Think Twice About Buying Internet-connected Devices Off Ebay (qz.com) 40
If you're thinking about buying gadgets from auction sites such as Ebay, you will want to consider the potential risks. From a report: When you're buying from a third-party seller, it's a lot more difficult to tell where products have come from, whether you're getting exactly what you think you're getting, and if anything has been done to the product since it was manufactured. "It is possible for internet-connected devices to be tampered with and resold on the web," Leigh-Anne Galloway, lead cybersecurity resilience analyst at the cybersecurity firm Positive Technologies, told Quartz. "It's similar to buying a secondhand cellphone without it being restored to factory settings." In fact, buying a second hand gadget can potentially expose the user to some pretty extreme scenarios. "Cameras and IoT devices can contain spyware and malware, which can cause a plethora of problems for the user," Galloway added. "These devices could possibly listen to you, watch your every step, communicate with and attack other devices connected to the same local network, such as PCs, laptops, and TVs." Galloway said devices could also be used to perform botnet attacks -- where an unsecured internet-connected device is accessed by another computer and used along with other breached devices to take down websites or internet services, as what happened with the Mirai botnet attack in 2016.
I would argue it's not just Ebay
It's all devices. Hell, most of them are designed to spy on the users. Do you trust anything coming from China?
The sad fact is you've already agreed to be spied on when you agree to use almost any Internet connected device. There's really nothing that changes with this article.
>Do you trust anything coming from China?
>Do you trust anything coming from China?
Yes. The Chinese have no interest in spying on the average consumer in the West. If I held a security-sensitive position in government, I'd be more concerned, but I don't so I'm not.
And ultimately if I buy a domestic product I have to be concerned about domestic spying, which is more likely to directly affect me.
Re: (Score:3)
Every corporation has an interest in spying on everyone, all the time. Data is money.
Re: (Score:2)
Let's ignore the traditional image of foreign agents conducting espionage and think more about what could be gained by operating a beachhead device inside a random US home.
1. Botnet participant can be used for DDOS attacks on government and corporate entities.
2. Automated network snooping can exploit vulnerabilities to compromise network routers
3. With network router compromised, MITM attacks can inject malware and gather rem
Re: (Score:2)
Wonder if you could pull off TEMPEST in a consumer electronics-sized device. That would lead to some seriously concerning possibilities.
Re: (Score:2)
However, these risks (from my perspective, not the state's) remain the same regardless of where the device is manufactured.
Do I care whether it's USA or China that has the original back door on my device? If I trusted one more than the other not to compromise my device at the factory, I'd preferentially buy from them. I trust neither.
As Nietzsche once said (Score:4, Insightful)
When you gaze long into an abyss, the abyss also gazes into you.
So, when you buy that spycam, be informed that it might also be spying on you.
Ha, haa, I am safe. (Score:3)
Any trust in eBay for last 10 years? (Score:2)
Has anyone really trusted eBay in the last 10 years, electronic device or not?
Shouldn't it be four? (Score:2)
You should think twice before buying any internet connected device, and twice again before buying anything of Alleybobo. By my reckoning that's four times - at least.
So what, are we new or something? (Score:2)
Show of hands, who here doesn't immediately reflash everything with updatable firmware? Usually there's an update anyway, by the time you get it in your hot little hands.
Why single out EBay? (Score:2)
ANYTHING you buy that connects to the internet should first and foremost go through a thorough audit. You and your habits are marketable data, being able to get that for free AND make you pay for it
... And you don't even get a (fire)wall out of it.
But seriously. You shouldn't trust ANY device that gets hooked to the internet. Even and especially when it is from a "reputable" hardware manufacturer. All that means is that they're more likely to be longer in business to siphon your data.
Think twice about buying internet-connected device (Score:2)
