Hacking A Medion WiFi Streaming Radio Found At Aldi

hacking-medion-streaming-wifi

On a shopping trip at Aldi [Aaron Christophel] came across this Medion streaming device which connects to your home network via WiFi and works as an Internet radio. He couldn’t resist buying one, and managed to do quite a bit of hacking on the device (translated) once he got it home.

His first order of business was a hardware teardown. An inspection of the board showed what was obviously an unpopulated footprint for a USB mini jack. He added the component, thinking it would allow him to connect it to a computer, but that didn’t work. To investigate the issue further he connected to the device’s serial port using the hard-to-guess credentials root and password. It’s running a Linux kernel and the lsusb command revealed that the USB is enabled as host mode. This mean you can attach mass storage… sweet!

He also did some firmware hacking. Above is the confirmation screen for flashing his altered image file. This resulted in a custom splash screen when it boots up.

20 thoughts on “Hacking A Medion WiFi Streaming Radio Found At Aldi

    1. I would expect to find it elsewhere as well. Aldi is a discount/generic grocery store. A few years ago, they started carrying a few small consumer electronics. Everything in the store is a generic brand, so I presume their electronics are standard chinese parts that get stamped with a hundred different names.

    1. telnet over wifi
      user: root
      password: password

      who would have tought ..
      it seems that beat also supports iPods ..
      I think i will get one from ebay as aldi has no stock and goods are always available for a week or two before they sell out :(

  1. Aldi is a great place for a lot of super-cheap items that can easily be modified to make them just as good or better than name-brand items. Sometimes, it’s things, much like this, that could be factory seconds with parts removed or just left out to make them less expensive.

  2. @AAron: How did you find out the password? What price did you pay at that time?
    @Pedro: Medion is just a brand name for no-name (typically chinese) products. They do the brainding, testing and certification, AFAIK. I don’t think they do any production and judging by my email exchanges with tech support they are pretty unaware of what the products are made of.

    1. @one:
      Its not hard to guess a password, 90+% of embedded linux devices: Phones (http://hackaday.com/2012/11/01/playing-video-games-on-your-office-phone/), routers, access points, printers, set top boxes, this wifi music player (almost any streaming wifi connected device is linux nowadays) is usually set to one of these 6 username:password combinations.

      root:root
      root:password
      root:(no password)
      root:admin
      admin:admin
      admin:password

      linux is very secure, but manufacturers never choose a secure password, it’s all about making the cheapest device possible.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.