iTweak security hole.

Forums Forums iLive Forums Archived iLive Discussions iTweak security hole.

This topic contains 3 replies, has 4 voices, and was last updated by Profile photo of styler1982 styler1982 9 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #22540
    Profile photo of dnxmirrorsounds
    dnxmirrorsounds
    Participant

    Our configuration is designed so we have a number of logins for the T112/iDR64 including a “basic” setup for less familiar engineers.

    This login has no password which brings me to iTweak.

    If I log into Tweak using the Basic login, I can still see ALL the stuff a full access login can see esp MIX EQ and levels.

    admittedly, a rogue user would still have to break into the wireless connection but it still feels like a bit of a security hole.

    cheers,

    Duncan Whitcombe
    Mirror Sounds & metrochurch
    Perth, Australia
    T112, iDR48x2, Dante soon
    http://www.mirrorsounds.com.au
    http://www.metrochurch.org.au

    #26773
    Profile photo of Stix
    Stix
    Participant

    Security hole agreed! You could also use MAC address filtering on your router if you wanted to make sure no uninvited people hook up to play with your mix! I also have a no password iLive login – mainly because it’s a PITA with tweak to have to password login every time ipod touch has gone to sleep/ woken up. MAC filtering solves the problem and gives an improved security level by rejecting all unknown network devices.

    Cheers

    Richard Howey
    Audio Dynamite Ltd
    IDR48/IDR16/T112/R72

    #26776
    Profile photo of guyharris
    guyharris
    Participant

    We are of two minds about security. We have a wireless access point with password protection, and then the iDR with password, but I also find it a PITA when I want to administer from my iPhone, because iTweak doesn’t multi-task, at least not on iPhone 3GS running 4.1 software, which means I have to tap in the password each time.

    The question I ask myself: is it likely that an audience member is going to have the nouse to download iTweak, break through the wireless AP and then log on to the iDR and f*ck around?

    I think the answer is that it’s highly unlikely.

    I don’t want to go to the trouble of entering MAC addresses, although that’s the most secure solution.

    I hope the new iPad app has some more custom functionality for different users; apart from the security issue (‘basic’ logons having too much functionality), it would be good to have a custom screen for the sound engineer to access when moving around the venue.

    http://www.pianojam.nl

    #26786
    Profile photo of styler1982
    styler1982
    Participant

    I agree as well, especially with the iPad app.

    My system is setup at a school in our performance venue we maintain. 3 times a week (soon to be 5) its a classroom.

    My hope with the iPad app and eventually for iTweak is that I can setup logins on a individual basis that allows each faculty to recall scenes and adjust the necessary levels, but while maintaining the important stuff.

    I would think with the way A&H markets this stuff, at least over here, to churches and the like that this would be a rather easy and HUGELY valuable feature set to address and improve.

    I am also looking for a lot more expanded ACE accessory line (this January?), but that can be another thread.

    Stephen Tyler
    Coordinator of Technical Operations
    ACM@UCO
    http://www.acm-uco.com
    iLive T-112/iDR-32; T-80/iDR-16; iPhone; iPad (soon)

Viewing 4 posts - 1 through 4 (of 4 total)

The forum ‘Archived iLive Discussions’ is closed to new topics and replies.