Hacking a Medion WiFi streaming radio found at Aldi

hacking-medion-streaming-wifi

On a shopping trip at Aldi [Aaron Christophel] came across this Medion streaming device which connects to your home network via WiFi and works as an Internet radio. He couldn’t resist buying one, and managed to do quite a bit of hacking on the device (translated) once he got it home.

His first order of business was a hardware teardown. An inspection of the board showed what was obviously an unpopulated footprint for a USB mini jack. He added the component, thinking it would allow him to connect it to a computer, but that didn’t work. To investigate the issue further he connected to the device’s serial port using the hard-to-guess credentials root and password. It’s running a Linux kernel and the lsusb command revealed that the USB is enabled as host mode. This mean you can attach mass storage… sweet!

He also did some firmware hacking. Above is the confirmation screen for flashing his altered image file. This resulted in a custom splash screen when it boots up.

20 thoughts on “Hacking a Medion WiFi streaming radio found at Aldi

  1. Interesting article. I always love it when these devices are unmasked for more fun :) Thanks for the info, Aaron!

  2. So what was the point of doing that, and what was the point of this article if it didn’t
    reveal the point of the original hack?

  3. Great work indeed. I do not have Aldi in my country, does this device appear under different brands too or is it sold exclusively at Aldi?

    1. I would expect to find it elsewhere as well. Aldi is a discount/generic grocery store. A few years ago, they started carrying a few small consumer electronics. Everything in the store is a generic brand, so I presume their electronics are standard chinese parts that get stamped with a hundred different names.

    2. Medion is one of aldi’s brand names that they use for their electronic goods. They badge their laptops with this name as well – at least in their Australian stores.

    1. telnet over wifi
      user: root
      password: password

      who would have tought ..
      it seems that beat also supports iPods ..
      I think i will get one from ebay as aldi has no stock and goods are always available for a week or two before they sell out :(

  4. Aldi is a great place for a lot of super-cheap items that can easily be modified to make them just as good or better than name-brand items. Sometimes, it’s things, much like this, that could be factory seconds with parts removed or just left out to make them less expensive.

  5. Lidl also sells Medion stuff. Medion is not chinese. It actually sells good quality products at a lower price. sure not high end stuff but it’s good.

  6. @AAron: How did you find out the password? What price did you pay at that time?
    @Pedro: Medion is just a brand name for no-name (typically chinese) products. They do the brainding, testing and certification, AFAIK. I don’t think they do any production and judging by my email exchanges with tech support they are pretty unaware of what the products are made of.

    1. @one:
      Its not hard to guess a password, 90+% of embedded linux devices: Phones (http://hackaday.com/2012/11/01/playing-video-games-on-your-office-phone/), routers, access points, printers, set top boxes, this wifi music player (almost any streaming wifi connected device is linux nowadays) is usually set to one of these 6 username:password combinations.

      root:root
      root:password
      root:(no password)
      root:admin
      admin:admin
      admin:password

      linux is very secure, but manufacturers never choose a secure password, it’s all about making the cheapest device possible.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s