Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It comes with SSH running and you have the root password

Is the password different for every device? Is the ssh daemon updated regularly? Seems like a massive security vulnerability otherwise.



The password is randomly generated for each device, yes. And of course the network only becomes available once you connect the device to your WiFi, or via cable to a PC. Once you're connected, you can also change to key-only authentication if you want.

The SSH daemon is Dropbear, and it doesn't seem to be updated though:

> reMarkable: ~/ dropbear -V

> Dropbear v2016.72


Hmm, I thought we were at 2017.75, are you sure your device is up to date?

We shipped the first software with an old dropbear, though it had backported patches for the known CVEs: http://cgit.openembedded.org/openembedded-core/tree/meta/rec...


I'm on 1.7.2.3, so only missing the latest update.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: