IEEE Consumer Electronics Magazine - November/December 2019 - 50

Consumer Electronics Security

-p@ssw0rd. This password can be changed after
the installation using the command line.
A default installation of this OS keeps eight
open ports with their services. These services
are: FTP (port 21), SSH (22), Microsoft Windows
RPC (135), Samba (445), remote debug (4020),
remote management (5985), web server (8080),
AllJoyn (9955), and WinRM (47001). Among these
services, the most interesting ones are FTP and
HTTP. The FTP service is an anonymous FTP
server with read and write rights on all folders,
including system ones. This means that anyone
that can access the Raspberry Pi will have complete control of the system as they could modify
or delete any of its configurations.
Regarding the default administrator password,
it can now be chosen if the IoT Dashboard utility is
used to create the image. Moreover, the FTP
server does not run anymore as a start-up daemon.13 In both tested versions, the configuration
of Windows 10 IoT can be set up using the Windows Device Portal, available through the web service on the port 8080. The access to this service
requires authentication, but it is done in clear
text, so it is easy to crack. An attack against this
service using man in the middle and ARP-spoofing
can be performed and the password of the administrator can easily be discovered using Wireshark.

OpenELEC and LibreELEC
The version of OpenELEC analyzed in this
paper is the 8.04 and the LibreELEC one, 8.02. For
both systems, only a Samba server is installed by
default. Both systems are installed by default
with the user -root- and the password -openelec.
These parameters cannot be changed. If a user
needs to change these values, he will need to
recompile the whole system from its sources.14
The two systems have two easy-to-access
services that do not require any authentication
to access to them: an HTTP server and a Samba
server. The HTTP server provides, through a
web interface, complete control of the system as
if it was a remote controller. The Samba service
gives access to the media -so it can be handled
easily- and it also shares some configuration files
of the system. This shared information includes
Samba's configuration, so it would be easy to
modify the configuration file to share the whole
system as a resource.

50

All these shown security issues are already
known. In their forums it is warned that OpenELEC is only an entertainment system and that it
has not been designed targeting security.14 As
LibreELEC is a fork of OpenELEC, this can also
be applied to it.

Ubuntu
The Ubuntu version used for the analysis is
16.04. By default, no services are installed, but
for this exercise Open SSH has been installed
during installation. Ubuntu creates a normal
user with superuser rights instead of asking
for the root password creation. The username
and the password of this user will be asked during the installation. This avoids the creation of
default users or passwords, increasing security.
NMap shows, as expected, a single public service
which is an SSH server listening in the port 22.
The installed versions of OpenSSL (1.0.2g) and
OpenSSH (7.2) are neither vulnerable to Heartbleed nor to UserRoaming bugs.
RiscOS
RiscOS is an OS created in 1987 by Acorn
Computers. It was designed to run on RISC processors, which is precisely what ARM is. This O.
S. is a single user operating system. This means
that only one user can be logged in at the same
time. It also counts on WIMP (Windows, Icons,
Menu and Pointer) to let the user interact with
the system.6 The RiscOS version analyzed is the
15, released on May 2017. This version can be
downloaded from the official website of Raspberry Pi and installed easily in an SD card. After
a default installation, NMap cannot discover any
public service. This means that the system cannot be accessed remotely. If someone wants to
access the system, they will require physical
access to the hardware, screen and input devices -keyboard and mouse. Taking into account
these facts, RiscOS is a highly secured system
after a default installation.

DISCUSSION AND CONCLUSION
After analyzing the hardware, it can be concluded that the Raspberry Pi hardware design is
more focused on decreasing costs than on security (Refer Table 1). This becomes obvious when

