Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kodak Wireless Picture Frames Open To Public

Posted by kdawson on from the look-ma-a-picture-of-a-goat dept.

Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."

18 of 185 comments (clear)

  1. Mac address anatomy by Arker · · Score: 4, Insightful

    Havent thought about this for awhile, but IIRC the first three octets are supposed to indicate the manufacturer of the device, so if we can assume the NIC in these frames is always from the same manufacturer, the address space to search becomes much smaller. Still, it's going to be pretty huge, with probably the largest number of possible URLs invalid, and most of the valid ones full of normal junk no one but family/friends really want to see anyhow. The probability of one or two really nice racy pictures in there will no doubt motivate someone to search the space eventually though.

    If you see anything good, or even just really strange, be sure and post it here!

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
    1. Re:Mac address anatomy by fuzzyfuzzyfungus · · Score: 4, Insightful

      Anybody else notice the "/productId=KD9371" bit of the URL? It would appear that this "framechannel" service either is, or is designed to be able to be, the backend to multiple digital-photo-frame products, possibly including those from other manufacturers. I couldn't find any other valid product IDs, but that was only in 30 seconds of putting in random strings, not a real effort.(and they claim )

      I'd say, until given compelling evidence otherwise, that any product using FrameChannel as a backend is Fucked. Worse, there may well be nothing that FrameChannel can do about it without breaking the service for all existing devices in the field. I'm sure, in principle, that those devices are firmware upgradeable(almost definitely just an embedded OS on a chunk of flash, with a weedy little ARM or MIPS SoC); but there is no assurance at all that the device manufacturers will offer one, nor does having to apply a critical firmware upgrade really fit well with the "ready for use by Grandma" image that the photoframes would really like to cultivate.

      I would say that we are looking at a much wider problem. This isn't just some hardware company fucking up the service that they hacked together as an afterthought to support their hardware product. This is a service provider company, whose service is integrated into hardware from over a dozen manufacturers, whose core service is completely broken and absurdly insecure. All it would take is one marginally tech-competent journalist to find a couple of baby pictures and/or a frame preloaded with 2-girls 1-cup to kick these guys so hard in the stock price that their investors' children won't be able to sit down for a month....

    2. Re:Mac address anatomy by fuzzyfuzzyfungus · · Score: 2, Insightful

      I messed up the link. It should be their claimed list of devices.

      Also, the company behind this service is Thinking Screen Media. This sort of thing is, in fact, their core business.

      The above link has linkedin profiles for their entire management team and board of directors. Who wants to break the news?

  2. cue ... by Anonymous Coward · · Score: 2, Insightful

    /. effect across the entire product line. Be polite and don''t load them with tubgirl.

  3. How many people will get their brand new frame... by Chrisq · · Score: 4, Insightful

    How many people will get their brand new frame home, plug it in and find that it displays a "preloaded" goatse

  4. Re:How many people will get their brand new frame. by Anonymous Coward · · Score: 1, Insightful

    With the right script and an image recognition software, everyone in a few hours.

  5. Re:zero day vulnerability? by burni2 · · Score: 5, Insightful

    No don't mess yourself up in the first place.

    It's called a cloudfeature being so it's not a bug it's a KODAK ;)

    Share your memories and your nude girlfriends with your friends, enemies, law enforcement agencies and employers - and clouds[1].

    [1]http://www.myspace.com/developerchallenge

  6. Re:zero day vulnerability? by fuzzyfuzzyfungus · · Score: 4, Insightful

    If one were a truly awful person, one could probably maximize the damage by going with less horrifying images...

    Classic shock site stuff turns the stomach; but, for that reason, is a pretty implausible thing to have show up outside of a hack.

    A steady stream of sexual but more or less pedestrian pictures, on the other hand, is a much more plausible thing for somebody who has a little something to hide from his/her family/significant other/doting grandparents to accidentally upload to the wrong location.

    For pure nausea you can't really beat the classics; but for pure evil, the more plausible, the better...

  7. The sad thing is... by jomegat · · Score: 4, Insightful

    The really sad thing here is that if some white hat wrote a script to find these and upload to them an image warning the owners of the vulnerability, said white hat would almost certainly get smacked down by a DMCA suit or face civil/criminal penalties. No good deed goes unpunished.

    --

    In theory, practice and theory are the same. In practice, they're not.

  8. Re:Actually this illustrates the problem well by Anonymous Coward · · Score: 4, Insightful

    Ofcourse, because tracking children down through compromised picture frames is so much more convenient for a person with malicious intent than just going to a local playground or primary school.

    I really dont understand this urge of blowing simple stories completely out of proportion by mentioning pedosexuals, muslims or the banking system.

