Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Describe threat model #994

Open
3 tasks done
RByers opened this issue Sep 14, 2024 · 0 comments
Open
3 tasks done

Describe threat model #994

RByers opened this issue Sep 14, 2024 · 0 comments
Labels
topic: documentation Related to documentation for the project topic: security Related to the protection of user data type: enhancement Proposed improvement

Comments

@RByers
Copy link

RByers commented Sep 14, 2024

Describe the request

I just installed the Arduino Create Agent on my Mac and was immediately concerned about the potential security implications. I understand it makes a web socket available to any web page I visit, and has commands for installing software on my machine, so that seems like a pretty juicy target for attackers. Digging further I found some mention of PGP keys, so I guess there's probably some authentication of the client, but what clients are authenticated and how hard would it really be for an attacker to get keys?

There's also a privacy angle here. Since there's an open port on my machine that any website can talk to, to what extent does that let any website (or any ad running on any website) fingerprint me and re-identify me (even when using the private browsing feature of my browser)?

Anyway after 30 minutes of research I'm left feeling a lack of confidence in the security and privacy implications and so must uninstall it to protect my machine. Perhaps a threat model could be written for security conscious users like myself to explain why you believe it's secure and what steps have been taken to mitigate any vulnerabilities?

I'd also be very interested to see an "alternatives considered". Like why don't you just use WebUSB instead, where I could trust my browser to always get my permission for any website before letting it talk to a device? Or why not consider having some UI where the user must approve every new connection to the agent? Or perhaps a browser extension could be used to restrict access to the agent to a known list of websites? I'm an engineer on Google Chrome and so am happy to help brainstorm, answer questions, and try to get any issues in Chrome addressed.

Describe the current behavior

No information I could find on what the security and privacy implications were to installing this software

Arduino Create Agent version

Irrelevant (it's actually the Crunchlabs fork that I installed and I don't see where to get the version)

Operating system

macOS

Operating system version

Irrelevant

Browser

Chrome but irrelevant

Browser version

Irrelevant

Additional context

No response

Issue checklist

  • I searched for previous requests in the issue tracker
  • I verified the feature was still missing when using the latest version
  • My request contains all necessary details
@RByers RByers added the type: enhancement Proposed improvement label Sep 14, 2024
@per1234 per1234 added topic: documentation Related to documentation for the project topic: security Related to the protection of user data labels Sep 14, 2024
@per1234 per1234 changed the title Describe threat model? Describe threat model Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: documentation Related to documentation for the project topic: security Related to the protection of user data type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RByers @per1234