Juuuust waiting for a hacker team to find a way into these machines, and turn them into DDOS clients or worse.
(Topic ID: 300441)
You're currently viewing posts by Pinsider Coyote.
Click here to go back to viewing the entire thread.
Quoted from ForceFlow:Everything is going to a subscription based model these days. I don't like it, but this was only a matter of time.
Agree - it's happening everywhere. Not just pinball. Even my own compnany has gone from perpetual licenses to monthly 'leases', a la Adobe.
Quoted from chickenscratch:Unfounded. You don’t browse the web with this, open email or port forward to it. There’s 0 attack surface other than Stern’s servers. Say you do get infected, which you won’t, DDOS ya, that’s possible with a TCP/IP stack but there’s really nothing worse. Just… reformat your flash card and put latest code on it - all attacks muted. I mean, if you want to pay 1 BTC to save your high scores, but you can back those up too.
Sorry, but wrong - with it connected to the internet, even while connected via VPN, there is a surface area. Ethernet chips (the base hardware) have been known to have security flaws, and who knows how the software would handle a DDoS attack on it - you send it millions of pings a second, will the software crash? Or slow down? Someone playing a game and it suddenly reboots? And who knows what the game's software is doing monitoring ports and incoming packets.
Stern's servers are ONE of the surface areas. There are PLENTY of others.
Quoted from chickenscratch:Sorry, but very wrong. There’s no outside initiated inbound communication from the WAN to the pin unless you port forward to its private IP address. So all you got is inside initiated outbound communication and what’s it going to talk to other than Stern’s servers?
Okay, assuming for a moment that NAT slipstreaming doesn't exist for a moment, let's pretend that man-in-the-middle attacks don't exist either. You keep workin' on that, 'k? (And how many home and business owners change their default password on all those Comcast routers and modems? 
)
Quoted from Dent00:I could see this being a problem in tournaments. Tournament directors might mention something like "No one is allowed to enable the special bridge multiball on Godzilla with their insider access QR code" s
Honestly, I would assume that if you put the game into Tourney mode, the QR reader would be disabled. Assuming the games are home-based. For on-location play, then yeah, would need to make sure that noone scans.
And I wonder in a multi-layer game, if one person scans, and the others don't, does only that player get the added features, and the others don't? Or does it/would it activate for all players in the game?
Quoted from chickenscratch:I know of no SOHO router that has open admin from the WAN; you need to turn that on, and that’s on you…
Many of Comcast's modems (which handle LAN DHCP and routing) have default passwords installed - USUALLY they are limited by the incoming IP, but that can be faked.
And while we're drifting off topic and couldn't care about anyone's credentials here -
Quoted from chickenscratch:NAT slipstreaming requires the user to visit a website; I’ll let that bake in, from a pinball machine
What do you think the game is doing when it contacts Stern's servers? Even a REST API or opening a socket could allow that.
Quoted from chickenscratch:A MitM attack is again between you and Stern and would require something like an attacker stealing a Stern certificate… on Stern not the player
You're currently viewing posts by Pinsider Coyote.
Click here to go back to viewing the entire thread.
Reply
Wanna join the discussion? Please sign in to reply to this topic.
Hey there! Welcome to Pinside!
Donate to PinsideGreat to see you're enjoying Pinside! Did you know Pinside is able to run without any 3rd-party banners or ads, thanks to the support from our visitors? Please consider a donation to Pinside and get anext to your username to show for it! Or better yet, subscribe to Pinside+!
