[suws-members] KiwiSDR security issue

Phil Crump phil at philcrump.co.uk
Fri Jul 16 15:42:58 BST 2021 

CAUTION: This e-mail originated outside the University of Southampton.

Hi All,

Martin upgraded the KiWi at the Farnham SDR to v1.461 yesterday which has removed this feature.

It's worth mentioning that we were fully aware of the developer remote access, it's one of the reasons for all the WebSDRs being on their own VLAN (the FR24 ADS-B receiver has similar manufacturer remote access I believe, although they're a lot quieter about it).

(NB: I'm not defending it's concept or implementation)

Phil

On 2021-07-16 15:12, Cori Haws wrote:
So we have a KiwiSDR software for the HF range on the Farnham SDR.
This is something Phil Crump will need to look into I believe.

From: suws-members-bounces at ecs.soton.ac.uk <suws-members-bounces at ecs.soton.ac.uk> On Behalf Of Denis Nicole
Sent: Friday, July 16, 2021 3:47 AM
To: suws-members at ecs.soton.ac.uk
Subject: [suws-members] KiwiSDR security issue

Hi all,

Just a quick, but urgent, note. If any of you are running KiwiSDR, a serious security problem has just emerged:

https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Ffor-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer%2F&amp;data=04%7C01%7Csuws-members%40ecs.soton.ac.uk%7C638afcf912224dfb8f9608d948681a8e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637620434367944282%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=j4e0ZPCjYYQ4Plk5QFqmxBVQ7X%2BtP27x7RhQcyQS05Y%3D&amp;reserved=0 <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Ffor-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer%2F&amp;data=04%7C01%7Csuws-members%40ecs.soton.ac.uk%7C638afcf912224dfb8f9608d948681a8e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637620434367954250%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=rV8sNchDqMM6HxhJYD4oxviOgcWDS%2Bkp4PWtllXJtmw%3D&amp;reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Ffor-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer%2F%2520%253Chttps%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Ffor-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer%2F%253E&amp;data=04%7C01%7Csuws-members%40ecs.soton.ac.uk%7C638afcf912224dfb8f9608d948681a8e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637620434367954250%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=anPwaAlMTBn02YyV3RSc2bsB3FjdAp3%2BctouEXiXaGc%3D&amp;reserved=0>

73
Denis M0CYJ

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/suws-members/attachments/20210716/61e6e6ac/attachment-0001.html

More information about the suws-members mailing list