Hacking a Medion WiFi streaming radio found at Aldi

hacking-medion-streaming-wifi

On a shopping trip at Aldi [Aaron Christophel] came across this Medion streaming device which connects to your home network via WiFi and works as an Internet radio. He couldn’t resist buying one, and managed to do quite a bit of hacking on the device (translated) once he got it home.

His first order of business was a hardware teardown. An inspection of the board showed what was obviously an unpopulated footprint for a USB mini jack. He added the component, thinking it would allow him to connect it to a computer, but that didn’t work. To investigate the issue further he connected to the device’s serial port using the hard-to-guess credentials root and password. It’s running a Linux kernel and the lsusb command revealed that the USB is enabled as host mode. This mean you can attach mass storage… sweet!

He also did some firmware hacking. Above is the confirmation screen for flashing his altered image file. This resulted in a custom splash screen when it boots up.

Comments

  1. Franklin Templeton says:

    Interesting article. I always love it when these devices are unmasked for more fun :) Thanks for the info, Aaron!

  2. Dave says:

    So what was the point of doing that, and what was the point of this article if it didn’t
    reveal the point of the original hack?

  3. Hirudinea says:

    I love these kind of articles, nice to see someone taking something good and making it better.

  4. makapuf says:

    this is really nice, congratulations !

  5. qwerty says:

    Great work indeed. I do not have Aldi in my country, does this device appear under different brands too or is it sold exclusively at Aldi?

    • 0x4368726973 says:

      I would expect to find it elsewhere as well. Aldi is a discount/generic grocery store. A few years ago, they started carrying a few small consumer electronics. Everything in the store is a generic brand, so I presume their electronics are standard chinese parts that get stamped with a hundred different names.

    • regrev says:

      Medion is one of aldi’s brand names that they use for their electronic goods. They badge their laptops with this name as well – at least in their Australian stores.

  6. junkbox says:

    Did he connect to an onboard serial port, or telnet over WiFi?

  7. Great hack. I can’t wait until ALDI carries this wonderful device in Denmark for the next time.

  8. Josh says:

    Aldi is a great place for a lot of super-cheap items that can easily be modified to make them just as good or better than name-brand items. Sometimes, it’s things, much like this, that could be factory seconds with parts removed or just left out to make them less expensive.

  9. Pedro says:

    Lidl also sells Medion stuff. Medion is not chinese. It actually sells good quality products at a lower price. sure not high end stuff but it’s good.

  10. zing says:

    Now this is hacking! Good work!

  11. the missing components around the usb connector are probably some anti ESD components like an VBUS053CZ and some decoupling caps and resistors

  12. one says:

    @AAron: How did you find out the password? What price did you pay at that time?
    @Pedro: Medion is just a brand name for no-name (typically chinese) products. They do the brainding, testing and certification, AFAIK. I don’t think they do any production and judging by my email exchanges with tech support they are pretty unaware of what the products are made of.

    • Seth says:

      @one:
      Its not hard to guess a password, 90+% of embedded linux devices: Phones (http://hackaday.com/2012/11/01/playing-video-games-on-your-office-phone/), routers, access points, printers, set top boxes, this wifi music player (almost any streaming wifi connected device is linux nowadays) is usually set to one of these 6 username:password combinations.

      root:root
      root:password
      root:(no password)
      root:admin
      admin:admin
      admin:password

      linux is very secure, but manufacturers never choose a secure password, it’s all about making the cheapest device possible.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s