Chromecast an IoT device?

Hronos
Hronos Member, Beta Tester Posts: 289
100 Likes 100 Comments Second Anniversary 25 Awesomes
✭✭✭✭
edited November 19, 2019 in Devices & Security #1
Now that I am thinking about separating my IoT's from my principal network so they are "isolated" or at least not in the same network of my Desktop/Laptop, phones, or any other device with personal information that can be compromise...
I have a big doubt about Chromecast.

Is it an IoT that can be compromised?  I think it is.  But, if they are on a different network from your phone you can't cast on it... right? (I have read than "guests" can cast over a chromecast without been on your network but haven't get it to work)
So my poll is: have you "punished" your Chromecast to an IoT network for the sake of security?

Chromecast an IoT device? 13 votes

Principal Network (with your other devices like your Phone)
61%
VioletChepilCarlo_from_FingCiaranRobin_from_FingMarckltaylorInternetAlertEmad 8 votes
IoT Isolated Network.
38%
marco_from_fingCrowgrandfatherDaveFivulcansheartericyew 5 votes
Keep looking up!
VioletChepilRobin_from_FingCiaran

Comments

  • Marc
    Marc Moderator, Beta Tester Posts: 2,652
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    Principal Network (with your other devices like your Phone)
    @Hronos , I probably should be paranoid and segregate but I've had these things on my principle network for years without issue so maybe I am little too complacent now?
    Thats Daphnee, she's a good dog...
    HronosVioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Principal Network (with your other devices like your Phone)
    bumping this one @Hronos to see if we can get some more results in the poll :) 

    Community Manager at Fing

    MarcHronosDGC
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    Thanks @VioletChepil :)
    Keep looking up!
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    Hi there all! for those who put their Chromecasts to an isolated network, I would like to know how have solve the problem of using it =D
    Keep looking up!
    VioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Principal Network (with your other devices like your Phone)
    @vulcansheart @marco_from_fing anything to add to help @hronos?

    Community Manager at Fing

  • vulcansheart
    vulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    edited November 21, 2019 #7
    IoT Isolated Network.
    Using a software firewall/router with multiple LAN connections, I've isolated my IoT devices to a subnet and VLAN that cannot traverse into my secured local network. However, devices that are on my wireless VLAN (phones, laptops, etc) are allowed to initiate a session into the IoT VLAN for things like screen mirroring. If you have this capability, I recommend it for security and network control.
    *edit*
    I should say I voted "isolated" based on my tinfoil hat mentality caused by the things I've seen while attending DEFCON, and for the data mining practices of large corporations (Google included).

    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    VioletChepilHronos
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    @vulcansheart Nice one! Just to clarify, your Phones/laptops have to connect to the IoT SSID network or that "initiate a session" is resolve through the "firewall"? (I am supposing the 2nd one)
    Don't know if it's posible with my current gear... (pretty sure no) but it's a great solution...
    Keep looking up!
  • vulcansheart
    vulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    IoT Isolated Network.
    No, my personal devices connect to SSID "The Fergowski's" which is VLAN100 (tagged by the access point). Based on firewall rules, traffic is allowed to initiate from VLAN100 to VLAN200, but not vis versa.
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    Hronos
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    I believe a Linux box should help there, but are your switches any special to support that or you have physical independent ones or maybe don't have switches on VLAN200 (I ask because I have some kind of IoT's than are wired devices)
    Keep looking up!
  • vulcansheart
    vulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    IoT Isolated Network.
    @Hronos Yes, I am using a managed netgear prosafe switch along with an Omada (tp-link) EAP225 access point that has SSID based VLAN tagging.
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    HronosVioletChepil
  • ericyew
    ericyew Member, Beta Tester Posts: 0
    Photogenic
    IoT Isolated Network.
    you may need to also look at enabling IGMP snooping and mDNS...depending on your setup. Have a look here for some clue:
    https://help.ubnt.com/hc/en-us/articles/360001004034-UniFi-Best-Practices-for-Managing-Chromecast-Google-Home-on-UniFi-Network