Boxee SMB Security Hole

After doing some research on how the Boxee remote system worked i found some urls for doing basic control/info retrieval from the older desktop software/ current software on Boxee box. One of which was now playing status. After messing with some of the others I went back to the now playing url and noticed something that didn’t seem right.

Boxee doesn’t store the smb (Windows file sharing) authentication in a secure data store and securely retrieve it like is done on modern systems. Instead it sends the username/password as part of EVERY request for media shared from a windows computer. That means every request for media sent out is done in this format  “smb://<username>:<password>/path/to/media/file.<extension>”. Which is not a secure method especially since app developers can do remote apps that interact with the software even to the extent of requesting currently playing media. Further more anyone can run a packet sniffer on the network and capture the exact same info as media is played also if on wifi and not using any security (or on WEP) that could be a further issue.

While this isn’t a major issue on a single user network the issue really comes to focus on a muli-user shared network. Without a fix in the core of the Boxee software all you can do is setup your share security so a Boxee only user is exposed. For example make new user that is just for Boxee media shares or just setup your media shares to allow anyone to read but need authenticated user to write that way either a non important user is exposed or it can access the media without needing login.

  • HDizzle

    Yea never mind the other apps, one only needs to sniff packet traffic on the wifi to recieve the authentication data as plain text!

    But thing is……in a home LAN being used for media purpouses does it really matter?

  • As per the packet sniffer yep that somehow missed getting into post lol. It can matter if someone is trying to mess with someone elses computer on a shared network (eg kid messing with parents or messing with room mates machine).

    Edit: Added the packet sniffer/wifi part