  9. Re:Doesn't surprise me by vlm · · Score: 2, Insightful

    Given how rudimentary and just plain awful Kodak's interface was for their WiFi picture frames from 2 years ago when I bought a few for the family to share the same albums with each other across the nation, this story doesn't surprise me in the least.

    I've noticed that problem is nearly universal across the entire pic frame marketplace. I swear the manufacturers are trying to kill the marketplace by intentionally making frame with horrific UIs.

    Why can't I buy a frame that simply displays a .RSS on the internet? Not a monthly pay service. Not some 3rd party that'll probably be out of business before the batteries die. Not some special format only. Just freaking show me the pix. And please no BS about processing power as everyone knows a 8 MHz XT in the 80s was good enough to view Pr0n so don't give me some BS that a dedicated 100 MHz process "could never possibly display a picture without preprocessing".

    Why can't I buy a frame that simply displays a URL? Heres the webcam IMG tag, now download it every 60 minutes and leave me alone? Again no stupid third party subscription BS please?

    Why can't I buy a frame that simply watches for a specific browsable SMB share and directory, and every time it appears on the network, sync to the local copy, plus sync every 15 minutes thereafter?

    All I can find to purchase is either flash card only, or if its networked its absolute junk garbage.

    Unless some manufacturer will build one that doesn't suck (and I got a pocket full of cash I'm willing to spend), I'm going to have to wall mount a plain ole LCD monitor, get one of those "video over Cat-5 balun thingys" and run a low power PC in my basement. I swear I'm gonna do it this year (is that the geekiest 2010 new years resolution ever?)

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  10. Re:Not difficult to track down actual users by Anonymous Coward · · Score: 4, Insightful

    Ah yes, the infamous false dichotomy. :) Because simply putting a "Your Photo Frame Has Been Hacked" message just wouldn't do. Only hard-core porn is appropriate.

  11. Re:Doesn't surprise me by wowbagger · · Score: 4, Insightful

    "Why can't I buy a frame that simply displays a URL?"
    "Why can't I buy a frame that simply watches for a specific browsable SMB share and directory, and every time it appears on the network, sync to the local copy, plus sync every 15 minutes thereafter?"
    "Why can't I buy a frame that simply displays a .RSS on the internet? Not a monthly pay service."

    Because then how can the manufacturer of the frame monitize you from a worthless waste of baryonic matter into a shining revenue stream? You forget your place, consumer: you are to consume product and crap cash on demand, month in, month out. Now get to work!

    --
    www.eFax.com are spammers
  12. Re:zero day vulnerability? by durrr · · Score: 5, Insightful

    For maximum damage; child pornography.
    I'm sure you are all more than capable of imagining the fallout without any further explanation; it's hard to find anything being more of the .jpeg equivalent of nuclear weapons.

  13. Simple reason WHY they did it... by nweaver · · Score: 3, Insightful

    Its sloppy to do, but here's why they did it....

    Each device needs a unique serial number, something to identify it. But at the same time, they didn't want to customize the firmware for each device to include a serial number.

    So instead, some brilliant programmer observed that the embedded processor can get the MAC address from the NIC and use that as a serial number for accessing the web page.

    This is an old and useful trick, but the only problem is although it gives you a unique serial number per device, it gives you a predictable serial number per device and because of the nature of the back-end service, they didn't just need a UNIQUE serial number, but also an UNPREDICTABLE serial number. Ooops.

    --
    Test your net with Netalyzr
  14. Re:Actually this illustrates the problem well by Anonymous Coward · · Score: 1, Insightful

    And the exact same thing can't happen via webpages, blogs, social networking sites, and any of eleventy billion other places people post photos of their children?

    Christ, get a sense of perspective here.

  15. Re:Actually this illustrates the problem well by mike260 · · Score: 2, Insightful

    The frame would have switched back to the activation screen again. The owner would've scratched his head, shrugged, followed the activation instructions and re-upped his photos, innocent to the dark forces swirling beneath the surface of his friendly-looking gadgets.

  16. Re:Wonder if they can block by User-Agent by Anonymous Coward · · Score: 1, Insightful

    All FrameChannel has to do is immediately turn off the ability to connect to RSS feeds by MAC address. They already have an alternative capability to connect by username/password, and the Kodak frames already support it. Users may be temporarily annoyed at having to change their connect method on the frame, but Kodak can fix that later with a firmware update.

    As for registering a frame in the first place, each frame also has a unique serial number, so it would be pretty easy for FrameChannel to tighten up the registration procedure by requiring all new registrations of Kodak frames to provide their serial number as well as the ID code.