As channel developers, you have the option to obscure the text with bullet characters in the text field as the user types characters with the on-screen keyboard. You control this behavior with the roKeyboardScreen method SetSecureText(bool isSecure).

Note that a black hat sitting next to you on the couch could still watch the on-screen keyboard as you pause on keys while hitting select on the remote. Take care 😉

The recommended box linking implementation avoids this entry of passwords using the on-screen keyboard.

We're aware of this problem from both a security and data entry perspective and we've looking to improve this process in the future.

--Kevin

"RokuKevin" wrote:
As channel developers, you have the option to obscure the text with bullet characters in the text field as the user types characters with the on-screen keyboard. You control this behavior with the roKeyboardScreen method SetSecureText(bool isSecure).

Note that a black hat sitting next to you on the couch could still watch the on-screen keyboard as you pause on keys while hitting select on the remote. Take care 😉

The recommended box linking implementation avoids this entry of passwords using the on-screen keyboard.

We're aware of this problem from both a security and data entry perspective and we've looking to improve this process in the future.

--Kevin

Kevin

Thanks for the response

I just got my Roku yesterday and it was a (pleasant) dream to hook up even with WPA2 (NetFlix activation took a call to NF, but was resolved with an English-speaking, helpful person!)!

What is alarming is that anyone who goes to the setup menu can see the wireless network password -- an average fourth grader (perhaps one's own child or friend of same) has the ability to instantly hack into the security of a home's network. As to all those suggesting "screening" visitors invited into their homes, how many parents think about kids more computer literate than they are?

At the very least, please give an option to us "old folks" who are somewhat "computer literate" to be able to optionally hide the PW during setup (even if the default mode for "dummies" remains the display of the PW). IMHO, this should be a PRIORITY in the next upgrade of the software/firmware. Otherwise, why else would Roku have thought to build security into registering for this forum (e.g., embedded graphic code followed by a confirmation e-mail)? 😄

Great product so far (minus the huge security hole).

Thanks!

"fstclair" wrote:
I just got my Roku yesterday and it was a (pleasant) dream to hook up even with WPA2 (NetFlix activation took a call to NF, but was resolved with an English-speaking, helpful person!)!

What is alarming is that anyone who goes to the setup menu can see the wireless network password -- an average fourth grader (perhaps one's own child or friend of same) has the ability to instantly hack into the security of a home's network. As to all those suggesting "screening" visitors invited into their homes, how many parents think about kids more computer literate than they are?

At the very least, please give an option to us "old folks" who are somewhat "computer literate" to be able to optionally hide the PW during setup (even if the default mode for "dummies" remains the display of the PW). IMHO, this should be a PRIORITY in the next upgrade of the software/firmware. Otherwise, why else would Roku have thought to build security into registering for this forum (e.g., embedded graphic code followed by a confirmation e-mail)? 😄

Great product so far (minus the huge security hole).

Thanks!

I agree completly

I do not want my kids - or anyone else in the house knowing my wireless access keys. I do banking, work from home, etc on my home network and DO NOT WANT my kids friends laptop accessing my network. I use firewalls, openDNS filters and access lists to prevent issues on my network.

Having my WPA key in clear text on the TV available to anyone who want to see is not acceptable.

Maybe an option would be to passcode protect the setup screens?? Require an administrative PIN to access the setup screens

I've opened a bug for this.

--Kevin

"RokuKevin" wrote:
I've opened a bug for this.

--Kevin

Thanks

hopefully a system pin will make it's way in

as an exams my router firmwRe forces me to set an root password the first time
the device is accessed after a factory reset

something similar would work here as well