[ale] Stupid smart phone

Bob Toxen transam at verysecurelinux.com
Mon Dec 13 15:18:22 EST 2021


Or just block everything but time requests and see if it still works (less
trouble but less fun than a MITM attack that, if they're really smart
they can detect) or even call customer support, the latter a longshot.

On Mon, Dec 13, 2021 at 10:38:14AM -0800, Alex Carver wrote:
> You'd think so but it uses TLS so I can't see inside the packets easily
> (wow, an appliance manufacturer thought to use security, too bad it was to
> hide what they were doing).
> 
> If I was able to gain access to the OS I could probably do a lot more
> detective work.  From my initial outside sniffing it looks like it tries to
> grab a token which I would surmise is used to identify itself in further
> exchanges.
> 
> I'll have to read up more on setting up a MITM proxy that can decode TLS.
> I've got a laptop with Linux, I'd just need a USB Ethernet adapter  so I
> could have two interfaces that I could drop in line with the TV and listen
> in.
> 
> On 2021-12-13 05:16, Jim Kinney wrote:
> > Heh, heh. It would be way fun to proxy the phone home data stream and manipulate it in fun and random ways.
> > 
> > On December 12, 2021 6:49:01 PM EST, Alex Carver <agcarver+ale at acarver.net> wrote:
> > > I haven't gone poking around too much but I do know there are some open
> > > 
> > > ports according to a couple quick scans.  Maybe during vacation I'll
> > > poke around with it, possibly toss Kali against it.
> > > 
> > > If that were the case and I got in then I could at least turn off some
> > > of the phone-home stuff.  I won't let it on the network directly
> > > because
> > > of that so I can't use the casting features.
> > > 
> > > On 2021-12-12 05:20, Jim Kinney wrote:
> > > > But, but, but, it was only done that way to provide the the best
> > > possible user experience </snark>
> > > > 
> > > > If they have hard coded network addresses, I'll bet they also have
> > > hard coded root/admin passwords. Might even have an open port. That
> > > would be sad. <sniff><sniff>
> > > > 
> > > > On December 12, 2021 4:37:34 AM EST, Alex Carver via Ale
> > > <ale at ale.org> wrote:
> > > > > Oh they're very clever about it, too.  Despite DHCP giving it DNS
> > > > > servers that I control and despite the manual network configuration
> > > > > exposing only two DNS server entries it actually has Google's DNS
> > > > > servers hardcoded as a third server.  So if I tried to blacklist
> > > > > anything at my own DNS server, it would get around that by querying
> > > > > Google directly.
> > > > > 
> > > > > I spotted that when I first got the TV and put a sniffer on it
> > > before I
> > > > > 
> > > > > let it out into the wild.  It was querying 8.8.8.8 and 8.8.4.4 even
> > > > > though I had manually configured it for my local DNS. When I let the
> > > > > sniffer pass the DNS queries through it still used Google servers to
> > > > > handle Vizio lookups to the mothership.  Evidently the user
> > > configured
> > > > > DNS is only for the extra applications like Netflix, Hulu, etc.
> > > while
> > > > > the core spyware uses only Google for DNS.
> > > > > 
> > > > > On 2021-12-11 22:42, Bob Toxen wrote:
> > > > > > GOOD FOR YOU to block it from spying on you and tattling!
> > > > > > 
> > > > > > Bob
> > > > > > 
> > > > > > On Sat, Dec 11, 2021 at 10:44:30AM -0800, Alex Carver via Ale
> > > wrote:
> > > > > > > I've got a two year old Vizio that has RCA L/R audio outputs on
> > > the
> > > > > back.
> > > > > > > 
> > > > > > > Of course the TV does *NOT* have a built-in battery-backed RTC.
> > > It
> > > > > wants to
> > > > > > > set its time every time you hit the power button via NTP and
> > > there's
> > > > > no
> > > > > > > manual way to set the time either.  So the firewall rewrites its
> > > NTP
> > > > > > > requests to point to my internal NTP server and blocks all other
> > > > > traffic so
> > > > > > > it can't call home like every other TV does.
> > > > > > > 
> > > > > > > On 2021-12-11 02:19, Steve Litt via Ale wrote:
> > > > > > > > Jim Kinney via Ale said on Fri, 10 Dec 2021 18:22:04 -0500
> > > > > > > > 
> > > > > > > > > Other days it's more like the vcr clock always
> > > > > > > > > blinking "12:00" for lack of a $0.10 rc circuit to keep the
> > > clock
> > > > > > > > > alive during a power blink.
> > > > > > > > 
> > > > > > > > Speaking of for lack of, how many have noticed that oh-so-modern
> > > > > TVs
> > > > > > > > no longer have headphone jacks. You remember headphone jacks ---
> > > > > you
> > > > > > > > just patch the headphone jack to the line-in of any amplifier and
> > > > > bang,
> > > > > > > > you've got sound, and the sound is controllable by your TVs
> > > volume
> > > > > > > > control.
> > > > > > > > 
> > > > > > > > But noooooo. That's just soooo *legacy*. Instead of a 30 cent
> > > > > > > > headphone jack, my Samsung TV has one of those silly "toslink"
> > > > > infrared
> > > > > > > > fiberoptics. So you have to buy a fiberoptic cable for about
> > > > > $15.00,
> > > > > > > > and then a $40 fiberoptic to line level converter, from which I
> > > can
> > > > > use
> > > > > > > > patch cords to go into my amp's line in. Because I don't have a
> > > > > $500.00
> > > > > > > > "home theater" system --- but rather have a $30.00 20 watt amp
> > > > > that's
> > > > > > > > tiny and works just great for TV sound.
> > > > > > > > 
> > > > > > > > Well, after trying for days to get the toslink plus adapter to
> > > > > work, I
> > > > > > > > read that many Samsungs just don't work with those adapters. For
> > > > > lack
> > > > > > > > of a 30 cent headphone jack. Oh, and of course, the Samsung's
> > > > > built-in
> > > > > > > > speakers are guaranteed to be indecipherable, with various
> > > > > oscillations
> > > > > > > > at frequencies guaranteed to obscure speech.
> > > > > > > > 
> > > > > > > > A couple weeks ago we went out and bought about the cheapest TV
> > > on
> > > > > the
> > > > > > > > market. Picture's not all that great but it had what we really
> > > > > wanted,
> > > > > > > > a headphone jack. Now we hear great sound that we can raise and
> > > > > lower
> > > > > > > > with the TV remote. Life is good.
> > > > > > > > 
> > > > > > > > SteveT
> > > > > > > > 
> > > > > > > > Steve Litt
> > > > > > > > Spring 2021 featured book: Troubleshooting Techniques of the
> > > > > Successful
> > > > > > > > Technologist http://www.troubleshooters.com/techniques
> > > > > > > > _______________________________________________
> > > > > > > > Ale mailing list
> > > > > > > > Ale at ale.org
> > > > > > > > https://mail.ale.org/mailman/listinfo/ale
> > > > > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > > > > > http://mail.ale.org/mailman/listinfo
> > > > > > > > 
> > > > > > > 
> > > > > > > _______________________________________________
> > > > > > > Ale mailing list
> > > > > > > Ale at ale.org
> > > > > > > https://mail.ale.org/mailman/listinfo/ale
> > > > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > > > > http://mail.ale.org/mailman/listinfo
> > > > > 
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > https://mail.ale.org/mailman/listinfo/ale
> > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > > http://mail.ale.org/mailman/listinfo
> > > > 
> > 


More information about the Ale mailing list