[ale] Stupid smart phone

Alex Carver agcarver+ale at acarver.net
Mon Dec 13 13:38:14 EST 2021


You'd think so but it uses TLS so I can't see inside the packets easily 
(wow, an appliance manufacturer thought to use security, too bad it was 
to hide what they were doing).

If I was able to gain access to the OS I could probably do a lot more 
detective work.  From my initial outside sniffing it looks like it tries 
to grab a token which I would surmise is used to identify itself in 
further exchanges.

I'll have to read up more on setting up a MITM proxy that can decode 
TLS.  I've got a laptop with Linux, I'd just need a USB Ethernet adapter 
  so I could have two interfaces that I could drop in line with the TV 
and listen in.

On 2021-12-13 05:16, Jim Kinney wrote:
> Heh, heh. It would be way fun to proxy the phone home data stream and manipulate it in fun and random ways.
> 
> On December 12, 2021 6:49:01 PM EST, Alex Carver <agcarver+ale at acarver.net> wrote:
>> I haven't gone poking around too much but I do know there are some open
>>
>> ports according to a couple quick scans.  Maybe during vacation I'll
>> poke around with it, possibly toss Kali against it.
>>
>> If that were the case and I got in then I could at least turn off some
>> of the phone-home stuff.  I won't let it on the network directly
>> because
>> of that so I can't use the casting features.
>>
>> On 2021-12-12 05:20, Jim Kinney wrote:
>>> But, but, but, it was only done that way to provide the the best
>> possible user experience </snark>
>>>
>>> If they have hard coded network addresses, I'll bet they also have
>> hard coded root/admin passwords. Might even have an open port. That
>> would be sad. <sniff><sniff>
>>>
>>> On December 12, 2021 4:37:34 AM EST, Alex Carver via Ale
>> <ale at ale.org> wrote:
>>>> Oh they're very clever about it, too.  Despite DHCP giving it DNS
>>>> servers that I control and despite the manual network configuration
>>>> exposing only two DNS server entries it actually has Google's DNS
>>>> servers hardcoded as a third server.  So if I tried to blacklist
>>>> anything at my own DNS server, it would get around that by querying
>>>> Google directly.
>>>>
>>>> I spotted that when I first got the TV and put a sniffer on it
>> before I
>>>>
>>>> let it out into the wild.  It was querying 8.8.8.8 and 8.8.4.4 even
>>>> though I had manually configured it for my local DNS. When I let the
>>>> sniffer pass the DNS queries through it still used Google servers to
>>>> handle Vizio lookups to the mothership.  Evidently the user
>> configured
>>>> DNS is only for the extra applications like Netflix, Hulu, etc.
>> while
>>>> the core spyware uses only Google for DNS.
>>>>
>>>> On 2021-12-11 22:42, Bob Toxen wrote:
>>>>> GOOD FOR YOU to block it from spying on you and tattling!
>>>>>
>>>>> Bob
>>>>>
>>>>> On Sat, Dec 11, 2021 at 10:44:30AM -0800, Alex Carver via Ale
>> wrote:
>>>>>> I've got a two year old Vizio that has RCA L/R audio outputs on
>> the
>>>> back.
>>>>>>
>>>>>> Of course the TV does *NOT* have a built-in battery-backed RTC.
>> It
>>>> wants to
>>>>>> set its time every time you hit the power button via NTP and
>> there's
>>>> no
>>>>>> manual way to set the time either.  So the firewall rewrites its
>> NTP
>>>>>> requests to point to my internal NTP server and blocks all other
>>>> traffic so
>>>>>> it can't call home like every other TV does.
>>>>>>
>>>>>> On 2021-12-11 02:19, Steve Litt via Ale wrote:
>>>>>>> Jim Kinney via Ale said on Fri, 10 Dec 2021 18:22:04 -0500
>>>>>>>
>>>>>>>> Other days it's more like the vcr clock always
>>>>>>>> blinking "12:00" for lack of a $0.10 rc circuit to keep the
>> clock
>>>>>>>> alive during a power blink.
>>>>>>>
>>>>>>> Speaking of for lack of, how many have noticed that oh-so-modern
>>>> TVs
>>>>>>> no longer have headphone jacks. You remember headphone jacks ---
>>>> you
>>>>>>> just patch the headphone jack to the line-in of any amplifier and
>>>> bang,
>>>>>>> you've got sound, and the sound is controllable by your TVs
>> volume
>>>>>>> control.
>>>>>>>
>>>>>>> But noooooo. That's just soooo *legacy*. Instead of a 30 cent
>>>>>>> headphone jack, my Samsung TV has one of those silly "toslink"
>>>> infrared
>>>>>>> fiberoptics. So you have to buy a fiberoptic cable for about
>>>> $15.00,
>>>>>>> and then a $40 fiberoptic to line level converter, from which I
>> can
>>>> use
>>>>>>> patch cords to go into my amp's line in. Because I don't have a
>>>> $500.00
>>>>>>> "home theater" system --- but rather have a $30.00 20 watt amp
>>>> that's
>>>>>>> tiny and works just great for TV sound.
>>>>>>>
>>>>>>> Well, after trying for days to get the toslink plus adapter to
>>>> work, I
>>>>>>> read that many Samsungs just don't work with those adapters. For
>>>> lack
>>>>>>> of a 30 cent headphone jack. Oh, and of course, the Samsung's
>>>> built-in
>>>>>>> speakers are guaranteed to be indecipherable, with various
>>>> oscillations
>>>>>>> at frequencies guaranteed to obscure speech.
>>>>>>>
>>>>>>> A couple weeks ago we went out and bought about the cheapest TV
>> on
>>>> the
>>>>>>> market. Picture's not all that great but it had what we really
>>>> wanted,
>>>>>>> a headphone jack. Now we hear great sound that we can raise and
>>>> lower
>>>>>>> with the TV remote. Life is good.
>>>>>>>
>>>>>>> SteveT
>>>>>>>
>>>>>>> Steve Litt
>>>>>>> Spring 2021 featured book: Troubleshooting Techniques of the
>>>> Successful
>>>>>>> Technologist http://www.troubleshooters.com/techniques
>>>>>>> _______________________________________________
>>>>>>> Ale mailing list
>>>>>>> Ale at ale.org
>>>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>>> http://mail.ale.org/mailman/listinfo
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Ale mailing list
>>>>>> Ale at ale.org
>>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>> http://mail.ale.org/mailman/listinfo
>>>>
>>>> _______________________________________________
>>>> Ale mailing list
>>>> Ale at ale.org
>>>> https://mail.ale.org/mailman/listinfo/ale
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/listinfo
>>>
> 



More information about the Ale mailing list