"Our sales would plummet!"

Nov. 3rd, 2018 06:37 pm
lovingboth: ([default])
[personal profile] lovingboth
Spotted in a charity shop today for a couple of quid, one Google Chromecast stick, first edition.

It would be nice to have something to show the tablet / phone's screen on the TV, plus the idea of not being tied to Virgin is good, so I buy it.

It sets up ok, albeit with far too many 'let's stop sending anything to the screen' switch offs. I wonder whose wifi network was called [redacted] though?

And in a few minutes, I am broadcasting my phone's screen to my TV...

... when our guest demonstrates that - if you are on the relevant wifi network - you can seize control of what's displayed with no 'is this ok?' to the device that currently has it. It's just given to them.

Presumably this is why people don't use them for public displays, but I think it'd be more appropriate if the box bore a great red label: 'WARNING : LARK'S VOMIT!!! totally insecure to anyone on your network'...
Flat | Top-Level Comments Only

(no subject)

Date: 2018-11-04 07:07 am (UTC)
doug: (Default)
From: [personal profile] doug
Yeah, I think the official advice is not to give people your wifi password if that's a problem for you (!). There's Guest Mode that you can turn off and on (possibly only on later models?) but that lets 'nearby' devices control your Chromecast without even being on the same wifi network. (I think 'nearby' cashes out as 'within audio range of an ultrasonically transmitted PIN, or failing that, able to type a 4-digit PIN shown on the Chromecast screen'.) This does open up the possibility of managing your Chromecast by having a separate wifi network for visitors and turning Guest Mode off, and only turning it on if you actually want a guest to control your Chromecast.

(I did initially set up my router with a separate visitor network to facilitate this sort of arrangement, and for general security, but so many things want to be on the same wifi network to work that in practice everyone uses the main one.)

In fairness I can sort-of see what the people responsible were thinking. They're probably the sort of people who had TV-B-Gones and TV remote control apps on their phones when they came with IR ports. And if you are feeling malicious and unscrupulous towards someone whose wifi password you have, you can do a lot worse than simply displaying something they don't like on their TV.

(no subject)

Date: 2018-11-04 03:45 pm (UTC)
lovingboth: (Default)
From: [personal profile] lovingboth
One of the annoyances with my router is that I can't find the setting to say, yes, it is ok to let a wifi user have access to something else on this subnet :)

(no subject)

Date: 2018-11-04 12:13 pm (UTC)
barakta: (Default)
From: [personal profile] barakta
Yep we noticed this a few years back at New Years Eve where we tried someone's chromecast on Nat's telly and realised any one with the right app or something could just change the channel...

I do agree with you that it's a security WTF but also agree with Doug to a degree. Our wireless network is quarantined from other parts of the network partly cos we're reasonably open about who gets a wifi password (and tbh I won't give it to people I don't trust not to be (too) evil with it.
Flat | Top-Level Comments Only

Profile

lovingboth: (Default)
Ian

February 2026

S M T W T F S
1234567
8910 11121314
15161718192021
22232425262728

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Top of page