3 Replies Latest reply: Nov 8, 2012 6:27 PM by surge3 RSS

    Security issues

    panos1974

      If i have the suspicion my slingbox has being hacked what can i do?

      Should i change my slingbox password or isnt that enough do i have to reset/change my slingbox id and if yes how is this done

       

      Thank you in advance!

        • Re: Security issues
          Apprentice

          Hi Panos1974,

           

          For this type of security issues, we strongly recommend to change the administrator and the guest password of your Slingbox. Have a look at this link, it might help you to do this,

           

          Changing Slingbox name or passwords with SlingPlayer (Windows)

           

          Hope this helps.

           

          Regards

            • Re: Security issues
              peter75

              Hi, I too was suspecting that my slingbox account had been accessed by someone else. So I changed my administrator and user password on my slingboxes, I changed my slingaccount username and password and sure enough after maybe 2 hours using this new profile, whilst using the sling player set up the connection was interrupted and prompted by Conflict Manager saying that someone else was connected to the slingbox. The IP Address given was 106.136.236.204 which is an IP address in Japan. Both my slingbox and my remote location are in Europe. photo1.JPGphoto.JPGI have lost confidence using Sling's products and I hope security issues will be taken seriously, and a remedy will be found immediately. 

                • Re: Security issues
                  surge3

                  Hi -- this same exact thing has happened to me during the past two days.

                  I have changed my password twice and I do not know what to do.

                  Please help me...someone keeps accessing my slingbox and I don't know who it is!

                  It just tells me that it's from an IP address in mexico...how is this possible that they know my passwords AFTER I changed them?

                  I changed both the web password (for my slingbox.com account) and the admin password, as well as the guest password on my slingbox and they know it again..

                  They for absolute certainty do *not* have access to my email, as gmail logs all ip addresses accessing the account and there are no flags there.

                  Please help...

                  I suspect that there is some kind of exploit available to hack someone's slingbox as I do not see how it would be possible that someone knows my password an hour after I change it.

                  For now I have just unplugged the thing as I can not have this happening -- my bandwidth is being eaten alive by whoever is doing this to me.

                   

                  There is one possible explanation -- I found that even if I change my slingbox.com account password AND my slingbox administrator password, if I already have the app installed on my iphone, it does not ask me to login again -- it just lets me view the stream.  I think this may be what's going on.

                   

                  EDIT:

                   

                  So basically here is the problem in a nutshell -- if someone has your slingbox.com web password (even if it's not your *current* slingbox.com web password), and they are already logged in with an iPhone, they have access to your slingbox PERMANENTLY regardless if you change your slingbox.com web password or your administrator password.  How is this allowed to happen?

                   

                  Here's how to test this exploit -- log in with your iphone slingbox app, then change your password on slingbox.com from your computer.

                  Also go ahead and change the administrator viewing password for the slingbox, and change the guest viewing password as well.

                  Close the slingbox app on your iphone then re-open it.  The iPhone remains logged in -- it does not ask you to put *ANY* of the new passwords in.  This is just awful.

                   

                  Oh and check this out as well -- on the iPhone, you don't even have to type in any password to kick someone off -- all you have to do is click a button (as demonstrated by this screen shot from eferz:) https://community.sling.com/servlet/JiveServlet/downloadImage/2-7478-1390/450-300/Mobile+Photo+Jun+16%2C+2010+7+25+54+PM.jpg

                   

                   

                  This explains how someone can view your slingbox without knowing your current password, and how even someone can kick you off without knowing your administrator password.

                   

                  And yep -- the guy from Mexico just disconnected me again.  Great product you guys got here.

                   

                  I'm going to dig around some more and see what else I can find, but for now I would suggest that if anyone has this happening to you to immediately unplug your slingbox.  I can think of one possible explanation of how someone got my slingbox.com password for the iphone, as I sold my ipod touch a few years ago and it may have had the slingbox app already on it and set up.  But there could be more going on here -- if this "slingbox scanner" app is real then I will find out how it works

                   

                  When you think about this -- this is really scary -- this guy could have been making VOD or PPV puchases and watching my TV for free for who knows how long?

                   

                  The slingbox just became one of the most easily hacked appliances on the market...