is FA remote controlling the users pi a severe security risk

… sorry - but i think YES

flightaware employees this way are able to install any software they want without asking the owner and have entrance to YOUR network
anybody who hacks flightaware website can control OUR RASPBERRYS immediately

there is no need for all these remote features just for sharing data!

what is your opinion?

kind regards
tom

Hi Tom,

PiAware is no different from any number of other auto-update household devices like DVRs, thermostats, etc. The vast majority of users appreciate this convenience and we take the responsibility seriously. Additionally, most computing systems (e.g., Windows, MacOS, iOS, etc) are auto-update now as well, and those are closed source, unlike PiAware.

Either way, you can disable it if you’d like:



sudo piaware-config -autoUpdate 0 -manualUpdate 0


…and unlike virtually all software, you’re free to inspect the source to make sure it enforces your wishes..

hi david,

i made this post before we had mailed. so again - thank you for this unexpected and unusual quick and open-minded response!
you are right when saying that much things today have similar built in risks - but exactly this is the problem - risk without need.

of course i disabled the two switches when setting up the feed a few days ago. additionally i disabled for user pi sudo without forcing password.
what is about this ‘faup1090 thing’ you wrote in the email?

kind regards
tom

Hi, Tom, I’m Daniel and I think you might have me confused with David.

There’s risk with everything but the need here is pretty great – most people don’t manage their devices themselves (just installed the SD card and walked away) and this allows us to push out valuable improvements like MLAT. However, if you’re able to manage it all yourself, I’m glad you got it configured how you want it.

Daniel

ooops - sorry - yes i did :slight_smile:

maybe it would be a good idea to describe on the website only 2 raspberry ways - the ‘all-inclusive-auto-all’ and the ‘absolute-minimum’.
so - regarding the faup1090 i will email david …

tom

Hi Tom,

Yes – we have the SD card way, which defaults to FA automatic updates, and the Debian package version, which defaults to no FA automatic updates. You can change the settings on either, of course.

i have to come back to this thread again.

now after some weeks feeding fa i still can’t find a reason to force those of us - not wanting auto-update - running piaware as root which is undoubtable an open door for very bad things. did i miss something? if so - let me learn …

A couple of things.

  1. Don’t run your financial programs on the same Pi as Flightaware. If you keep the pi limited to that app, then you minimize damage in the event it is overtaken. Use different passwords for each pi.

  2. Oliver Jowet (here as obj) wrote a fork of dump1090 dump1090-mutability to address the root issue. You can always run it. Don’t expect FA to provide the same level of support for it they do for their own particular flavor of dump1090.
    Cheers.
    A steep learning curve is a good thing.

I suggest you start here:

github.com/mutability/piaware

and start contributing updates (either porting those changes to stock piaware, or updating piaware-mutability to current piaware).
Both are on my todo list but they are low priority. If they are important to you, then constructive contributions will get them done a whole lot faster than a stream of complaints about how terrible everything is.

what is not constructive - saying exactly what is risky without need ???
funny - joelwiley posted you did it the other way long before - and now it is peanuts …

your’e right - as always

Or just do what I did, put the Pi in a DMZ that has very limited access back into my internal network.

some hours ago i learned first time that there is a piaware mutability version - but not maintained …

i guess nobody runs his financial software on the ads-b raspi. the problem is just the ads-b raspi is in YOUR network and this way all evil is then there too with a first foot in the door …

mine sits only in my ‘for-fun-only-network’ strictly separeted from all meaningful networks - but i guess there are many others having their very personal data in the same network.

Go and look at the github repo I linked. It has my changes to run as non-root. It needs updating for current piaware, or current piaware needs updating to take the relevant changes. It is not a trivial piece of work, especially if you want to get it to the point where it’s suitable for including in the standard piaware package.

I am not going to start on this work just because you’re complaining about it - you complain about everything.

i just complain about things maybe improvements were needed. and as hopefully this forum is not scientology this should be allowed.

p.s. a simple ‘see the risks too. is on my list. may take some while’ would have been an option too …

that’s of course a good suggestion - and as you can see in my post simultaneously i have a similar concept :slight_smile:

Sorry Tom, but I’m afraid I’m with obj in this case - just about every post you’ve done on here has been a complaint - apologies if that is not what you intended, but that is how they are coming across.

shure :slight_smile: but this is not the answer to the question. i still believe that this thing is unneeded insecure - and nothing here convinced me that it is not.
that’s all

Here are a few links about security for the RPi.

instructables.com/id/Raspber … /?ALLSTEPS

heystephenwood.com/2013/06/s … ry-pi.html

makeuseof.com/tag/securing-r … firewalls/

thank you sjacket,
this is what helps in the thread. i’ll read that and look whether i missed things securing my pi.

We’re in the middle of evaluating PiAware (currently just for an antenna survey for 1090) in a commercial/enterprise context. We put the Pi on it’s own VLAN (DMZ) and firewalled it off (whitelist with DPI and networked-based IPS+IDS). I’m wouldn’t be so worried about the auto-update feature but I really don’t like that you can execute arbitrary commands from the FlightAware website. These accounts don’t have two-factor authentication (nor does the send command feature) so if the account tied to a PiAware unit were to be compromised it’s essentially a backdoor into the network.

If we decide to use a PiAware based receiver, our plan would be to create a new FlightAware account just for the receivers for compartmentalisation purposes, also, I’d be looking through the Debian configuration as well to see if anything needs hardening and to see if the auto-update mechanism is appropriately secure (Eg: HTTPS? packages digitally signed? etc.).