Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kodak Wireless Picture Frames Open To Public

Posted by kdawson on from the look-ma-a-picture-of-a-goat dept.

Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."

14 of 185 comments (clear)

  1. Re:zero day vulnerability? by fuzzyfuzzyfungus · · Score: 4, Funny

    It bloody well would, unless the gaping black hole of goatse man in a million homes across the country qualifies as "defense in depth"...

  2. Mac address anatomy by Arker · · Score: 4, Insightful

    Havent thought about this for awhile, but IIRC the first three octets are supposed to indicate the manufacturer of the device, so if we can assume the NIC in these frames is always from the same manufacturer, the address space to search becomes much smaller. Still, it's going to be pretty huge, with probably the largest number of possible URLs invalid, and most of the valid ones full of normal junk no one but family/friends really want to see anyhow. The probability of one or two really nice racy pictures in there will no doubt motivate someone to search the space eventually though.

    If you see anything good, or even just really strange, be sure and post it here!

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
    1. Re:Mac address anatomy by fuzzyfuzzyfungus · · Score: 4, Insightful

      Anybody else notice the "/productId=KD9371" bit of the URL? It would appear that this "framechannel" service either is, or is designed to be able to be, the backend to multiple digital-photo-frame products, possibly including those from other manufacturers. I couldn't find any other valid product IDs, but that was only in 30 seconds of putting in random strings, not a real effort.(and they claim )

      I'd say, until given compelling evidence otherwise, that any product using FrameChannel as a backend is Fucked. Worse, there may well be nothing that FrameChannel can do about it without breaking the service for all existing devices in the field. I'm sure, in principle, that those devices are firmware upgradeable(almost definitely just an embedded OS on a chunk of flash, with a weedy little ARM or MIPS SoC); but there is no assurance at all that the device manufacturers will offer one, nor does having to apply a critical firmware upgrade really fit well with the "ready for use by Grandma" image that the photoframes would really like to cultivate.

      I would say that we are looking at a much wider problem. This isn't just some hardware company fucking up the service that they hacked together as an afterthought to support their hardware product. This is a service provider company, whose service is integrated into hardware from over a dozen manufacturers, whose core service is completely broken and absurdly insecure. All it would take is one marginally tech-competent journalist to find a couple of baby pictures and/or a frame preloaded with 2-girls 1-cup to kick these guys so hard in the stock price that their investors' children won't be able to sit down for a month....

  3. How many people will get their brand new frame... by Chrisq · · Score: 4, Insightful

    How many people will get their brand new frame home, plug it in and find that it displays a "preloaded" goatse

  4. Re:zero day vulnerability? by burni2 · · Score: 5, Insightful

    No don't mess yourself up in the first place.

    It's called a cloudfeature being so it's not a bug it's a KODAK ;)

    Share your memories and your nude girlfriends with your friends, enemies, law enforcement agencies and employers - and clouds[1].

    [1]http://www.myspace.com/developerchallenge

  5. Re:zero day vulnerability? by fuzzyfuzzyfungus · · Score: 4, Insightful

    If one were a truly awful person, one could probably maximize the damage by going with less horrifying images...

    Classic shock site stuff turns the stomach; but, for that reason, is a pretty implausible thing to have show up outside of a hack.

    A steady stream of sexual but more or less pedestrian pictures, on the other hand, is a much more plausible thing for somebody who has a little something to hide from his/her family/significant other/doting grandparents to accidentally upload to the wrong location.

    For pure nausea you can't really beat the classics; but for pure evil, the more plausible, the better...

  6. The sad thing is... by jomegat · · Score: 4, Insightful

    The really sad thing here is that if some white hat wrote a script to find these and upload to them an image warning the owners of the vulnerability, said white hat would almost certainly get smacked down by a DMCA suit or face civil/criminal penalties. No good deed goes unpunished.

    --

    In theory, practice and theory are the same. In practice, they're not.

  7. Re:Well... by Ernesto+Alvarez · · Score: 4, Interesting

    Even more interesting, using an id of "'" (an apstrophe) gets you some sort of default channel with some rather nice pictures. They even change them after some time.

    http://rss.framechannel.com//productId=KD9371/frameId='

    I wonder what's happening behind curtains.

    --
    GPG 0x1B479C78
  8. Re:Actually this illustrates the problem well by Anonymous Coward · · Score: 4, Insightful

    Ofcourse, because tracking children down through compromised picture frames is so much more convenient for a person with malicious intent than just going to a local playground or primary school.

    I really dont understand this urge of blowing simple stories completely out of proportion by mentioning pedosexuals, muslims or the banking system.

  9. Looks like you can also reset accounts..... by Ernesto+Alvarez · · Score: 4, Interesting

    I was checking some of the links and noticed a few interesting parameters

    http://www.framechannel.com/feeds/pair/index.php/r=1/frameModelCode=KD9372/frameModelId=1/frameId=PAPAPA/reset=0/language=en/7072.jpg

    See that parameter named reset? I activated an account and verified it as activating. Then I triggered that reset parameter to 1 and it went back to the pre-activation state!

    --
    GPG 0x1B479C78
    1. Re:Looks like you can also reset accounts..... by laughing_badger · · Score: 5, Funny

      So, a script that changes the content for a video of Obama looking around the room for a few seconds at a random time every few days and then restores the original content. That would probably send some paranoid folks nucular.

      --
      Help children born unable to swallow - www.tofs.org.uk
  10. Re:Not difficult to track down actual users by Anonymous Coward · · Score: 4, Insightful

    Ah yes, the infamous false dichotomy. :) Because simply putting a "Your Photo Frame Has Been Hacked" message just wouldn't do. Only hard-core porn is appropriate.

  11. Re:Doesn't surprise me by wowbagger · · Score: 4, Insightful

    "Why can't I buy a frame that simply displays a URL?"
    "Why can't I buy a frame that simply watches for a specific browsable SMB share and directory, and every time it appears on the network, sync to the local copy, plus sync every 15 minutes thereafter?"
    "Why can't I buy a frame that simply displays a .RSS on the internet? Not a monthly pay service."

    Because then how can the manufacturer of the frame monitize you from a worthless waste of baryonic matter into a shining revenue stream? You forget your place, consumer: you are to consume product and crap cash on demand, month in, month out. Now get to work!

    --
    www.eFax.com are spammers
  12. Re:zero day vulnerability? by durrr · · Score: 5, Insightful

    For maximum damage; child pornography.
    I'm sure you are all more than capable of imagining the fallout without any further explanation; it's hard to find anything being more of the .jpeg equivalent of nuclear weapons.