Remote Rig

RRC 1258 Support in English => Feature Requests => Topic started by: k5tri on 2018-07-22, 17:16:52

Title: SSL encryption for network traffic
Post by: k5tri on 2018-07-22, 17:16:52

Are there any plans to add SSL/TLS encryption to the RemoteRig boxes? Currently all traffic for example for the web interface is
being sent in clear text over the public Internet which makes it vulnerable for attacks.

73 Mike K5TRI

Title: Re: SSL encryption for network traffic
Post by: VK3ALB on 2018-07-22, 22:38:34

For my own understanding, once someone gets in to the web interface what can occur from there. Also, what can be gained from looking at or accessing the RRC traffic?

Sent from my SM-T350 using Tapatalk

Title: Re: SSL encryption for network traffic
Post by: k5tri on 2018-07-31, 02:44:13

Quote from: VK3ALB on 2018-07-22, 22:38:34

For my own understanding, once someone gets in to the web interface what can occur from there. Also, what can be gained from looking at or accessing the RRC traffic?

Sent from my SM-T350 using Tapatalk

Once you get into the RR box and root it you have a device on the local network from which you can then start other attacks.  Protecting the RR itself is just
one part of the equation. Protecting the network is the much more important one.

Title: Re: SSL encryption for network traffic
Post by: sm2o on 2018-07-31, 08:31:17

There is no Linux  Operating system or any other OS in the RRC so you can't use it for attacks like you can with many Linux devices if you can get access the OS.

/mike

Title: Re: SSL encryption for network traffic
Post by: k5tri on 2018-08-06, 06:24:21

Which OS is running inside the RR boxes? I do understand very well that I don't need a Linux kernel on a device to run
malicious code. There are plenty of other ways. You are running an TCP/IP stack in that box. You are running a web server
in that box.

So far the only responses I've seen to this questions seem like excuses as to why there is no need to secure a device on the
network. This can't be a serious response from anybody who even only has 101 level knowledge of network security.

As it stands right now I have to take extra steps to make this solution more secure myself because the manufacturer doesn't
seem to care to provide a secure solution. Very poor customer service in my book.

Title: Re: SSL encryption for network traffic
Post by: sm2o on 2018-08-06, 09:48:21

There is no OS at all in the Remoterigs.

If more security is needed a VPN-tunnel is probably the best solution.

There is no report at all about any security issues where Remoterig have been Involved

73 de mike

Title: Re: SSL encryption for network traffic
Post by: k5tri on 2018-08-06, 21:37:08

Care to share more of the internals then to remove those concerns? How is the TCP/IP stack implemented? What about the webserver part?

73 Mike

p.s.: BTW. beautiful location of your remote station :)