Re: Backdoor in KiwiSDR


Glenn Elmore
 


 

That John has had root access to KiwiSDRs has not been a secret for many years. To even a casual reader of the forum this has been obvious. Personally I have been aware of this and felt John was trustworthy and him having root access to a host on my private network and being able to help with troubleshooting had acceptable risk/benefit ratio.  

What seems new is simply the high level publicity of this fact. Perhaps I'm being naive but the only new risk I see here is that the announcement may trigger increased hacking attempts.  Hopefully the changes in v .461 have/will mitigate these risks.  

Does anyone know of an instance where this 'vulnerability' has been exploited? Am I being silly with this perspective?

Glenn n6gn


On 2021-07-16 13:55, Carol KP4MD wrote:

"On Wednesday, users learned that for years, their devices had been equipped with a backdoor that allowed the KiwiSDR creator—and possibly others—to log in to the devices with administrative system rights. The remote admin could then make configuration changes and access data not just for the KiwiSDR but in many cases to the Raspberry Pi, BeagleBone Black, or other computing devices the SDR hardware is connected to." 

The full story is at https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/

Join wsprdaemon@groups.io to automatically receive all group messages.