cancel
Showing results for 
Search instead for 
Did you mean: 

Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

MHoffman
I've been here awhile

The new screen saver on Ignite gives users the option to press the microphone button and ask for the wi-fi password. There are no controls, no authentication required. Anyone with access to the remote can get access to the wi-fi password.

How is this even a feature?

#SecurityRisk

 

*** Edited Labels ***

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

RogersMoin
Moderator
Moderator

Hello, @MHoffman.

 

Welcome to Rogers Community Forums! 😀

 

I appreciate you posting your concern in the Community. You can set parental controls to make sure a PIN is required before the WiFi password is shown by selecting Ignite WiFi in the Application Locks. 

 

Once you lock an app, you can only unlock it by changing Parental Control settings. For your convenience, please follow the steps listed below to lock/unlock the apps:

 

  1. Press the Rogers button on your Voice Remote to open the main menu. 
  2. Use the Arrow Keys to select Settings (the gear icon) and press OK.
  3. Use the Arrow Keys to select Parental Controls and press OK.
  4. Enter your 4-digit Parental Control PIN when prompted. 
  5. Use the Arrow Keys to select Application Locks and press OK.
  6. Use the Arrow Keys to highlight the app you want to lock and press OK to toggle the feature On or Off.
  7. A grey open lock icon will appear next to unlocked applications
  8. A blue closed lock icon will appear next to locked applications
  9. Press Exit to return to standard TV viewing or Last to return to the Settings menu. 

Thank you for your participation in the Community!

 

Cheers,

RogersMoin

View solution in original post

9 REPLIES 9

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

-G-
Resident Expert
Resident Expert

@MHoffman  Hi, and welcome to the Community!  Yeah, I agree.  I don't like that the set-top box can reveal the credentials to access your private Wi-Fi network either.

 

FYI, as far as I can tell, this does not work if you have Wi-Fi disabled on the XB6 and the Ignite set-top box is connected to an external Wi-Fi Access Point.

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

RogersMoin
Moderator
Moderator

Hello, @MHoffman.

 

Welcome to Rogers Community Forums! 😀

 

I appreciate you posting your concern in the Community. You can set parental controls to make sure a PIN is required before the WiFi password is shown by selecting Ignite WiFi in the Application Locks. 

 

Once you lock an app, you can only unlock it by changing Parental Control settings. For your convenience, please follow the steps listed below to lock/unlock the apps:

 

  1. Press the Rogers button on your Voice Remote to open the main menu. 
  2. Use the Arrow Keys to select Settings (the gear icon) and press OK.
  3. Use the Arrow Keys to select Parental Controls and press OK.
  4. Enter your 4-digit Parental Control PIN when prompted. 
  5. Use the Arrow Keys to select Application Locks and press OK.
  6. Use the Arrow Keys to highlight the app you want to lock and press OK to toggle the feature On or Off.
  7. A grey open lock icon will appear next to unlocked applications
  8. A blue closed lock icon will appear next to locked applications
  9. Press Exit to return to standard TV viewing or Last to return to the Settings menu. 

Thank you for your participation in the Community!

 

Cheers,

RogersMoin

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

MHoffman
I've been here awhile

You're missing the point.  This isn't a "parental control" issue.  This is a potential security risk for Ignite users that shouldn't even be offered.  This feature should be removed.

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

ovgray
I've been here awhile
By default the Ignite WiFi is unlocked. So unless a customer knows about this vulnerability and wades through multiple menu layers to repair it, anyone who can turn on their TV can break into their network. Shame on Rogers.

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

@ovgray just to point out, this is a Comcast design issue that hits all of its licencees of this product.

 

https://www.google.com/search?q=comcast+Voice+Commands+can+Reveal+Wi-Fi+Password&rlz=1C1PRFI_enCA774...

 

So, while your ire might be directed at Rogers, the real source of the problem is Comcast.  Not supporting Rogers here, just pointing this out.

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

ovgray
I've been here awhile
At very least Rogers has a duty to warn It’s customers that it is selling technology that is insecure by default and provide distinct, clear instructions that this particular app should be locked, instead of broadcasting the existence of the vulnerability on the screen.

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

MHoffman
I've been here awhile

Rogers should insist that it be removed completely.  Most people do not have the knowledge and think that Rogers wouldn't do something to put them at risk.

When I inquired about having it removed I was told to go through the many steps needed to disable it in 'parental controls' but that in doing so would also lock out other features with it.  Whether the Rogers person on the other line knew what they were talking about or not is irrelevant.  I am pay for services I don't want locked. 

Locking it would require a password to get back into it.I was also told it was done because Rogers was getting numerous calls that people were forgetting their passwords and needed help to reset it.  This is a service that should not be a burden on the tech support side.  If your customers needs help, help them.  Sounds to me, as per the support person I spoke with, that Rogers made a conscious decision to do this.  It is up to Rogers to contact Comcast and have it removed.

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

kingadil
I've been around

When i change the wifi password the kids easily get it in an easy simple way.

They press the talk button on the ignite TV remote and say “Show wifi password” and it shows the password.

This is really horrible and I can’t hide it

Re: Voice Commands can Reveal Wi-Fi Password - Possible Security Risk

As for the kids.. next time they add a device.. make sure that you add their device to a profile.
The profiles monitor via the MAC address of the wireless card on the device (not easy to change if can not at all in most cases). 
I would think if they even forget the device on the wifi, then re add, it should probably still monitor them.

Also in that way, can set up stuff to prevent/lockdown your kids devices.. turn off the wifi for period, etc.

Topic Stats
  • 9 replies
  • 5650 views
  • 11 Likes
  • 7 in conversation