Think Twice About Buying Internet-connected Devices Off Ebay (qz.com) 77
If you're thinking about buying gadgets from auction sites such as Ebay, you will want to consider the potential risks. From a report: When you're buying from a third-party seller, it's a lot more difficult to tell where products have come from, whether you're getting exactly what you think you're getting, and if anything has been done to the product since it was manufactured. "It is possible for internet-connected devices to be tampered with and resold on the web," Leigh-Anne Galloway, lead cybersecurity resilience analyst at the cybersecurity firm Positive Technologies, told Quartz. "It's similar to buying a secondhand cellphone without it being restored to factory settings." In fact, buying a second hand gadget can potentially expose the user to some pretty extreme scenarios. "Cameras and IoT devices can contain spyware and malware, which can cause a plethora of problems for the user," Galloway added. "These devices could possibly listen to you, watch your every step, communicate with and attack other devices connected to the same local network, such as PCs, laptops, and TVs." Galloway said devices could also be used to perform botnet attacks -- where an unsecured internet-connected device is accessed by another computer and used along with other breached devices to take down websites or internet services, as what happened with the Mirai botnet attack in 2016.
I would argue it's not just Ebay (Score:5, Informative)
It's all devices. Hell, most of them are designed to spy on the users. Do you trust anything coming from China?
The sad fact is you've already agreed to be spied on when you agree to use almost any Internet connected device. There's really nothing that changes with this article.
Re:I would argue it's not just Ebay (Score:5, Informative)
>Do you trust anything coming from China?
Yes. The Chinese have no interest in spying on the average consumer in the West. If I held a security-sensitive position in government, I'd be more concerned, but I don't so I'm not.
And ultimately if I buy a domestic product I have to be concerned about domestic spying, which is more likely to directly affect me.
Re: I would argue it's not just Ebay (Score:4, Insightful)
The Chinese have an interest in spying on everybody, all of the time.
Re: I would argue it's not just Ebay (Score:4, Insightful)
Every corporation has an interest in spying on everyone, all the time. Data is money.
Re: I would argue it's not just Ebay (Score:5, Insightful)
yeah? why is that?
Because you don't always know ahead of time what will turn out to be valuable. So the standard operating procedure these days is to collect everything. Over time, historical data becomes valuable as well.
Re:I would argue it's not just Ebay (Score:5, Interesting)
Let's ignore the traditional image of foreign agents conducting espionage and think more about what could be gained by operating a beachhead device inside a random US home.
1. Botnet participant can be used for DDOS attacks on government and corporate entities.
2. Automated network snooping can exploit vulnerabilities to compromise network routers
3. With network router compromised, MITM attacks can inject malware and gather remote credentials to other services. This can grow the botnet population and compromise additional devices on remote networks. MITM attack enables automated identity theft to erode American economic stability.
The identity theft part highlights the probability that these trojan devices can very well be controlled by criminal elements rather than state actors. Cryptoviruses and blackmail can be implemented thanks to such compromised IOT devices.
Re: (Score:3)
Wonder if you could pull off TEMPEST in a consumer electronics-sized device. That would lead to some seriously concerning possibilities.
Re: (Score:2)
However, these risks (from my perspective, not the state's) remain the same regardless of where the device is manufactured.
Do I care whether it's USA or China that has the original back door on my device? If I trusted one more than the other not to compromise my device at the factory, I'd preferentially buy from them. I trust neither.
Re: (Score:2)
>> Then, please, by all means do explain the sheer number of stories we've seen about Chinese products
Bad Press.
Also called propaganda.
USA (Score:3)
>Do you trust anything coming from USA ?
Hell No.
Re: (Score:2)
I'd argue that in >95% of cases there is no point to making most widgets internet connected or "smart" in the first place. I'm still in awe that anyone ever wasted money on a web connected fridge. WTF?
Sadly, many of these widhets have been designed to be badly hobbled or non-functional if they are NOT connected to servers via the internet. I see orphaning of products as a real scourge on the world. Widgets that used to last a decade or more are now "smart", but useless after a year or three when the
Re: (Score:1)
As Nietzsche once said (Score:5, Insightful)
When you gaze long into an abyss, the abyss also gazes into you.
So, when you buy that spycam, be informed that it might also be spying on you.
Re: (Score:2)
My ROKU remote app would disagree with you but it's too busy watching Netflix.
Ha, haa, I am safe. (Score:5, Funny)
Any trust in eBay for last 10 years? (Score:2)
Has anyone really trusted eBay in the last 10 years, electronic device or not?
Shouldn't it be four? (Score:2)
You should think twice before buying any internet connected device, and twice again before buying anything of Alleybobo. By my reckoning that's four times - at least.
So what, are we new or something? (Score:3)
Show of hands, who here doesn't immediately reflash everything with updatable firmware? Usually there's an update anyway, by the time you get it in your hot little hands.
Re: (Score:2)
Re: (Score:1)
Wiping and installing Linux is the second thing I do,.
The first thing is do is to have a bit of a snoop around. In case there's any pr0n. To, umm, alert he authorities, if it's dodgy. Yes, that.
Did I say pr0n? I meant music.
Re: (Score:2)
The problem with finding pr0n on cheap computers is that it's usually old, and thus low-bitrate... I mean, music.
Why single out EBay? (Score:2)
ANYTHING you buy that connects to the internet should first and foremost go through a thorough audit. You and your habits are marketable data, being able to get that for free AND make you pay for it ... And you don't even get a (fire)wall out of it.
But seriously. You shouldn't trust ANY device that gets hooked to the internet. Even and especially when it is from a "reputable" hardware manufacturer. All that means is that they're more likely to be longer in business to siphon your data.
HP (Score:2)
>> NSA approved vendors.
Like HP ?
HAHAHAHAHAHAHA
Backdoors included.
Think twice about buying internet-connected device (Score:3)
Re: (Score:2)
Fixed the summary for you. Even if you can get an internet-connected device that doesn't tout spying as a feature, the supply chain is full of counterfeits and tampered items.
There is one key benefit. With counterfeits and tampered items it is likely they may have broken the spying features.
On the other side... (Score:2, Offtopic)
Re: (Score:2)
Good Advice but No DATA !!! (Score:3)
Re: (Score:2)
You should be worried about at least 3 things: 1) Intel Management Engine that could be present in some Intel-based books, 2) Something inside a BIOS, for instance a theft prevention mark that is automatically recognized by Windows (Have forgotten the exact name). I have such a Thinkpad and just don't care since I don't use Windows and have a proof of purchase, 3) BIOS password which in Thinkpads is NOT erased by CMOS battery removal.
Re: (Score:1)
Fixed it for you (Score:2)
Wrong privacy violation (Score:2)
Re: (Score:2)
It should be not too difficult to use any cellular modem or modem module and a simple microcontroller that issues the AT-commands to the modem. As a bonus, you should be able to obtain some status info in order to detect the stingrays.
You cannot trust even the open OS. You cannot trust ANYTHING that could be changed without a hardware programmer, but the ability to load some commercial programs is the thing that makes a piece of hardware a smartphone. Either you retain this ability or you should rewrite all
Or newegg? (Score:4, Interesting)
All fluff (Score:1)
So many devices no matter where you buy them have 'security flaws' and be at risk to expose sensitive data or spy etc etc.
This sounds more like "Oh god, instead of us buying it from China for 10$ then selling it in north america for 110$, people are directly buying it for 10$" Ah noooo what do we do!
Just sounds like a campaign to try to convince people to pay higher prices.
Let me fix that headline for you: (Score:3)
Check sources (Score:1)
-o- (Score:1)
T