Secure connection over internet?

General discussions about TV Mosaic application.
Xses
Posts: 8
Joined: Sun Apr 29, 2018 9:55 am

Secure connection over internet?

Post by Xses » Thu Jan 31, 2019 8:12 am

Hello tvmosaic team.

On your homepage you say „Watch live and recorded TV within local network and on the go“

Is it possible to get a secure connection outside your network without the use of a vpn? Would a reverse proxy be possible?

I hope you can help me. Thanks in advance.

My System: custom build nas with openmediavault (debian stretch) Tvmosaic running inside docker on latest version.

Montoya
Posts: 229
Joined: Mon Feb 26, 2018 9:07 am

Re: Secure connection over internet?

Post by Montoya » Fri Feb 01, 2019 4:32 pm

Followed the information in this topic (viewtopic.php?f=13&t=247) and got secured https access in web browser to TVMosaic showing its status page, confirming the secured https connection.

But that is as far as it goes, because every TVMosaic client app and Kodi PVR's, still needs rework to support secured access, just as Oberon mentioned in above topic.

@Oberon
What's on the roadmap for secured TVMosaic access and what time frame can we expect ?
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.4 (Git:20190831-3ade758ceb), Win10 Pro x64 1903 build18362.449

bacsom
Posts: 41
Joined: Wed Feb 28, 2018 8:54 pm

Re: Secure connection over internet?

Post by bacsom » Mon Apr 15, 2019 5:22 pm

It is an important question, because about a week ago I realised that somebody from Greece was watching TV through my father's TVMosaic installation. The same thing happened to me today with my own TVMosaic server (this time from the UK). Both programs are running on Synology systems, and user authentications are enabled (unique user names and passwords with capital letters and numbers). Now, the ports are closed, so I am in the green, but I can't watch TV outside of my home network without VPN connection anymore. How could anybody watch any channels without proper authentication?

bacsom
Posts: 41
Joined: Wed Feb 28, 2018 8:54 pm

Re: Secure connection over internet?

Post by bacsom » Mon Apr 15, 2019 5:44 pm

One more thing: it is possible that our authentication data was leaked through "monitoring.tv-mosaic.com"?

gyugyo
Posts: 19
Joined: Wed Mar 21, 2018 9:55 am

Re: Secure connection over internet?

Post by gyugyo » Wed Apr 24, 2019 7:34 am

Communication on port 9271 is not protected, only "GUI" access is protected by a user name password.


viewtopic.php?f=12&t=1061
viewtopic.php?f=12&t=1065
viewtopic.php?f=12&t=1078

viewtopic.php?f=13&t=1070

Montoya
Posts: 229
Joined: Mon Feb 26, 2018 9:07 am

Re: Secure connection over internet?

Post by Montoya » Thu Apr 25, 2019 1:04 pm

@Oberon

Abuse traffic from 5.9.102.232 and more IP's, is targeting TVMosaic servers worldwide. When can we expect secure access ?
viewtopic.php?f=12&t=1061&p=4939#p4805
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.4 (Git:20190831-3ade758ceb), Win10 Pro x64 1903 build18362.449

Oberon
Posts: 1288
Joined: Thu Jan 26, 2017 8:45 am

Re: Secure connection over internet?

Post by Oberon » Thu Apr 25, 2019 1:34 pm

Montoya wrote:
Thu Apr 25, 2019 1:04 pm
@Oberon

Abuse traffic from 5.9.102.232 and more IP's, is targeting TVMosaic servers worldwide. When can we expect secure access ?
viewtopic.php?f=12&t=1061&p=4939#p4805
We will see what we can do.

bacsom
Posts: 41
Joined: Wed Feb 28, 2018 8:54 pm

Re: Secure connection over internet?

Post by bacsom » Tue Apr 30, 2019 4:27 pm

gyugyo wrote:
Wed Apr 24, 2019 7:34 am
Communication on port 9271 is not protected, only "GUI" access is protected by a user name password.


viewtopic.php?f=12&t=1061
viewtopic.php?f=12&t=1065
viewtopic.php?f=12&t=1078

viewtopic.php?f=13&t=1070
Thanks… That is very unfortunate... especially since TV Mosaic is being advertised as a great a solution to watch TV on the go.

freddy
Posts: 36
Joined: Tue Apr 10, 2018 11:53 am

Re: Secure connection over internet?

Post by freddy » Tue Apr 30, 2019 5:08 pm

Whilst i am no expert, the thought of directly exposing an application via an open internet facing port fills me with horror. Obviously there will be exceptions eg a mail server, but this will have been designed from the outset for external access.

I intend no disrespect to DVBLink developers but the purpose of their program Is to facilitate the recording and viewing of programs. The sole purpose of a VPN server is to facilitate secure access to protected resources and keep unauthorised parties out. I know which one i would trust with my network security.

You have already found an outside party has penetrated your internal network. On this occasion it would appear only to utilise the functionality of the TV product, but a more sophisticated intruder could explore the TVMosaic application to see if there are any vulnerabilities therein which might allow them root/admin access to the underlying host and potentially wider network.

A similar scenario exists with people wishing to view home CCTV remotely and opening forwarding ports directly on their router to the cameras web server, again IMHO a security hole and a definite no, no

I would strongly recommend you investigate using a VPN to access your home network - most modern recent routers have inbuilt VPN Server capabilities.
Last edited by freddy on Tue Apr 30, 2019 7:15 pm, edited 1 time in total.

bacsom
Posts: 41
Joined: Wed Feb 28, 2018 8:54 pm

Re: Secure connection over internet?

Post by bacsom » Tue Apr 30, 2019 6:08 pm

Dear Freddy,

OK, so I am holding it wrong... Yes, VPN is a great way to access home network, but it is not easy to implement, especially for regular users and sometimes it is not even possible (my mobile operatore for example charges extra for VPN connectivity). What is more important: TV Mosaic is being advertised as an easy to use TV service on the go. Opening ports to the outside world is strongly encouraged, just check the settings page of the application or the fact the the monitoring feature only works with an open port. The least thing would be is to put a warning sign in the program, that if you open 9271, even with a user name and password, anyone would be able to use your resources.

Post Reply