Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Splashtop Security Hole Exposed

Hybrid View

  1. #1
    Join Date
    Aug 2007
    Posts
    6,641

    Default Splashtop Security Hole Exposed

    At least same versions of Splashtop are not as save as they want to be. Especially when only the HD install variant was used. In case of affected versions like 1.2.3.1 you can access all USB media and the Windows partition used to install Splashtop completely! To verify if your version is affected try:

    http://127.0.0.1:1080

    There you can access - without any mod - all files via

    http://127.0.0.1:1080/links

    For your fun you find even a music.mp3 file there

    http://127.0.0.1:1080/music.mp3

    If your system is directly connected to internet (maybe using DSL dialin within Splashtop or via cable modem) all others can enjoy the content of your hd!

    Btw. newer Splashtop version only block the webserver listing, but when you know the name, you still can access the data when you know the deep link. Luckyly they blocked access from outside then - at least 1.2.8.0 fixes it. But it is still possible to aquire the registry or other system files and save em onto USB stick without any mod. That means you can access user data like serials and other data which is stored there. Very nice feature to have Splashtop available to hack pcs without the need of any bootable media

    Like:

    http://127.0.0.1:1080/links/winhdd/disk1/splash.idx

    http://127.0.0.1:1080/links/winhdd/disk1/boot.ini

    The affected package is bs-apache.sqx.

    Edit: I would like to know from a Splashtop developer (maybe via the blog), why the winhdd link is there (take a look into va-photo.sqx) when it is not used by any app. Only this makes a big issue from that error. You are able to view/save files which you can not even access when Win is booted - like the registry.
    Last edited by Kano; 08-09-2008 at 06:21 AM.

  2. #2
    Join Date
    Aug 2008
    Posts
    99

    Default

    Quote Originally Posted by Kano View Post
    You are able to view/save files which you can not even access when Win is booted - like the registry.
    That's true of any unencrypted PC running any Linux boot disk -- if someone has physical access to the computer, all bets are off. Or is this possible over the network even with the new version of SplashTop that is supposed to close the port?

  3. #3
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    Well directly you can not access it via network with 1.2.8.0, but the used browser is not uptodate, so expect security risks there too. You are of course right, that any running Linux system can access the data too, but when the marketing wants to tell you that when you are using it you are save and then apache runs just to be used by a very simple photo viewer app then something went really wrong. The problem is a combination of 2 errors, the first was basically fixed in a newer va-apache package - the access from outside. But the 2nd was not changed: the winhdd symlink in the va-photo package. Without it would have been impossible to access data from Win via apache (just usb data which I would call random in most cases, maybe some index files for media players when you also know the volume label). The claim was that Win data was not accessable at all via the installed apps - when you add xterm you can access everything.

  4. #4
    Join Date
    Aug 2008
    Posts
    4

    Default

    Nice find Kano. Needless to say I haven't been using splashtop/expressgate since I tested this out on my machine and have access to my entire windows directory structure from any computer on my LAN. Can you tell us how to fix the problem. What file to I need to unsquash and modify?

    Regards

  5. #5
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    Basically you can use a newer version of bs-apache.sqx - 1.2.8.0 blocks lan access. Also you can modifiy the va-photo.sqx and remove this symlink.

    var/www/links/winhdd

    If you don't need the viewer remove it. Don't forget the version file hack.

  6. #6
    Join Date
    Aug 2008
    Posts
    4

    Default

    Thanks for the reminder about the version hack (I wouldn't have done that if you didn't mention it). Deleting the va-photo.sqx worked perfectly, thanks a bunch.

  7. #7
    Join Date
    Nov 2008
    Posts
    10

    Exclamation Crash

    I just found out that my Asus G50v has a corrupt os I can still access splashtop though. I am going to have to reformat my hd and was wondering if there is any way that i could back up my files using splashtop. Please help...

  8. #8
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    With an unmodified splashtop you can not access much of your data inside it, but when the version is really old, then check your internal ip:8080 in your LAN. The network dialog should show your ip.

  9. #9
    Join Date
    Nov 2008
    Posts
    10

    Post

    Quote Originally Posted by Kano View Post
    With an unmodified splashtop you can not access much of your data inside it, but when the version is really old, then check your internal ip:8080 in your LAN. The network dialog should show your ip.
    Then what. Sorry...i'm not super computer literate. I like to say that i am...but it has it's limitations.

  10. #10
    Join Date
    Aug 2007
    Posts
    6,641

    Default

    Just use any recent Linux live cd, that should give you access to your data.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •