Thanks a lot for your replies. The main trigger for my concern are the frequent warnings in the media about smart home appliances (like dishwashers with wifi) that are often not updated, so that unpatched weaknesses can be exploited by hackers who then can enter your home network and sniff out what you're doing on your other devices, such as phone and computer.
I believe that the SB was indeed designed with an "innocent" network in mind: we're all good people and we give you access to this little Linux box (Touch & Radio). It wouldn't be done this way nowadays any more.
That being said: these devices are inside your network. An attacker would have to get in to your network before they could get access to your device. There is a potential risk of a manipulated audio stream causing an issue on the device. It would be interesting to see whether a hacker could exploit a buffer overflow or whatever in a codec to get access to the device itself...
One of the problems with many devices is the "cloud" connection - which using mysb is. As long as you can trust this cloud, you're good. But it gives outside users (limited) access to your devices. I can control your player at any time. Your fridge vendor can probably monitor the content of your new smart fridge. The real problem starts when other people you don't trust get access to these services. Or when a device could have a bigger impact on one's live than a radio. Imagine the smart cars out there nowadays. If those cars get hacked (and it has been done before), an attacker can control your breaks or whatever.
I believe the biggest risk in the SB universe is opening LMS to the internet. Even if protected with a password, I wouldn't trust it. And there have been attacks involving reading full disk content from LMS installations. This is easily done and real.
Very little to no risk I see with the old players (up to the Classic). They're rather dumb devices. Radio/Touch/Controller, with their Linux based OS, offer way more potential. But again: the attack surface is rather small, as they're hardly ever exposed to the internet.
_______________________________________________ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
