RRC 1258 Support in English > Feature Requests

SSL encryption for network traffic

(1/2) > >>

k5tri:
Are there any plans to add SSL/TLS encryption to the RemoteRig boxes? Currently all traffic for example for the web interface is
being sent in clear text over the public Internet which makes it vulnerable for attacks.

73 Mike K5TRI

VK3ALB:
For my own understanding, once someone gets in to the web interface what can occur from there. Also, what can be gained from looking at or accessing the RRC traffic?

Sent from my SM-T350 using Tapatalk

k5tri:

--- Quote from: VK3ALB on 2018-07-22, 22:38:34 ---For my own understanding, once someone gets in to the web interface what can occur from there. Also, what can be gained from looking at or accessing the RRC traffic?

Sent from my SM-T350 using Tapatalk

--- End quote ---

Once you get into the RR box and root it you have a device on the local network from which you can then start other attacks.  Protecting the RR itself is just
one part of the equation. Protecting the network is the much more important one.

sm2o:
There is no Linux  Operating system or any other OS in the RRC so you can't use it for attacks like you can with many Linux devices if you can get access the OS.

/mike

k5tri:
Which OS is running inside the RR boxes? I do understand very well that I don't need a Linux kernel on a device to run
malicious code. There are plenty of other ways. You are running an TCP/IP stack in that box. You are running a web server
in that box.

So far the only responses I've seen to this questions seem like excuses as to why there is no need to secure a device on the
network. This can't be a serious response from anybody who even only has 101 level knowledge of network security.

As it stands right now I have to take extra steps to make this solution more secure myself because the manufacturer doesn't
seem to care to provide a secure solution. Very poor customer service in my book.

Navigation

[0] Message Index

[#] Next page