IEEE Consumer Electronics Magazine



IEEE Consumer Electronics Magazine - November/December 2019

Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - November/December 2019

Contents
IEEE Consumer Electronics Magazine - November/December 2019 - Cover1
IEEE Consumer Electronics Magazine - November/December 2019 - Cover2
IEEE Consumer Electronics Magazine - November/December 2019 - Contents
IEEE Consumer Electronics Magazine - November/December 2019 - 2
IEEE Consumer Electronics Magazine - November/December 2019 - 3
IEEE Consumer Electronics Magazine - November/December 2019 - 4
IEEE Consumer Electronics Magazine - November/December 2019 - 5
IEEE Consumer Electronics Magazine - November/December 2019 - 6
IEEE Consumer Electronics Magazine - November/December 2019 - 7
IEEE Consumer Electronics Magazine - November/December 2019 - 8
IEEE Consumer Electronics Magazine - November/December 2019 - 9
IEEE Consumer Electronics Magazine - November/December 2019 - 10
IEEE Consumer Electronics Magazine - November/December 2019 - 11
IEEE Consumer Electronics Magazine - November/December 2019 - 12
IEEE Consumer Electronics Magazine - November/December 2019 - 13
IEEE Consumer Electronics Magazine - November/December 2019 - 14
IEEE Consumer Electronics Magazine - November/December 2019 - 15
IEEE Consumer Electronics Magazine - November/December 2019 - 16
IEEE Consumer Electronics Magazine - November/December 2019 - 17
IEEE Consumer Electronics Magazine - November/December 2019 - 18
IEEE Consumer Electronics Magazine - November/December 2019 - 19
IEEE Consumer Electronics Magazine - November/December 2019 - 20
IEEE Consumer Electronics Magazine - November/December 2019 - 21
IEEE Consumer Electronics Magazine - November/December 2019 - 22
IEEE Consumer Electronics Magazine - November/December 2019 - 23
IEEE Consumer Electronics Magazine - November/December 2019 - 24
IEEE Consumer Electronics Magazine - November/December 2019 - 25
IEEE Consumer Electronics Magazine - November/December 2019 - 26
IEEE Consumer Electronics Magazine - November/December 2019 - 27
IEEE Consumer Electronics Magazine - November/December 2019 - 28
IEEE Consumer Electronics Magazine - November/December 2019 - 29
IEEE Consumer Electronics Magazine - November/December 2019 - 30
IEEE Consumer Electronics Magazine - November/December 2019 - 31
IEEE Consumer Electronics Magazine - November/December 2019 - 32
IEEE Consumer Electronics Magazine - November/December 2019 - 33
IEEE Consumer Electronics Magazine - November/December 2019 - 34
IEEE Consumer Electronics Magazine - November/December 2019 - 35
IEEE Consumer Electronics Magazine - November/December 2019 - 36
IEEE Consumer Electronics Magazine - November/December 2019 - 37
IEEE Consumer Electronics Magazine - November/December 2019 - 38
IEEE Consumer Electronics Magazine - November/December 2019 - 39
IEEE Consumer Electronics Magazine - November/December 2019 - 40
IEEE Consumer Electronics Magazine - November/December 2019 - 41
IEEE Consumer Electronics Magazine - November/December 2019 - 42
IEEE Consumer Electronics Magazine - November/December 2019 - 43
IEEE Consumer Electronics Magazine - November/December 2019 - 44
IEEE Consumer Electronics Magazine - November/December 2019 - 45
IEEE Consumer Electronics Magazine - November/December 2019 - 46
IEEE Consumer Electronics Magazine - November/December 2019 - 47
IEEE Consumer Electronics Magazine - November/December 2019 - 48
IEEE Consumer Electronics Magazine - November/December 2019 - 49
IEEE Consumer Electronics Magazine - November/December 2019 - 50
IEEE Consumer Electronics Magazine - November/December 2019 - 51
IEEE Consumer Electronics Magazine - November/December 2019 - 52
IEEE Consumer Electronics Magazine - November/December 2019 - 53
IEEE Consumer Electronics Magazine - November/December 2019 - 54
IEEE Consumer Electronics Magazine - November/December 2019 - 55
IEEE Consumer Electronics Magazine - November/December 2019 - 56
IEEE Consumer Electronics Magazine - November/December 2019 - 57
