Is Hacking a real Problem??

[Tim Barbee]

I was at a comp a month or so ago and a guy that I was talking to on another team was joking with me that “He would not hack my stoker” during the night. I took it as a joke, and as far as I know he didn’t, but is hacking a real problem?
I run my Stoker directly connected to the pit with no wireless set-up so as far as I know this set-up can’t be hacked, or can it?? If so what do I need to do so this can’t happen??

 

[KeithG]

The only way you can be hacked is for someone to have direct access to your stoker to change your settings, or if your stoker is connected to a network through the ethernet jack (wirelessly or through a cable). If you don't have your Stoker connected to any network connections, then you are good as long as nobody can physically get to your stoker to change the settings.

You can connect the stoker directly to your laptop via a cross connect cable and that will also be safe as long as you don't have your wireless card on your laptop on, so someone can't connect to your laptop wirelessly and control your stoker that way.

If you do setup a wireless network to use your stoker on, then the best security features to use are to use WPA-2 (if possible), hide your SSID (disable SSID broadcast so others can't see your wireless network name), and use MAC authentication and only allow your device MAC addresses.

Good luck,
Kg

 

[Matt B.]

I work with this stuff for a living and Keith is right. Wired is ideal, but if you must go wireless use MAC authentication, hide your router's SSID, and employ WPA2-TKIP encryption. That's the setup I use at home, too.

I can crack WEP on a laptop in 5 minutes and WPA isn't just a whole lot better. Hiding the SSID and using MAC authentication are not effective alone, but they make your access point much less desirable to someone who is out looking for a target. Still, at a competition, I would only use wired connections and would even go so far as to keep my router (if present) and stoker in a locked box to prevent physical access.

 

[Jeff Bower]

Some good information here on general security, but we're forgetting one thing - if the guy's close enough to hack the WiFi he's close enough to unplug the Stoker to let the fire die or, even worse, pull out the pit probe so the fan stays on and the fire goes out of control.

The worst practice I see here from a security standpoint is when you set up port forwarding on your router to talk to the Stoker directly. In order to get access to my Stoker remotely I need to set up an SSH tunnel with key-based authentication (think a password a thousand characters long). This is a fairly complex project for the typical home user so I doubt it's viable for most people.

Alternately I can connect using a fairly secure remote desktop protocol (with password authentication) direct from my Blackberry to my PC which is running StokerLog. But since the Stoker itself has no security built in I wouldn't ever expose it on the Internet directly. This sort of setup is much more useful - even from a PC. There are a few mentions of services here like LogMeIn.com, but I happen to use RDM+ which has a web interface as well as one for the BlackBerry and the iPhone (hopefully Android soon, I haven't checked recently).

Either way, I don't think we've got a single report of anyone who's had someone stumble upon their Stoker and know what to do with it - most random bad guys would probably think it's some sort of weather station. But it never hurts to be careful

 

[KeithG]

I agree with Matt B on only using wired connections at comps if you are afraid of hacking. I don't do comps and don't have any idea of the real hacker threat there, but it may not be the other teams trying to ruin your meat....instead it may be some local "kids" having "fun" trying to ruin it for the competitors, or some vegetarian eco-terrorist with a plot to end all BBQ comps.

Wireless is much more vulnerable than wired connections. But I would be interested in hearing if anyone has been hacked at a comp. Even our brisket isn't safe anymore.

Kg

 

[John09]

<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Jeff Bower:
Some good information here on general security, but we're forgetting one thing - if the guy's close enough to hack the WiFi he's close enough to unplug the Stoker to let the fire die or, even worse, pull out the pit probe so the fan stays on and the fire goes out of control.

The worst practice I see here from a security standpoint is when you set up port forwarding on your router to talk to the Stoker directly. In order to get access to my Stoker remotely I need to set up an SSH tunnel with key-based authentication (think a password a thousand characters long). This is a fairly complex project for the typical home user so I doubt it's viable for most people.

Alternately I can connect using a fairly secure remote desktop protocol (with password authentication) direct from my Blackberry to my PC which is running StokerLog. But since the Stoker itself has no security built in I wouldn't ever expose it on the Internet directly. This sort of setup is much more useful - even from a PC. There are a few mentions of services here like LogMeIn.com, but I happen to use RDM+ which has a web interface as well as one for the BlackBerry and the iPhone (hopefully Android soon, I haven't checked recently).

Either way, I don't think we've got a single report of anyone who's had someone stumble upon their Stoker and know what to do with it - most random bad guys would probably think it's some sort of weather station. But it never hurts to be careful

</div></BLOCKQUOTE>
From a security stand point thats (the lack of authentication) what I view as the major flaw of the stoker. Wireless at a comp? Set up wpa2, no worries. Forward a port on your router to the stoker though so you can check it at work and you don't have any idea who will stumble on it and start clicking buttons and mess with your brisket. Is it likely to happen? No probably not but security through obscurity gives me chills.