employers - and clouds[1].
[1]http://www.myspace.com/developerchallenge
Re:zero day vulnerability? (Score:5, Insightful)
Classic shock site stuff turns the stomach; but, for that reason, is a pretty implausible thing to have show up outside of a hack.
A steady stream of sexual but more or less pedestrian pictures, on the other hand, is a much more plausible thing for somebody who has a little something to hide from his/her family/significant other/doting grandparents to accidentally upload to the wrong location.
For pure nausea you can't really beat the classics; but for pure evil, the more plausible, the better...
The sad thing is... (Score:5, Insightful)
Re:Actually this illustrates the problem well (Score:4, Insightful)
Ofcourse, because tracking children down through compromised picture frames is so much more convenient for a person with malicious intent than just going to a local playground or primary school.
I really dont understand this urge of blowing simple stories completely out of proportion by mentioning pedosexuals, muslims or the banking system.
Re:Mac address anatomy (Score:5, Insightful)
I'd say, until given compelling evidence otherwise, that any product using FrameChannel as a backend is Fucked. Worse, there may well be nothing that FrameChannel can do about it without breaking the service for all existing devices in the field. I'm sure, in principle, that those devices are firmware upgradeable(almost definitely just an embedded OS on a chunk of flash, with a weedy little ARM or MIPS SoC); but there is no assurance at all that the device manufacturers will offer one, nor does having to apply a critical firmware upgrade really fit well with the "ready for use by Grandma" image that the photoframes would really like to cultivate.
I would say that we are looking at a much wider problem. This isn't just some hardware company fucking up the service that they hacked together as an afterthought to support their hardware product. This is a service provider company, whose service is integrated into hardware from over a dozen manufacturers, whose core service is completely broken and absurdly insecure. All it would take is one marginally tech-competent journalist to find a couple of baby pictures and/or a frame preloaded with 2-girls 1-cup to kick these guys so hard in the stock price that their investors' children won't be able to sit down for a month....
Re:Doesn't surprise me (Score:3, Insightful)
Given how rudimentary and just plain awful Kodak's interface was for their WiFi picture frames from 2 years ago when I bought a few for the family to share the same albums with each other across the nation, this story doesn't surprise me in the least.
I've noticed that problem is nearly universal across the entire pic frame marketplace. I swear the manufacturers are trying to kill the marketplace by intentionally making frame with horrific UIs.
Why can't I buy a frame that simply displays a .RSS on the internet? Not a monthly pay service. Not some 3rd party that'll probably be out of business before the batteries die. Not some special format only. Just freaking show me the pix. And please no BS about processing power as everyone knows a 8 MHz XT in the 80s was good enough to view Pr0n so don't give me some BS that a dedicated 100 MHz process "could never possibly display a picture without preprocessing".
Why can't I buy a frame that simply displays a URL? Heres the webcam IMG tag, now download it every 60 minutes and leave me alone? Again no stupid third party subscription BS please?
Why can't I buy a frame that simply watches for a specific browsable SMB share and directory, and every time it appears on the network, sync to the local copy, plus sync every 15 minutes thereafter?
All I can find to purchase is either flash card only, or if its networked its absolute junk garbage.
Unless some manufacturer will build one that doesn't suck (and I got a pocket full of cash I'm willing to spend), I'm going to have to wall mount a plain ole LCD monitor, get one of those "video over Cat-5 balun thingys" and run a low power PC in my basement. I swear I'm gonna do it this year (is that the geekiest 2010 new years resolution ever?)
Re:Mac address anatomy (Score:3, Insightful)
Also, the company behind this service is Thinking Screen Media [thinkingscreen.com]. This sort of thing is, in fact, their core business.
The above link has linkedin profiles for their entire management team and board of directors. Who wants to break the news?
Re:Not difficult to track down actual users (Score:4, Insightful)
Ah yes, the infamous false dichotomy. :) Because simply putting a "Your Photo Frame Has Been Hacked" message just wouldn't do. Only hard-core porn is appropriate.
Re:Doesn't surprise me (Score:5, Insightful)
"Why can't I buy a frame that simply displays a URL?" .RSS on the internet? Not a monthly pay service."
"Why can't I buy a frame that simply watches for a specific browsable SMB share and directory, and every time it appears on the network, sync to the local copy, plus sync every 15 minutes thereafter?"
"Why can't I buy a frame that simply displays a
Because then how can the manufacturer of the frame monitize you from a worthless waste of baryonic matter into a shining revenue stream? You forget your place, consumer: you are to consume product and crap cash on demand, month in, month out. Now get to work!
Re:zero day vulnerability? (Score:5, Insightful)
I'm sure you are all more than capable of imagining the fallout without any further explanation; it's hard to find anything being more of the
Simple reason WHY they did it... (Score:4, Insightful)
Its sloppy to do, but here's why they did it....
Each device needs a unique serial number, something to identify it. But at the same time, they didn't want to customize the firmware for each device to include a serial number.
So instead, some brilliant programmer observed that the embedded processor can get the MAC address from the NIC and use that as a serial number for accessing the web page.
This is an old and useful trick, but the only problem is although it gives you a unique serial number per device, it gives you a predictable serial number per device and because of the nature of the back-end service, they didn't just need a UNIQUE serial number, but also an UNPREDICTABLE serial number. Ooops.
Re:Actually this illustrates the problem well (Score:1, Insightful)
And the exact same thing can't happen via webpages, blogs, social networking sites, and any of eleventy billion other places people post photos of their children?
Christ, get a sense of perspective here.
Re:Actually this illustrates the problem well (Score:3, Insightful)
The frame would have switched back to the activation screen again. The owner would've scratched his head, shrugged, followed the activation instructions and re-upped his photos, innocent to the dark forces swirling beneath the surface of his friendly-looking gadgets.
Re:Wonder if they can block by User-Agent (Score:1, Insightful)
All FrameChannel has to do is immediately turn off the ability to connect to RSS feeds by MAC address. They already have an alternative capability to connect by username/password, and the Kodak frames already support it. Users may be temporarily annoyed at having to change their connect method on the frame, but Kodak can fix that later with a firmware update.
As for registering a frame in the first place, each frame also has a unique serial number, so it would be pretty easy for FrameChannel to tighten up the registration procedure by requiring all new registrations of Kodak frames to provide their serial number as well as the ID code.