IEEE Consumer Electronics Magazine - November/December 2019 - 58
IEEE Consumer Electronics Magazine - November/December 2019 - 59
IEEE Consumer Electronics Magazine - November/December 2019 - 60
IEEE Consumer Electronics Magazine - November/December 2019 - 61
IEEE Consumer Electronics Magazine - November/December 2019 - 62
IEEE Consumer Electronics Magazine - November/December 2019 - 63
IEEE Consumer Electronics Magazine - November/December 2019 - 64
IEEE Consumer Electronics Magazine - November/December 2019 - 65
IEEE Consumer Electronics Magazine - November/December 2019 - 66
IEEE Consumer Electronics Magazine - November/December 2019 - 67
IEEE Consumer Electronics Magazine - November/December 2019 - 68
IEEE Consumer Electronics Magazine - November/December 2019 - 69
IEEE Consumer Electronics Magazine - November/December 2019 - 70
IEEE Consumer Electronics Magazine - November/December 2019 - 71
IEEE Consumer Electronics Magazine - November/December 2019 - 72
IEEE Consumer Electronics Magazine - November/December 2019 - 73
IEEE Consumer Electronics Magazine - November/December 2019 - 74
IEEE Consumer Electronics Magazine - November/December 2019 - 75
IEEE Consumer Electronics Magazine - November/December 2019 - 76
IEEE Consumer Electronics Magazine - November/December 2019 - 77
IEEE Consumer Electronics Magazine - November/December 2019 - 78
IEEE Consumer Electronics Magazine - November/December 2019 - 79
IEEE Consumer Electronics Magazine - November/December 2019 - 80
IEEE Consumer Electronics Magazine - November/December 2019 - 81
IEEE Consumer Electronics Magazine - November/December 2019 - 82
IEEE Consumer Electronics Magazine - November/December 2019 - 83
IEEE Consumer Electronics Magazine - November/December 2019 - 84
IEEE Consumer Electronics Magazine - November/December 2019 - 85
IEEE Consumer Electronics Magazine - November/December 2019 - 86
IEEE Consumer Electronics Magazine - November/December 2019 - 87
IEEE Consumer Electronics Magazine - November/December 2019 - 88
IEEE Consumer Electronics Magazine - November/December 2019 - 89
IEEE Consumer Electronics Magazine - November/December 2019 - 90
IEEE Consumer Electronics Magazine - November/December 2019 - 91
IEEE Consumer Electronics Magazine - November/December 2019 - 92
IEEE Consumer Electronics Magazine - November/December 2019 - 93
IEEE Consumer Electronics Magazine - November/December 2019 - 94
IEEE Consumer Electronics Magazine - November/December 2019 - 95
IEEE Consumer Electronics Magazine - November/December 2019 - 96
IEEE Consumer Electronics Magazine - November/December 2019 - 97
IEEE Consumer Electronics Magazine - November/December 2019 - 98
IEEE Consumer Electronics Magazine - November/December 2019 - 99
IEEE Consumer Electronics Magazine - November/December 2019 - 100
IEEE Consumer Electronics Magazine - November/December 2019 - 101
IEEE Consumer Electronics Magazine - November/December 2019 - 102
IEEE Consumer Electronics Magazine - November/December 2019 - 103
IEEE Consumer Electronics Magazine - November/December 2019 - 104
IEEE Consumer Electronics Magazine - November/December 2019 - 105
IEEE Consumer Electronics Magazine - November/December 2019 - 106
IEEE Consumer Electronics Magazine - November/December 2019 - 107
IEEE Consumer Electronics Magazine - November/December 2019 - 108
IEEE Consumer Electronics Magazine - November/December 2019 - 109
IEEE Consumer Electronics Magazine - November/December 2019 - 110
IEEE Consumer Electronics Magazine - November/December 2019 - 111
IEEE Consumer Electronics Magazine - November/December 2019 - 112
IEEE Consumer Electronics Magazine - November/December 2019 - 113
IEEE Consumer Electronics Magazine - November/December 2019 - 114
IEEE Consumer Electronics Magazine - November/December 2019 - 115
IEEE Consumer Electronics Magazine - November/December 2019 - 116
IEEE Consumer Electronics Magazine - November/December 2019 - Cover3
IEEE Consumer Electronics Magazine - November/December 2019 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com