Security check - what can FlightAware staff access?


#1

I have a PiAware setup running. When logged in to my account I can see on my stats page that some local data appears, eg local IP, MAC. Can a staffer please advise:

  1. What is the entirety of local data that you can see from the PiAware device on a user’s network?

  2. Do you have any form of remote access to my PiAware installation? I’ve “enabled SSH” and obviously I can access sshd locally and there’s no access to that service directly from the Internet, but I don’t know if the feature simultaneously enables another route back, for example by making a permanent outbound connection to FlightAware.

  3. Can other users see any data which would otherwise be confined to my network? Via my stats page or any other way.

  4. I’m happy that I’m the only person who can access this device locally so I feel no need to change the SSH password. Am I overlooking something – this ties into question 2 I guess, ie, am I going to find that somehow this build of PiAware does allow others to reach it in some manner and that I should change the password? If I do change the password for the user ‘pi’ is that going to break anything, any defaults, scripts, etc?

  5. I have allow-auto-updates set to no. If I set it to yes how exactly does that work? It clearly lets you touch my PiAware in some way.

Thanks,
Chris


#2

Unless you setup a Guest WiFi account, they can see all the devices in your network.


#4

I’m asking if staff are aware of any way for additional info to be gleaned, perhaps in conjunction with any specific settings, the exposure of which is non-obvious. For example, perhaps it is possible, via a bit of command line work, to access a list of the coordinates of all MLAT-enabled installations to which one is synchronised. Side-channel approaches, stuff like that.

I’m also asking what staff can see, since I’ve seen at least one reply to someone else from staff which included their private 192.168/16.


#5

FlightAware does not have any direct remote access to your PiAware. All of the PiAware software is open source so you can review the code in Github if you want to see how it works. We are fully transparent. https://github.com/flightaware/piaware

Your PiAware sends FlightAware some minimal metadata about the state of your Pi which we use to enable features such as the local Skyview link on the My ADS-B statistics page and device anomalies list. Besides the Mode S/ADS-B data, we see basic things like your Internet and local IP addresses, MAC address and Pi operating system version.

We do not have SSH access to your PiAware. Furthermore, we encourage you not to expose any inbound access to your device from the Internet for security reasons.

“Automatic updates” is an optional convenience feature. We will signal your device that an update is available when your device checks-in with us. PiAware is designed such that you connect to us (we don’t connect to you).


Home Network Security
#6

Excellent, thanks for the info Eric. Some of the wording I’d seen around left me feeling unclear on exactly what could access what or how communication was set up under the hood, and as a security conscious person I wanted to be clear, so much appreciated.


#7
  1. What is the entirety of local data that you can see from the PiAware device on a user’s network?

FlightAware only can see what you send through the data feed. This includes the plane messages and the piaware-config.txt log file and the minimal metadata. The piaware.log and metadata is limited to the last check-in.

  1. Do you have any form of remote access to my PiAware installation? I’ve “enabled SSH” and obviously I can access sshd locally and there’s no access to that service directly from the Internet, but I don’t know if the feature simultaneously enables another route back, for example by making a permanent outbound connection to FlightAware.

PiAware makes outbound connections. There is no hidden account and the software is open sourced.

  1. Can other users see any data which would otherwise be confined to my network? Via my stats page or any other way.

Your local site is only viewable on your local network unless you punch holes through your firewall. The data is viewable on local piaware ports.

You can see the full control panel on your my-ADSB stats page. Other can only see your site statistics.

  1. I’m happy that I’m the only person who can access this device locally so I feel no need to change the SSH password. Am I overlooking something – this ties into question 2 I guess, ie, am I going to find that somehow this build of PiAware does allow others to reach it in some manner and that I should change the password? If I do change the password for the user ‘pi’ is that going to break anything, any defaults, scripts, etc?

We recommend you change the username or password of the admin account. PiAware is run with it’s own account called piaware. The PiAware account is just a plain user account with very limited sudo access (updates and reboots).

  1. I have allow-auto-updates set to no. If I set it to yes how exactly does that work? It clearly lets you touch my PiAware in some way.

The Piaware user account will log into FlightAware and check the metadata for version information. If you have auto update on then check-in will report that there is a new version and then piaware run apt-get upgrade.
PiAware account restrictions are here /etc/sudoers.d/piaware


#8

I’m logging into PiAware with user ‘pi’ password ‘flightaware’. Is that the account you’re referring to as the admin account? Since there’s only me on this network is there some other reason I should change it? And would changing it possibly break anything automated in PiAware?


#9

I’m logging into PiAware with user ‘pi’ password ‘flightaware’. Is that the account you’re referring to as the admin account?

The root\admin account is the ‘pi’ account. The pi account is a default account with default password. It is a good idea to change the default account to something else or the password to something else. If you keep the device behind your firewall then this isn’t usually a problem to keep the defaults.

Since there’s only me on this network is there some other reason I should change it?

Changing the password is good enough.
Disabling password login and using SSH keys is much better.

And would changing it possibly break anything automated in PiAware?

piaware software is run using the ‘piaware’ account and not the ‘pi’ root account
piaware software doesn’t require special permissions to run

If your modify the permissions of the ‘piaware’ account then you might have some problems doing remote updates


#10

In my Pi, I have stored all my bank account & credit card info, facebook, tweeter, email login password, and a list of phone numbers of all my girl friends. I will sue flightaware staff if they access my Pi and steal this info. :slight_smile:


#12

Cheers David, yes it’s segregated here so no risk, but I’ll change the password on principle anyway. Thanks.


#13

How do the device commands like reboot or halting device work via the gear icon? Manually, I ssh into the Pi and sudo the commands?


#14

You can give “sudo” access for certain commands to user accounts.
Reboot is one of those commands allowed on the piaware account.
The PiAware account access can be removed by deleting the corresponding line in the sudoers file.

above i wrote:
piaware account restrictions are here /etc/sudoers.d/piaware

type the command below and you can see what piaware account has access too

sudo cat /etc/sudoers.d/piaware


#15

You forgot to mention your medical records and your cryptocurrency and bahamas’ secret accounts.I bet OBJ is already calling your girl friends.