Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kodak Wireless Picture Frames Open To Public

Posted by kdawson on from the look-ma-a-picture-of-a-goat dept.

Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."

23 of 185 comments (clear)

  1. Re:zero day vulnerability? by fuzzyfuzzyfungus · · Score: 4, Funny

    It bloody well would, unless the gaping black hole of goatse man in a million homes across the country qualifies as "defense in depth"...

  2. Mac address anatomy by Arker · · Score: 4, Insightful

    Havent thought about this for awhile, but IIRC the first three octets are supposed to indicate the manufacturer of the device, so if we can assume the NIC in these frames is always from the same manufacturer, the address space to search becomes much smaller. Still, it's going to be pretty huge, with probably the largest number of possible URLs invalid, and most of the valid ones full of normal junk no one but family/friends really want to see anyhow. The probability of one or two really nice racy pictures in there will no doubt motivate someone to search the space eventually though.

    If you see anything good, or even just really strange, be sure and post it here!

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
    1. Re:Mac address anatomy by dunezone · · Score: 3, Funny

      If you see anything good, or even just really strange, be sure and post it here!

      Nice try TMZ.

    2. Re:Mac address anatomy by fuzzyfuzzyfungus · · Score: 4, Insightful

      Anybody else notice the "/productId=KD9371" bit of the URL? It would appear that this "framechannel" service either is, or is designed to be able to be, the backend to multiple digital-photo-frame products, possibly including those from other manufacturers. I couldn't find any other valid product IDs, but that was only in 30 seconds of putting in random strings, not a real effort.(and they claim )

      I'd say, until given compelling evidence otherwise, that any product using FrameChannel as a backend is Fucked. Worse, there may well be nothing that FrameChannel can do about it without breaking the service for all existing devices in the field. I'm sure, in principle, that those devices are firmware upgradeable(almost definitely just an embedded OS on a chunk of flash, with a weedy little ARM or MIPS SoC); but there is no assurance at all that the device manufacturers will offer one, nor does having to apply a critical firmware upgrade really fit well with the "ready for use by Grandma" image that the photoframes would really like to cultivate.

      I would say that we are looking at a much wider problem. This isn't just some hardware company fucking up the service that they hacked together as an afterthought to support their hardware product. This is a service provider company, whose service is integrated into hardware from over a dozen manufacturers, whose core service is completely broken and absurdly insecure. All it would take is one marginally tech-competent journalist to find a couple of baby pictures and/or a frame preloaded with 2-girls 1-cup to kick these guys so hard in the stock price that their investors' children won't be able to sit down for a month....

    3. Re:Mac address anatomy by Nerdposeur · · Score: 3, Interesting

      I just sent them an email with a link to this story and urged them to act quickly. This is funny and all, but will someone please think of the grandmas?

  3. so now we know the main plot point by circletimessquare · · Score: 3, Funny

    for "the ring ii"

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. Luckily... by fuzzyfuzzyfungus · · Score: 3, Interesting

    MAC addresses are in no way predictable based on the company producing the product in question, so we should be perfectly safe.

    Sarcasm aside, how could they possibly have thought that this was a good idea? Nobody expects Joe Consumer to remember something as hostile as a MAC address, so there isn't a "user convenience" argument to be made, and anything with enough processor power and mass storage to run these sorts of web functions could have gotten away with cramming in an onboard GUID or some certs or something. WTF?

  5. How many people will get their brand new frame... by Chrisq · · Score: 4, Insightful

    How many people will get their brand new frame home, plug it in and find that it displays a "preloaded" goatse

  6. Re:zero day vulnerability? by burni2 · · Score: 5, Insightful

    No don't mess yourself up in the first place.

    It's called a cloudfeature being so it's not a bug it's a KODAK ;)

    Share your memories and your nude girlfriends with your friends, enemies, law enforcement agencies and employers - and clouds[1].

    [1]http://www.myspace.com/developerchallenge

  7. Re:zero day vulnerability? by fuzzyfuzzyfungus · · Score: 4, Insightful

    If one were a truly awful person, one could probably maximize the damage by going with less horrifying images...

    Classic shock site stuff turns the stomach; but, for that reason, is a pretty implausible thing to have show up outside of a hack.

    A steady stream of sexual but more or less pedestrian pictures, on the other hand, is a much more plausible thing for somebody who has a little something to hide from his/her family/significant other/doting grandparents to accidentally upload to the wrong location.

    For pure nausea you can't really beat the classics; but for pure evil, the more plausible, the better...

  8. The sad thing is... by jomegat · · Score: 4, Insightful

    The really sad thing here is that if some white hat wrote a script to find these and upload to them an image warning the owners of the vulnerability, said white hat would almost certainly get smacked down by a DMCA suit or face civil/criminal penalties. No good deed goes unpunished.

    --

    In theory, practice and theory are the same. In practice, they're not.

  9. Re:Well... by Ernesto+Alvarez · · Score: 4, Interesting

    Even more interesting, using an id of "'" (an apstrophe) gets you some sort of default channel with some rather nice pictures. They even change them after some time.

    http://rss.framechannel.com//productId=KD9371/frameId='

    I wonder what's happening behind curtains.

