Quote:
Originally Posted by pazos
I think you're mixing local privilege escalation with some sort of remote exploit. These devices are fine to connect to wifi or even to surf the internet if you avoid the stock browser and use an updated alternative. https://www.bromite.org/ is available for 4.4, which I think Tolinos are using.
If you're talking about local privilege escalation then my home router has one (like most SOHO equipment) and I obviously connect it to the internet. |
At home, I'm not worried since I am moderately paranoid about keeping up with security issues and my wireless connects through a firewall to get to the ISP's device. What does cause me worry is basic services such as DNS and DHCP with security issues in settings where I do not have that control. So if I am in one of the local coffee shops (which are now busily reopening with fewer tables) and someone has hacked their network gear, simply connecting and getting a DHCP address is a security hazard. See CVE-2014-6060, CVE-2014-7912, CVE-2014-7913 and CVE-2016-1503 for DHCP issues. You may not feel a touch of paranoia when reading phrases such as "which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response".
I mention coffee shops since one local coffee shop was still using the default credentials for their wireless setup despite having been pwned a couple of times. They now have a non-default user name and password and a bit more secure setup. Who knows, they may discover that one day.
