1. FF22's Avatar
    I asked this in an app specific thread and did not get a response but since there are a growing number of such apps, I was wondering what are the security risks, if any, of these apps or possibly more specifically the modules or programs or apps that actually run on your/my main computer?

    "Please don't take offense at my question which applies to your app and a number of these other lan/wifi/network/streaming/sharing apps.

    Yours and some of the others require a module or program running on the computer. Does this open the wifi and network and the drive, and basically MY FILES and/or other settings and possibly passwords/log-ins to YOU or others?

    Again, just asking since, again, these programs run on the main computer?"

    I have to admit that when I run such a module (splashtop, lan file explorer, streaming now) on my computer I don't know if I'm just sharing my "stuff" with just my pb or have I possibly granted access to my computer, keystrokes, etc?

    Thanks in advance.
    04-19-12 03:27 PM
  2. Dim-Ize's Avatar
    Great question, F2. I'm interested in this thread and the responses that will be given.

    My understanding is that Splashtop does leave you vulnerable while streaming as there is no encryption on the traffic. But, the trade-off, better performance. I use it and I'm a fan of the application.

    Remote Desktop, however, does offer encryption on the traffic and has a minor performance hit. But, admins will prefer this application over Splashtop for this and other reasons (like multiple sessions concurrently).

    It is also my understanding that the other apps you mention, like Lan File Explorer, etc. do leave you vulnerable to a user sniffing out wifi traffic networks in public places. These other programs typically allow for a password to authenticate. But, even WiFi networks are vulnerable to attack.

    Bottom line: PlayBook is a very secure platform and these other programs do marginally increase the risk of a vulnerable exploit. I normally leave WiFi & file sharing turned off on my PB unless it is in use by me - then I toggle it back off. Same with SplashTop. And, I password protect my PC and PB - which offers anothehr layer of protection from someone picking it up and logging in. I also leave the password to be entered each time on Splashtop vs. having it auto-login.
    peter9477 likes this.
    04-19-12 03:57 PM
  3. Branta's Avatar
    For now I'll ignore the possibility (remote or otherwise) that the streaming server apps have a designed back door giving the developer access to your hardware. ISTM that risk exists with any application, and it is for the user to assess the level of risk and the potential damage if it occurred.

    It is unlikely these apps would be more vulnerable than any other for programming errors which could give access to third parties. Considering they are relatively small in the market they will probably be low priority for black hat analysis in search of an exploit - but if they use standard OS libraries they may also be at risk from any current unpatched OS vulnerability.

    That seems to leave the WiFi channel as a potential route of attack. If your WiFi is suitably protected (WPA2) it is unlikely to be at risk with fairly small coverage (signal range) restricting the opportunity for attack. However, the relatively high traffic volume of a streaming broadcast would provide more packets than simple web browsing activity, and could make a better target for analysis if a viable attack against the encryption is discovered in the future.

    Overall best guess... with software from a reputable source the risk is likely to be very low.
    peter9477 and Dim-Ize like this.
    04-19-12 04:26 PM
LINK TO POST COPIED TO CLIPBOARD