[ale] Stupid smart phone

Jim Kinney jim.kinney at gmail.com
Mon Dec 13 08:16:02 EST 2021 

Heh, heh. It would be way fun to proxy the phone home data stream and manipulate it in fun and random ways.

On December 12, 2021 6:49:01 PM EST, Alex Carver <agcarver+ale at acarver.net> wrote:
>I haven't gone poking around too much but I do know there are some open
>
>ports according to a couple quick scans.  Maybe during vacation I'll 
>poke around with it, possibly toss Kali against it.
>
>If that were the case and I got in then I could at least turn off some 
>of the phone-home stuff.  I won't let it on the network directly
>because 
>of that so I can't use the casting features.
>
>On 2021-12-12 05:20, Jim Kinney wrote:
>> But, but, but, it was only done that way to provide the the best
>possible user experience </snark>
>> 
>> If they have hard coded network addresses, I'll bet they also have
>hard coded root/admin passwords. Might even have an open port. That
>would be sad. <sniff><sniff>
>> 
>> On December 12, 2021 4:37:34 AM EST, Alex Carver via Ale
><ale at ale.org> wrote:
>>> Oh they're very clever about it, too.  Despite DHCP giving it DNS
>>> servers that I control and despite the manual network configuration
>>> exposing only two DNS server entries it actually has Google's DNS
>>> servers hardcoded as a third server.  So if I tried to blacklist
>>> anything at my own DNS server, it would get around that by querying
>>> Google directly.
>>>
>>> I spotted that when I first got the TV and put a sniffer on it
>before I
>>>
>>> let it out into the wild.  It was querying 8.8.8.8 and 8.8.4.4 even
>>> though I had manually configured it for my local DNS. When I let the
>>> sniffer pass the DNS queries through it still used Google servers to
>>> handle Vizio lookups to the mothership.  Evidently the user
>configured
>>> DNS is only for the extra applications like Netflix, Hulu, etc.
>while
>>> the core spyware uses only Google for DNS.
>>>
>>> On 2021-12-11 22:42, Bob Toxen wrote:
>>>> GOOD FOR YOU to block it from spying on you and tattling!
>>>>
>>>> Bob
>>>>
>>>> On Sat, Dec 11, 2021 at 10:44:30AM -0800, Alex Carver via Ale
>wrote:
>>>>> I've got a two year old Vizio that has RCA L/R audio outputs on
>the
>>> back.
>>>>>
>>>>> Of course the TV does *NOT* have a built-in battery-backed RTC. 
>It
>>> wants to
>>>>> set its time every time you hit the power button via NTP and
>there's
>>> no
>>>>> manual way to set the time either.  So the firewall rewrites its
>NTP
>>>>> requests to point to my internal NTP server and blocks all other
>>> traffic so
>>>>> it can't call home like every other TV does.
>>>>>
>>>>> On 2021-12-11 02:19, Steve Litt via Ale wrote:
>>>>>> Jim Kinney via Ale said on Fri, 10 Dec 2021 18:22:04 -0500
>>>>>>
>>>>>>> Other days it's more like the vcr clock always
>>>>>>> blinking "12:00" for lack of a $0.10 rc circuit to keep the
>clock
>>>>>>> alive during a power blink.
>>>>>>
>>>>>> Speaking of for lack of, how many have noticed that oh-so-modern
>>> TVs
>>>>>> no longer have headphone jacks. You remember headphone jacks ---
>>> you
>>>>>> just patch the headphone jack to the line-in of any amplifier and
>>> bang,
>>>>>> you've got sound, and the sound is controllable by your TVs
>volume
>>>>>> control.
>>>>>>
>>>>>> But noooooo. That's just soooo *legacy*. Instead of a 30 cent
>>>>>> headphone jack, my Samsung TV has one of those silly "toslink"
>>> infrared
>>>>>> fiberoptics. So you have to buy a fiberoptic cable for about
>>> $15.00,
>>>>>> and then a $40 fiberoptic to line level converter, from which I
>can
>>> use
>>>>>> patch cords to go into my amp's line in. Because I don't have a
>>> $500.00
>>>>>> "home theater" system --- but rather have a $30.00 20 watt amp
>>> that's
>>>>>> tiny and works just great for TV sound.
>>>>>>
>>>>>> Well, after trying for days to get the toslink plus adapter to
>>> work, I
>>>>>> read that many Samsungs just don't work with those adapters. For
>>> lack
>>>>>> of a 30 cent headphone jack. Oh, and of course, the Samsung's
>>> built-in
>>>>>> speakers are guaranteed to be indecipherable, with various
>>> oscillations
>>>>>> at frequencies guaranteed to obscure speech.
>>>>>>
>>>>>> A couple weeks ago we went out and bought about the cheapest TV
>on
>>> the
>>>>>> market. Picture's not all that great but it had what we really
>>> wanted,
>>>>>> a headphone jack. Now we hear great sound that we can raise and
>>> lower
>>>>>> with the TV remote. Life is good.
>>>>>>
>>>>>> SteveT
>>>>>>
>>>>>> Steve Litt
>>>>>> Spring 2021 featured book: Troubleshooting Techniques of the
>>> Successful
>>>>>> Technologist http://www.troubleshooters.com/techniques
>>>>>> _______________________________________________
>>>>>> Ale mailing list
>>>>>> Ale at ale.org
>>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>> http://mail.ale.org/mailman/listinfo
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ale mailing list
>>>>> Ale at ale.org
>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/listinfo
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> https://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>> 

-- 
Computers amplify human error
Super computers are really cool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20211213/73654466/attachment.htm>

More information about the Ale mailing list