User avatar
ehuna
Posts: 57
Joined: Thu Dec 23, 2010 1:47 am
Delivery Date: 12 May 2011
Leaf Number: 2067

Password protect Blink when accessing from PC on network?

Tue May 31, 2011 10:44 pm

When browsing the Blink from a PC on the network, is there anyway to put a password on the whole site? I know about "Settings > Change Device PIN" and "Settings > Change Intranet Password", but these only protect some pages, particularly when a change is being made.

I would like to access the main screen or the stats from outside of my home - I can easily deal with NAT rules on my firewall and I have a public DNS entry for my house - but I don't want anyone to be able to access the non-protected screens.

Update 8/13: I found an easy way to do it and blogged about it here -

How to securely access your Blink electric car
charger from outside your home, using a proxy server (CCProxy)
http://blog.ehuna.org/2011/08/how_to_securely_access_your_bl.html

Good times!
Last edited by ehuna on Sat Aug 13, 2011 4:28 pm, edited 1 time in total.

User avatar
AmarilloLeaf
Posts: 199
Joined: Sun Oct 03, 2010 6:20 pm
Delivery Date: 31 Mar 2011
Leaf Number: 617
Location: Amarillo, Texas

Re: Password protect Blink when accessing from PC on network

Wed Jun 01, 2011 6:45 am

ehuna wrote:When browsing the Blink from a PC on the network, is there anyway to put a password on the whole site? I know about "Settings > Change Device PIN" and "Settings > Change Intranet Password", but these only protect some pages, particularly when a change is being made.

I would like to access the main screen or the stats from outside of my home - I can easily deal with NAT rules on my firewall and I have a public DNS entry for my house - but I don't want anyone to be able to access the non-protected screens.


I'm not aware of a password other than the Intranet password.

I used a unique port number in my firewall that routes to port 80 on the Blink.

If I type in http://myipaddress:6789 , my firewall routes it to my Blink's internal IP address with port 80.

Think of it as a password 'Lite'. Choose a number that very few, or nobody, uses.

Here is the 'official' list of port numbers in use.
http://www.iana.org/assignments/port-numbers
Delivered 3/31/11
Hers: Cayenne Red SL
ECOtality Blink WE-30K Level 2 charging station.
His: Tesla Model S - 85

TaylorSFGuy
Posts: 189
Joined: Wed Mar 30, 2011 8:32 pm
Delivery Date: 13 May 2011
Leaf Number: 1561
Location: Kent, Washington

Re: Password protect Blink when accessing from PC on network

Wed Jun 01, 2011 4:10 pm

If you are asking what the password is to access some of the screens, It is blinkadmin

I found it elsewhere in a posting here in MyNissanLeaf
Mileage as of May 19, 2016 is 150,000 - 147 GID at 100%

Ordered Jan. 21, 2011 Delivered May 13, 2011

Number of months with highest mileage on Carwings - 23

First LEAF to 100,000 Miles in USA if not worldwide
First non commercial LEAF to 150,000 Miles

GroundLoop
Posts: 1725
Joined: Mon Sep 13, 2010 9:31 pm

Re: Password protect Blink when accessing from PC on network

Wed Jun 01, 2011 4:44 pm

Assigning it a random port is a swell idea, but I wouldn't call it something as promising as "password lite".
Any adversary is going to have something like 'nmap' which will just list out your ports anyway.
Seriously, it accomplishes nothing at all. It's totally transparent.


The best way to protect your Blink is to put it behind a firewall, and allow NO direct inbound access to it.
Then create an SSH gateway on one of your machines, or the router.. use strong authentication on that, and from that tunnel connect to the Blink or any of your internal machines. So you have a hard exterior login that you can secure.

Normally, I'd say this is paranoid overkill for most home networks.

However, remember that the Blink is running a full Linux system, with remote incoming connections possible. It's also been proven to be poorly-written hacked together code, with no rigorous security audit.

I'd sooner browse, download, and install random russian torrents than allow inbound access to the Blink through the firewall. I'm even suspicious of its outbound activity, with the thought that it could be hijacked and converted into a bot or attack launchpad inside my network.

Remember that it has WiFi, ethernet, Zigbee, and Cellular(!) connectivity. That's a lot of surface area to work with.

User avatar
ehuna
Posts: 57
Joined: Thu Dec 23, 2010 1:47 am
Delivery Date: 12 May 2011
Leaf Number: 2067

Re: Password protect Blink when accessing from PC on network

Fri Aug 12, 2011 12:16 am

I found a good way to do it through a proxy server running on windows - here are the details if anyone is interested -

1. Download CCProxy
http://www.youngzsoft.net/ccproxy/proxy ... wnload.htm
(3 user version is free)

2. Install CCProxy
In installed it on a netbook I run all the time (low power)
This netbook is running all the time, we use it for Zwave home automation - note that you'll need a machine running CCProxy to access your Blink from the outside of your house.

3. Configure the proxy server - http (turn off any protocols you won't use such as FTP, mail, dns, etc...)
Choose a random port, like 3843
Make sure you setup authentication - username/password is a minimum, username/password + IP or MAC address even better

5. Signup for a free http://dyn.com/dns/ account, make sure you can resolve your home IP from the outside

6. Update your router/firewall to map port 3843 to the computer where CCProxy is running
Update your router/firewall to update your external IP on dyndns.com (or run the windows client)

7. Test it out - make sure you can use your new proxy server from outside of your house
I like to use Firefox, since it allows me to setup a proxy just for Firefox, not for my whole system
Use your external IP address (or dyndns.org address you setup in step 5) and the port you setup in step 3.

Now here's the magic to access the Blink -

8. Use CCProxy's "Port Map" feature: Options > Check "Port Map" > Edit
Destination Host: 192.168.1.123 (whatever your INTERNAL Blink IP address is)
Destination Port: 80
Port Type: HTTP
Local Port: 80

Now from work, or from anywhere outside your house, setup Firefox (or any other browser) to use your home proxy - type "http://192.168.1.123" in your address bar, enter the username/password you set up in step 3 - and that's it! You can now use the Blink web interface in a relative safe way from anywhere in the world!

Return to “Blink”