    --
    GPG 0x1B479C78
  10. Not difficult to track down actual users by Anonymous Coward · · Score: 3, Interesting

    1. Play with the MAC address to find a live frame. It took me 4 tries.
    2. Scroll down and see if one of their images is the weather forecast, complete with the city and state for the forecast.
    3. Now look at the userid. It likely contains a first initial and a last name.
    4. City, state, last name, first initial -- that may very well be enough to get a street address.
    5. Most people have pics of their family, including their kids. You've got a name, address, and photos of the fam.

    It seems to me that goatse/tubgirl -ing these things is the only responsible thing to do. Sure, a few dozen (hundred?) people will have to gouge their eyes out, but it's a small sacrifice necessary to generate consumer push back on this kind of nonsense.

    1. Re:Not difficult to track down actual users by Anonymous Coward · · Score: 4, Insightful

      Ah yes, the infamous false dichotomy. :) Because simply putting a "Your Photo Frame Has Been Hacked" message just wouldn't do. Only hard-core porn is appropriate.

  11. Re:Actually this illustrates the problem well by Anonymous Coward · · Score: 4, Insightful

    Ofcourse, because tracking children down through compromised picture frames is so much more convenient for a person with malicious intent than just going to a local playground or primary school.

    I really dont understand this urge of blowing simple stories completely out of proportion by mentioning pedosexuals, muslims or the banking system.

  12. Looks like you can also reset accounts..... by Ernesto+Alvarez · · Score: 4, Interesting

    I was checking some of the links and noticed a few interesting parameters

    http://www.framechannel.com/feeds/pair/index.php/r=1/frameModelCode=KD9372/frameModelId=1/frameId=PAPAPA/reset=0/language=en/7072.jpg

    See that parameter named reset? I activated an account and verified it as activating. Then I triggered that reset parameter to 1 and it went back to the pre-activation state!

    --
    GPG 0x1B479C78
    1. Re:Looks like you can also reset accounts..... by benjymous · · Score: 3, Interesting

      Ok, now it's nasty - until now you could randomly initialise an inactive (possibly never real in the first place) account. Now it seems to can find the real accounts, and reset them into nastyness.

      Massive product recall ahoy

      --
      Help me! I'm turning into a grapefruit!
    2. Re:Looks like you can also reset accounts..... by laughing_badger · · Score: 5, Funny

      So, a script that changes the content for a video of Obama looking around the room for a few seconds at a random time every few days and then restores the original content. That would probably send some paranoid folks nucular.

      --
      Help children born unable to swallow - www.tofs.org.uk
  13. Re:Doesn't surprise me by wowbagger · · Score: 4, Insightful

    "Why can't I buy a frame that simply displays a URL?"
    "Why can't I buy a frame that simply watches for a specific browsable SMB share and directory, and every time it appears on the network, sync to the local copy, plus sync every 15 minutes thereafter?"
    "Why can't I buy a frame that simply displays a .RSS on the internet? Not a monthly pay service."

    Because then how can the manufacturer of the frame monitize you from a worthless waste of baryonic matter into a shining revenue stream? You forget your place, consumer: you are to consume product and crap cash on demand, month in, month out. Now get to work!

    --
    www.eFax.com are spammers
  14. Re:zero day vulnerability? by durrr · · Score: 5, Insightful

    For maximum damage; child pornography.
    I'm sure you are all more than capable of imagining the fallout without any further explanation; it's hard to find anything being more of the .jpeg equivalent of nuclear weapons.

  15. Re:zero day vulnerability? by OolimPhon · · Score: 3, Funny

    Oh, come on. Don't look at the photostreams with remaining eye.

  16. Simple reason WHY they did it... by nweaver · · Score: 3, Insightful

    Its sloppy to do, but here's why they did it....

    Each device needs a unique serial number, something to identify it. But at the same time, they didn't want to customize the firmware for each device to include a serial number.

    So instead, some brilliant programmer observed that the embedded processor can get the MAC address from the NIC and use that as a serial number for accessing the web page.

    This is an old and useful trick, but the only problem is although it gives you a unique serial number per device, it gives you a predictable serial number per device and because of the nature of the back-end service, they didn't just need a UNIQUE serial number, but also an UNPREDICTABLE serial number. Ooops.

    --
    Test your net with Netalyzr
  17. "Flight to Vegas Delayed" by DingerX · · Score: 3, Interesting

    Well, someone sure is getting a jump on the pre-CES media hype. A conspiracy theorist would suggest that this Corey Halverson dude over in Seattle was slipped some info by his buddies over in Redmond working on a competing product, and looking to exclude a VC-funded startup right when they start gaining traction. That would explain why his blog only has three posts, and why he brought this up right before CES.

    Me, I take this as an object lesson for what happens when you dump your product on woot, and when you don't bother to make even the slightest effort at security.

    This truly is a PR nightmare, but will make a good plot mechanic in next season's procedural dramas.