
“Chromecast automatically transfers that PIN using short, inaudible audio tones” - elwell
https://support.google.com/chromecast/answer/6109292?hl=en&ref_topic=6109288
======
theoh
What specific range of threats is this supposed to robustly defend against?
It's not difficult to imagine significant, inexpensive attacks that it doesn't
prevent, just the presence of an audio bug of some kind, for example.

It seems like an "invisible ink" security strategy, which is really not fit
for purpose.

~~~
dragonwriter
> What specific range of threats is this supposed to robustly defend against?

None. It's kind of like typical residential window locks, it's a mitigation
for near-zero-effort casual vandalism.

If you want security, you don't use guest mode.

> It's not difficult to imagine significant, inexpensive attacks that it
> doesn't prevent, just the presence of an audio bug of some kind, for
> example.

If your threat model involves people with covert audio bugs and wifi
transceivers in your living room, them maliciously streaming stuff to your
Chromecast is probably pretty low on the list of things they might use those
things to do.

~~~
theoh
This isn't so much about the "threat" in terms of candidate devices which
could act as bugs, or wifi devices in general (which aren't unusual, these
days) but a question of whether the convenience being provided to guests is
actually far outweighed by the risk that's being created for the "host". I'm
not talking about paranoid hosts; it's more that a system shouldn't pretend to
offer security of any kind when it actually doesn't.

Edit: so the threat is all the potential downsides relative to sharing wifi
passwords on paper.

~~~
dragonwriter
What it protects against is casual people outside the home, with no intrusion,
connecting to the Chromecast. It's casual vandalism that would be easy with
the direct connection Guest Mode without the PIN, but which the PIN pretty
effectively defeats (provided the screen isn't visible to outside passerby.)

> whether the convenience being provided to guests is actually far outweighed
> by the risk that's being created to the host.

What risk? If you are in my living room or compromise an internet-connected
device there, you can stream to my Chromecast, sure, but you can do a lot
worse with those preconditions independent of Chromecast Guest Mode.

~~~
theoh
The process of pairing two Bluetooth devices, for example, usually needs
physical input on both devices. This setup weakens that requirement, and it's
unclear why, other than convenience and gimmickry.

One possible risk is that streaming video to the Chromecast could be used to
exploit security flaws in the video codec. That might sound like a stretch,
but you're increasing your attack surface. Where previously, the host would
have had to intervene to accept a stream, now there's this weak audio-based
security system. However minor the possible risks to the Chromecast are, this
method of authentication just seems to be asking for trouble.

------
dane-pgp
Now someone needs to set their PIN so that it produces this:

[https://upload.wikimedia.org/score/o/s/ospfte7vv30brgi8c9rgh...](https://upload.wikimedia.org/score/o/s/ospfte7vv30brgi8c9rghjkmssmagbd/ospfte7v.png)

~~~
sanityvampire
Close Encounters of the Third Kind reference, for those who don't read music.

------
m-p-3
Now I'm wondering if my dog is hearing it, and how annoying it might be.

