JP1 Remotes Forum Index JP1 Remotes


FAQFAQ SearchSearch 7 days of topics7 Days MemberlistMemberlist UsergroupsUsergroups RegisterRegister
ProfileProfile Log in to check your private messagesLog in to check your private messages Log inLog in

Exploits via Remotes

 
Post new topic   Reply to topic    JP1 Remotes Forum Index -> JP1 - General Forum
View previous topic :: View next topic  
Author Message
bevhoward



Joined: 24 Jun 2005
Posts: 245

PostPosted: Tue Aug 02, 2005 9:37 am    Post subject: Exploits via Remotes Reply with quote

The following stories are disturbing plus the fact that it seems that JP1 technology has the potential to fall directly in the middle of a new and dangerous exploit technology.

http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.BH.LaurieDay2

http://www.wired.com/news/privacy/0,1848,68370,00.html?tw=wn_2polihead

http://www.wired.com/news/print/0,1294,68370,00.html

I'm posting this with the thought of prompting an open discussion on this forum's position as this topic heats up as it is likely to do in the next weeks.

Note, I have intentionally omitted two key words in the subject and body of this message to keep it from being picked up by search engines and related to the topic in the above articles... reading the above articles will explain those omissions.
Back to top
View user's profile Send private message
johnsfine
Site Admin


Joined: 10 Aug 2003
Posts: 4766
Location: Bedford, MA

PostPosted: Tue Aug 02, 2005 10:18 am    Post subject: Reply with quote

Unless I'm totally misunderstanding things, those pages seriously overstate the IR aspect of those issues:

1) Many of the devices described as IR are normally RF. I think always RF, but I can't be certain there isn't some bizare model out there.

2) The most serious issues relate to connecting a device to the internal cable system that wasn't expected to be connected. In other words an important layer of protection was assumed to be provided by the end devices on the internal cable system and is totally bypassed by connecting a different end device. That is an interesting exploit issue but no IR component.

The tiny IR component relates to things the TV may be programmed to do that the provided remote doesn't have buttons for. JP1 might be a tool for such things in the hands of an extreme amatuer. But I think direct PC capture and transmit of IR signals would be the method of choice for anyone serious about such things. In which case our reverse engineering of so many IR formats is much more relevent than JP1 itself.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
bevhoward



Joined: 24 Jun 2005
Posts: 245

PostPosted: Tue Aug 02, 2005 10:54 am    Post subject: Reply with quote

>> overstate <<

That was my first impression as well (appears that ir is widely used in europe for car and garage entry,) but digging into the billing and related aspects of the articles was where my concern arose.

I think that these articles will result in an eventual "lockdown" but I also think that that happening will take time.

Since my post, have uncovered some additional facts that point to the direction of exploit being computer rather than remote based.

Page 2 of http://www.wired.com/news/privacy/0,1848,68370,00.html?tw=wn_2polihead goes more into the threat details.
Back to top
View user's profile Send private message
johnsfine
Site Admin


Joined: 10 Aug 2003
Posts: 4766
Location: Bedford, MA

PostPosted: Tue Aug 02, 2005 12:13 pm    Post subject: Reply with quote

bevhoward wrote:

Since my post, have uncovered some additional facts that point to the direction of exploit being computer rather than remote based.


That's what I meant by my "end device" comment: Connect an ordinary computer (with appropriate interface) in place of the custom TV to the internal cable system, and you have access to things on the cable that were intended to be managed by firmware in the custom TV.

Nothing you could do with the IR remote could give you anything you couldn't get via that computer approach and the computer approach can give you lots you couldn't get with IR. If the TV custom firmware is really simplistic (probably is) then using IR might be easier than using a computer for getting some subset of what you might get by computer.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
underquark
Expert


Joined: 20 Jun 2005
Posts: 871
Location: UK

PostPosted: Tue Aug 02, 2005 3:09 pm    Post subject: Reply with quote

I have a much more sinister plan. My son and his friends have all got those Tamagotchi things that communicate (and breed) with each other via IR. Mini-bar, here I come Twisted Evil
Back to top
View user's profile Send private message
rhm5757
Advanced Member


Joined: 03 Aug 2003
Posts: 33

PostPosted: Fri Aug 05, 2005 8:17 pm    Post subject: Reply with quote

One of the more common backend systems is called LodgeNet. These usually have very crappy "stick" remotes with tiny square buttons. I learned all the buttons for it one time when I brought one of my JP1 remotes to a hotel that used that system, since it uses a unique NEC1 device and subdevice code not normally in a UEIC remote. I then made an upgrade when I got back home, which of course I still have, but never did anything with it. I never really got a chance to, as I don't think I've stayed at a hotel with LodgeNet since. Of course I was planning on looking for hidden codes to do things like unlock channels, because I have often been frustrated with these things locking channels on the system. I guess those hidden codes actually exist. Too bad they're likely going to be locked down now.
Back to top
View user's profile Send private message Visit poster's website AIM Address
The Robman
Site Owner


Joined: 01 Aug 2003
Posts: 18839
Location: Chicago, IL

PostPosted: Sat Aug 06, 2005 2:35 pm    Post subject: Reply with quote

The g@rage door openers and key f0b remotes are not an issue as most of them (if not all of them) are RF based.

The h0tel TVs do offer more possibilites though.

I doubt that you can do anything that sinister (like the billing stuff) without a computer (as has been suggested) but you might be able to unlock channels and things like that. Most h0tels use special TVs which allow you to disable certain functions, which could be unlocked by a JP1 user.
_________________
Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help!
Back to top
View user's profile Send private message Visit poster's website
underquark
Expert


Joined: 20 Jun 2005
Posts: 871
Location: UK

PostPosted: Sun Aug 07, 2005 2:19 am    Post subject: Reply with quote

The Robman wrote:
Most h0tels use special TVs which allow you to disable certain functions, which could be unlocked by a JP1 user.


Equally U could try out various c0des & end up hitting on the p0rn0 film option and having to pay for it or argue loudly at the reception desk tht it wasn't U. I suspect tha' even if some systems are so lax as to allow U access that at least they might l0g where the commands originated from so that even if this was related to Jay-Pee-One and even if U could get it to work it wood be a bit lyke throuwing a brycke thrua jewellers' shop window - i.e. both illlegal and rather obvious.
Back to top
View user's profile Send private message
The Robman
Site Owner


Joined: 01 Aug 2003
Posts: 18839
Location: Chicago, IL

PostPosted: Sun Aug 07, 2005 10:49 am    Post subject: Reply with quote

OK you-queue, I've got your numb3r! Smile
_________________
Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help!
Back to top
View user's profile Send private message Visit poster's website
underquark
Expert


Joined: 20 Jun 2005
Posts: 871
Location: UK

PostPosted: Mon Aug 14, 2006 6:38 pm    Post subject: Reply with quote

Bump.

One year on (hey, I'm patient) and no Tamagotchi codes yet? We're onto generation 3 of the little bu66ers.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       JP1 Remotes Forum Index -> JP1 - General Forum All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

Powered by phpBB © 2001, 2005 phpBB Group
Get Smart! the band's official homepage Rockabilly Central