SplashTop Linux Security Hole Discovered
Less than two weeks ago we shared that SplashTop Linux was hacked to run off a USB stick, run custom applications, and more importantly having it run on non-certified motherboards (meaning those not sold by ASUS with SplashTop's instant-on Linux environment embedded). These hacks were done by members of our Phoronix Forums, but now a security hole has been discovered. Kano, a member of the Phoronix Forums and the mastermind behind the Debian-based Kanotix distribution, has discovered a serious security problem.
On at least some versions of this unique Linux distribution, contents of attached USB devices and Windows partitions are exposed via the network. If you're not running a router-based firewall (SplashTop has no firewall) or a dedicated hardware firewall, the contents can then be accessed anonymously. All of these files can be viewed over HTTP on port 1080.
Kano originally noted this problem in the Phoronix IRC channel and this forum thread. DeviceVM, the company behind SplashTop, is currently looking into this problem.
On at least some versions of this unique Linux distribution, contents of attached USB devices and Windows partitions are exposed via the network. If you're not running a router-based firewall (SplashTop has no firewall) or a dedicated hardware firewall, the contents can then be accessed anonymously. All of these files can be viewed over HTTP on port 1080.
Kano originally noted this problem in the Phoronix IRC channel and this forum thread. DeviceVM, the company behind SplashTop, is currently looking into this problem.
4 Comments