Educause Security Discussion mailing list archives
Re: Chromecast devices?
From: Steven Bochniewicz <steven.bochniewicz () UMUC EDU>
Date: Wed, 2 Oct 2013 13:40:39 -0400
The security fixes are roll-ups of chrome security fixes plus a few to stop device hackers from gaining root. On Wed, Oct 2, 2013 at 1:11 PM, Joe St Sauver <joe () oregon uoregon edu>wrote:
Joshua commented: #Chromecast a cheap device that plugs into your TV and allow you to stream #content from your computer or mobile device to your TV. We have students #who have purchased these devices. # #My concern is that as soon as you plug a Chromecast device into your TV, #anyone who has the Chromecast software (free download) can play content #on your TV (even harassing content or porn). I was given one of these as a gift by a family member. (Thanks, son!) The model obviously expects you to be operating in a closed personal WiFi network, e.g., Ye Olde Family WiFi Private Network. That "residential deployment model" expects that if Junior or Sissy injects unacceptable content onto the family Chromecast, "surprising" the family, Mom or Dad will detect the miscreant involved and discipline them, likely by confiscating their system or revoking their access to the family network until that pesron has Gotten the Message (as my long departed parents used to describe it, way back when). Clearly this is not a terrific access control model if you've got 500 random people connected to an unsegmented ResHall wireless network, and of course, most schools aren't very happy if students attempt to "deal with the issue" by running their own private WiFi network, subordinate to their institutional connections, either. A more sophisticated device pairing and authentication model is obviously needed (but hey, we're talking a $35 device, right?) I will also add that I'd love to see more specific release notes. For example, mid September, Chromecast devices got build 13300. That build included "Security fixes" (see http://googlechromereleases.blogspot.com/2013/09/chromecast-update.html ), but, unfortunately, I've not been able to find any additional information about what those specific "security fixes" actually involved. Anyone else know? Regards, Joe
-- Regards, Steven Bochniewicz Sr. IT Security Analyst Enterprise Risk and Compliance Steven.Bochniewicz () umuc edu
Current thread:
- Chromecast devices? Jones, Joshua (Oct 02)
- <Possible follow-ups>
- Re: Chromecast devices? Joe St Sauver (Oct 02)
- Re: Chromecast devices? Steven Bochniewicz (Oct 02)
- Re: Chromecast devices? Emery Rudolph (Oct 02)
- Re: Chromecast devices? Brian Helman (Oct 03)
- Re: Chromecast devices? Dexter Caldwell (Oct 09)
- Re: Chromecast devices? Brian Helman (Oct 09)
- Re: Chromecast devices? Dexter Caldwell (Oct 09)
- Re: Chromecast devices? SCHALIP, MICHAEL (Oct 10)
- Re: Chromecast devices? Steven Bochniewicz (Oct 02)