PB and security

Is there a way to get our PB’s to request a simple userid/password?

Sure there is the security of the local network WPA/WPA2 but what if you need to install on an open network? If you leave it off a network it puts itself into AP mode which makes it pretty easy to take over.

I’m really just talking about artists with large setups… and the damage a person with a phone could do. For my personal project use it’s not really needed… it would be nice, but not critical.

I didn’t see this discussed elsewhere yet. I may just have missed it somewhere.

Hi @devoh,
Right now your best bet is AP mode with a password. This will work well unless someone has access to the button to put it back in WiFi setup, reconfigure it, connect, and start messing about.

Even if I do add password protection, there needs to be a way to recover from a lock out, which is almost certainly going to involve the button as well. Perhaps with V3 it could be a “hold the button while powering on” kind of thing as an extra step, which isn’t possible with V2.

For client mode, I could see this being handy when you want visitors to mess with the interface over the network or otherwise expose PB to people you don’t necessarily trust. I’ll add it to the list for sure.

There is a feature which would help prevent unintentional accidents. You can put it in simple UI mode, which hides all the destructive interface elements (and most settings).

To do that, add ?setup to the url (again, anyone can do this, so it’s not going to stop a malicious person), and check the Simple UI Mode checkbox in Advanced Settings.

2 Likes

Optionally password protecting access to the Web UI is a pretty good idea…

@wizard, on the v2, is there a way to track the number of button triggered reboots within the last couple of minutes or so? If you can do that, you can give users a backdoor password reset mechanism by having them reboot the device five or six time in a row.

(I’ve had routers and IoT devices that did something like this. It’s a lifesaver if you should ever say, leave the device in a closet long enough that all trace of its password vanishes from mind and written record.)

2 Likes

@zranger1, sure, there are various ways of adding a 3rd action with the button. The key thing is that if the button is exposed, someone could get access to it. That has to be true from a supportability perspective, for just the kind of scenario you mention, but is also the back door and security bypass.

The front door (web app and websocket side) could have a user/pass/token.

I don’t intend on adding SSL/TLS just yet, the cert issue really makes this hard for local IoT devices. The way plex does it is interesting, but a non-trivial thing to set up. The other alternatives have glaring security holes or troublesome user experiences.

That means someone could potentially sniff an authenticated user’s secrets.

The most common method I’ve seen in IoT systems is that they use an intermediate service, and you don’t directly browse to the device, but instead go to a website which relays back down through another upward secured connection.

At least with V3 there’s enough memory to have the option!

I’d love to hear more about the scenarios where securing it is important. How do you intend to deploy it, and how will people access it or interact with what you’ve created using Pixelblaze?

Security for IoT devices is kind of the ultimate rathole. SSL/TLS/0Auth, etc – I agree definitely not worth the cost and inconvenience. I’m all for protecting the user experience. Additional security should be optional.

What I’d advocate for is the ability to set a simple password on the Web UI – something to keeps the curious/silly/casually malicious from doing things like changing settings or editing and deleting patterns just because they happen to have access to the wifi network the PB is on.

The use case here is pretty simple: It keeps random friends and relatives, and doofoids with (readily available) wifi cracking tools from killing your mobile art projects or changing your store, show, or home lighting.

I wouldn’t bother protecting the websocket UI because it’s harder to do something consistently and interestingly harmful that way. Also, I’m not worried about physical access, because let’s face it, physical access means game over for security. This is mostly about bozos with cell phones.

Determined hackers… I don’t think they’re going to be such a problem for Pixelblaze. I mean, it’d be interesting to make a coin mining pattern, but given the constraints, there are better targets out there.

(Personally, I actually don’t need this at home – I isolate IoT devices on a network segment that’s not accessible to guests and doesn’t broadcast its SSID. All interaction from the guest wifi segment is done via various proxies, running on my highly paranoid firewall/DNS server machine. Plus, I’m out in the middle of the desert!

But installing for friends/clients who aren’t on the crazy side of the technical spectrum, and who want to let visitors use their wifi, a password option could be helpful.)

2 Likes

Hopefully I’m not too late to chime in here. I’d love to see the ability to password protect editing/deleting patterns or editing any other PixelBlaze settings, but still allow people to select the active pattern, plus change the sliders/colour pickers for the patterns. My use case is for an LED costume (or any other LED display really), where people could interact with it using their mobile phones in a controlled way, without “breaking” anything.

Guess what - this feature already exists!

Add /?setup to the end of your Pixelblaze’s IP address in your web browser. You’ll see a new tab appear called “Advanced Settings”. There you can enable a checkbox for “Simple UI Mode” which might be exactly what you’re looking for.

4 Likes

I’ve only just had a chance to try this. Thank you, it is indeed exactly what I was after! (Even better would be if the “Settings” menu was also removed completely, but not a big deal).

2 Likes

I agree, maybe it needs to be ‘super simple’ checkbox too, but then neither Settings nor Wifi should show for that, only ‘Patterns’

Why both? Settings allows you to mess with time, shutdown on time, and update firmware… none of which I’d trust to someone I’d want to lock out. And Wifi is the same: if I can 0wn your wifi, I can break it so others can’t find it, or worse (combined with update, push bad firmware). But I’m paranoid and the sort who knows how to do those things.

Yes, it’s still all just hidden behind a ?setup… but heck, add a password and it’s much more solid.

It’s intended for folks that would own/use a PB, but not need access to dangerous features. They would need to be able to connect it to their wifi, and change the auto off stuff. Think consumer version.

What is left is considered non dangerous. Nothing irreversible. You can’t upload malicious firmware, it’s signed.

Yeah you could annoy: turn brightness off, put it in AP mode with a random password, etc, and that is where a password could help, if you had untrusted users.

Oh, I totally get why the settings that are exposed are exposed. I’m just saying… If I was going to put a PB on display in a public place, and wanted to feel safe that nobody could mess with it, vandalism wise, it’s too open still. Adding a second checkbox enabling Simple and Secure, that includes the first, would help here. Didn’t think about brightness… That’s another I’d lock down, or at least set high/low limits.

Good to know firmware isn’t as much of an issue as I thought at first.