8 comments

[ 3.1 ms ] story [ 33.2 ms ] thread
Now I'm wondering if my dog is hearing it, and how annoying it might be.
What specific range of threats is this supposed to robustly defend against? It's not difficult to imagine significant, inexpensive attacks that it doesn't prevent, just the presence of an audio bug of some kind, for example.

It seems like an "invisible ink" security strategy, which is really not fit for purpose.

> What specific range of threats is this supposed to robustly defend against?

None. It's kind of like typical residential window locks, it's a mitigation for near-zero-effort casual vandalism.

If you want security, you don't use guest mode.

> It's not difficult to imagine significant, inexpensive attacks that it doesn't prevent, just the presence of an audio bug of some kind, for example.

If your threat model involves people with covert audio bugs and wifi transceivers in your living room, them maliciously streaming stuff to your Chromecast is probably pretty low on the list of things they might use those things to do.

This isn't so much about the "threat" in terms of candidate devices which could act as bugs, or wifi devices in general (which aren't unusual, these days) but a question of whether the convenience being provided to guests is actually far outweighed by the risk that's being created for the "host". I'm not talking about paranoid hosts; it's more that a system shouldn't pretend to offer security of any kind when it actually doesn't.

Edit: so the threat is all the potential downsides relative to sharing wifi passwords on paper.

What it protects against is casual people outside the home, with no intrusion, connecting to the Chromecast. It's casual vandalism that would be easy with the direct connection Guest Mode without the PIN, but which the PIN pretty effectively defeats (provided the screen isn't visible to outside passerby.)

> whether the convenience being provided to guests is actually far outweighed by the risk that's being created to the host.

What risk? If you are in my living room or compromise an internet-connected device there, you can stream to my Chromecast, sure, but you can do a lot worse with those preconditions independent of Chromecast Guest Mode.

The process of pairing two Bluetooth devices, for example, usually needs physical input on both devices. This setup weakens that requirement, and it's unclear why, other than convenience and gimmickry.

One possible risk is that streaming video to the Chromecast could be used to exploit security flaws in the video codec. That might sound like a stretch, but you're increasing your attack surface. Where previously, the host would have had to intervene to accept a stream, now there's this weak audio-based security system. However minor the possible risks to the Chromecast are, this method of authentication just seems to be asking for trouble.