Out-of-Home Streaming - Do I have to move my 60 inch TV?

I have two houses, house #1 can’t get any OTA signal at all due to distance and a mountain.

House #2 is only 2 miles from the broadcast source.

I thought it was so cool when I found Tablo the other day, the ability to stream an OTA signal around your house and even connect remote to watch TV.

By putting the Tablo at house #2, I can stream TV to house #1 where reception is not possible. Fantastic.

I am now reading online that in order use the out of home streaming the device must first be on the same network to authenticate.

That seems nuts. That means I have to take my 60 inch TV and move it to house #2, authenticate on the same network and then take it back to house #1?

There must be a better way to authenticate.

What most users do is take a firetv stick or box to where the tablo is, sync it there, and bring it to the remote location to plug into their tv.

You can’t use a Roku.

1 Like

Read the thread below. This is what I posted in it.

“The Apple TV app, like the Roku app, doesn’t support Tablo Connect (watching remotely).

However, if you’re tech savvy you can make it work. I run a VPN server where my Tablo is located and then at the remote location have a separate router connect to that VPN. I then connect the Roku to that router and I can use the Roku remotely. This requires no “pairing” of the Roku to the Tablo, but some networking knowledge.”

https://community.tablotv.com/t/2-homes-1-tablo/

I understand why Tablo has implemented this security measure, to make it easy for the vast majority of users.

However, they have made it difficult for others such as myself.

Another problem their security system creates is anyone with access to your WIFI can get and retain access to your remote Tablo access.

If you happen to rent a room or your house out to Airbnb anyone who stays there can get on your Tablo and then continue to access your Tablo remotely indefinitely.

Clearly Tablo is storing some type of device ID at their data center, when a device wants to connect remotely it is asking Tablo’s cloud servers for the IP address of the Tablo box to connect (they are basically doing dynamic DNS resolution for customers).

They need a way to authorize and de-authorize devices to connect via their website, without having the requirement to be physically at the same site. This would also allow you to kick off users who should no longer be accessing your Tablo device, like those Airbnb guests who should not be accessing the Tablo off site.

1 Like

Create a Guest WiFi network for this purpose. It is a VAP that is isolated from your network and guests cannot access your Tablo. This prevents them from ever gaining access in the first place.

Most new routers that I have purchased have a guest network function. This would resolve your airbnb issues since your guests will be on a different network segment without access to your family’s network and the Tablo.

That is how my network is setup. Guest can not access LAN resources, only the internet.

1 Like

As nuts as it may seem… This is - as you see - the information is/was readily available.

It sends back the forwarded ports along with your public IP https://api.tablotv.com/assocserver/getipinfo/ the local IP, if your accessing from your LAN I supppose.

You can always change ports… but then you need to re-authorize your devices I think. Yes, it’s been noted often a user/pass would be awesome and secure, and never re-done.

Yes, I like this idea. In addition, I would like there to be a password sign-in to the Tablo. And it would be nice if the Tablo GUI allowed some way to select the wifi SSID (after initial setup)… I actually want to change it, but can’t figure out how. If there is an easy way to do this, please let me know.

The Tablo doesn’t broadcast its WiFi SSID after you set it up, it’s disabled after you connect the Tablo to your wireless network. So no need to change the SSID name.

Sorry, I guess I wasn’t clear. I am not talking about the Tablo SSID… why would I want to change that? What I want to change is the SSID that the Tablo is connecting to, that is broadcast by my router. You get to select this during initial setup of wifi on the Tablo, but I cannot find anyway to change it. For example, let’s assume that I currently have my Tablo on the 2.4ghz SSID, and I wanted to changed it over to the 5ghz band? I don’t find anyway to do that. Or what if I changed the SSID names in my router? How would I tell Tablo to use the new SSID names? Or for that matter how do I query the Tablo to see which SSID it is connected to?? For most devices, like a PC, TV or Roku, these are standard settings that can be easily queried and / or changed as necessary.

1 Like

Bam.

1 Like

I don’t even have my Tablo yet, but what I’m seeing here is a security problem as well as a PITA for legit customers who can’t authenticate on the same network as the Tablo box.

My guess (correct me if anyone knows otherwise) is that security on the Tablo is strictly obfuscation.

Every Tablo on the Internet with the remote access option configured is open, wide open. No username, no password, no nothing.

The security is implemented by a device connecting on the same network and then the device information being stored by Tablo in the cloud. When the remote device asks for the IP address of their Tablo device, Tablo feeds the IP & port back as mentioned by @djk44883 ( https://api.tablotv.com/assocserver/getipinfo/).

The remote device then just connects to the Tablo and has full access - done.

The only security here is a device not knowing where to connect.

I’m sure Tablo is aware of this security risk and when I get my Tablo I will be investigating the network traffic to see what is going on.

Your average Bestbuy shopper would not be able to crack this security, but rest assured there are people out there that can bypass this security setup.

Scanning for these Tablo devices (ie. https://www.shodan.io/ ) and everyone is vulnerable… If you know that the Tablo devices are actually secure, please let me know how the security works as from the picture I am starting to see here things look bad.

Oh man, this is not looking good.

It took me just minutes to find Tablo devices online and listening on the Internet, open for anyone to connect.

They are using self signed SSL certificates.

So…what’s your point? It’s not like you can connect to any of our Tablos without having connected to one first.

This isn’t a brand new device. The Tablo has been out for over 5 years now. No data breaches have been reported by anyone.

Now you don’t need to wait for your Tablo to arrive. Just fire up a Fire TV Stick and remote connect away.

And this may be the exact reason the current Tablo Connect functionality requires pairing the playback device on the local network before being able to utilize Tablo Connect. Ironically/sadly that may be more secure then a login method where someone reuses their same password over and over. Would actually be viable if the pairing functionality was “permanent” but based on other posts it seems like pairing gets “lost” periodically for some people.

I think I will go dark on this topic at this time, I will work with Tablo directly before disclosing any vulnerability publicly.

I’m sure all the Tablo devices are safe out there :wink:

1 Like

Let me know when you finally get around to accessing my tablo’s. Just don’t delete my Mr. Ed recordings.

And secretly delete that crap my wife refuses to manage. It’s filling up the disk. I’ll just blame it on a glitch in tablo’s nightly maintenance.

If you find a way, please post in this forum. Thanks!