Slashdot Mirror
Think Twice About Buying Internet-connected Devices Off Ebay (qz.com)
If you're thinking about buying gadgets from auction sites such as Ebay, you will want to consider the potential risks. From a report: When you're buying from a third-party seller, it's a lot more difficult to tell where products have come from, whether you're getting exactly what you think you're getting, and if anything has been done to the product since it was manufactured. "It is possible for internet-connected devices to be tampered with and resold on the web," Leigh-Anne Galloway, lead cybersecurity resilience analyst at the cybersecurity firm Positive Technologies, told Quartz. "It's similar to buying a secondhand cellphone without it being restored to factory settings." In fact, buying a second hand gadget can potentially expose the user to some pretty extreme scenarios. "Cameras and IoT devices can contain spyware and malware, which can cause a plethora of problems for the user," Galloway added. "These devices could possibly listen to you, watch your every step, communicate with and attack other devices connected to the same local network, such as PCs, laptops, and TVs." Galloway said devices could also be used to perform botnet attacks -- where an unsecured internet-connected device is accessed by another computer and used along with other breached devices to take down websites or internet services, as what happened with the Mirai botnet attack in 2016.
It's all devices. Hell, most of them are designed to spy on the users. Do you trust anything coming from China?
The sad fact is you've already agreed to be spied on when you agree to use almost any Internet connected device. There's really nothing that changes with this article.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Simon fed his dog each day
But it would grow no bigger
So he took it to the market
And swapped it for a N...............ewt
When you gaze long into an abyss, the abyss also gazes into you.
So, when you buy that spycam, be informed that it might also be spying on you.
Chat with other atheists http://secularchat.org
Smells like a "Kodi box" propaganda bit.
I always buy in Alibaba, some Russian named seller in a Bulgarian store fulfills my Alibaba order that gets shipped straight from China.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Has anyone really trusted eBay in the last 10 years, electronic device or not?
You should think twice before buying any internet connected device, and twice again before buying anything of Alleybobo. By my reckoning that's four times - at least.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Show of hands, who here doesn't immediately reflash everything with updatable firmware? Usually there's an update anyway, by the time you get it in your hot little hands.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If any dumbass here buys a used computer without wiping and putting Linux, well then, they get what's coming to them...
ANYTHING you buy that connects to the internet should first and foremost go through a thorough audit. You and your habits are marketable data, being able to get that for free AND make you pay for it ... And you don't even get a (fire)wall out of it.
But seriously. You shouldn't trust ANY device that gets hooked to the internet. Even and especially when it is from a "reputable" hardware manufacturer. All that means is that they're more likely to be longer in business to siphon your data.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
With this level of hacking, not even APK's hosts files will help you. You're better off buying your internet devices from NSA approved vendors.
ZIP
no shit!
Fixed the summary for you. Even if you can get an internet-connected device that doesn't tout spying as a feature, the supply chain is full of counterfeits and tampered items.
...IoT devices you buy at Amazon, Walmart and similar places is 100% safe, NSA approved.
When shopping on eBay always check the seller's location the item will ship from. Shanghai is obvious not to buy from but you will also find countless Chinese resellers shipping from Los Angeles, CA since that's where most cargo ships coming from China dump their garbage wares at. It's best to shop from redneck states where Chinese people don't like to live due to lack of ivy-league colleges to put their kids through.
"Think Twice About Buying Internet-connected Devices Off Ebay"
You had me at "devices".
Trouble is, said redneck states don't have the nouse to make any sort of electronic device ... they will just import them from .. China
The warning and the advice is good, but Leigh-Anne Galloway (and the article author) provides no data if that is happening or not. It would be interesting to know that from 10 devices bought X came with modified firmware with spyware. But no data is provided.
If indeed this is an issue than lets buy a few hundred random devices on ebay and examine them. These kinds of date free speculations are meaningless.
When these devices are built to spy on you directly by the manufacturer.
Think twice about buying from eBay, but you can trust the smart TV with the built in HD webcam you bought from Walmart for that suspiciously low price, citizen.
Would you say you have a plethora of problems?
If I can't flash an Open Source firmware, I'm not interested. It's the first thing I look for when I'm shopping: Is there third party firmware for the thing I'm interested in and how much does it rely on proprietary binary blobs? If there isn't LEDE/OpenWRT firmware for router-like devices or Lineage/Cyanogenmod for mobile phones, I don't buy the device. As far as I am concerned, hardware developers can just stop making firmware, if they provide enough resources and information to Open Source projects.
If I buy a Thinkpad x200 off ebay should I be worried?
I find buying used (nontrivial) electronics (and using other people's electronics) icky. It's the cybersecurity equivalent of donning a piece of underwear that was found at the roadside. One could argue "nothing a good round of disinfection won't fix", but that gets a lot more complicated than "wash hot".
Think Twice About Buying Anything Off Ebay
"It's similar to buying a secondhand cellphone without it being restored to factory settings". Well, if that happens, it's not MY data that is at risk, but the data of the previous owner. I can easily reset it to factory defaults, and maybe flash the firmware.
I was looking at a cheap Mini PC, labeled an "industrial PC" on newegg, from a Chinese seller, obviously, and the one review said the version of windows pre-installed was pirated, and there was software installed that simulated the license authentication, but as soon as you installed anti-virus it would detect that software and quarantine it, and then your windows copy realizes it's a pirated copy. Caveat emptor.
"I have never let my schooling interfere with my education." - Mark Twain
So many devices no matter where you buy them have 'security flaws' and be at risk to expose sensitive data or spy etc etc.
This sounds more like "Oh god, instead of us buying it from China for 10$ then selling it in north america for 110$, people are directly buying it for 10$" Ah noooo what do we do!
Just sounds like a campaign to try to convince people to pay higher prices.
Uplink Hosting - Web/email at an affordable price with high performance - https://uplinkhosting.ca/link.php?id=3
Why single out Ebay in the article? I guess it's good old clickbait sensationalism.
You can get exactly the same shit in a multitude of places online and in bricks and mortar stores.
Oh and add in some good old fashioned xenophobia too.. "the chinese are spying on you.. think of the children"
Just go back thru the last year of Slashdot, how many western products were caught spying on their customers ?
Laptops that "accidentally" installed a keylogger, kids toys that reported back to unprotected servers etc, sex toys that send back 'telemetry' etc. The list goes on and on and on.
This joke of an article tries to hype up the dangers of products spying on you, then goes on to recommend a fucking Amazon Echo FFS.
Fucking shitty "journalism" at its best.
Some years ago, the tech industry convinced people that even the last idiot could be a computer specialist. Nowadays every Joe Sixpack believes to be a computer guru just because he can click somewhere and something happens. And if he can spell "registry" or "Ubuntu" he might even be a computer engineer. If something goes wrong - someone else is to blame. This spirit of trying to dumb everything down to make it more "user friendly" is what gave us systemd, uPnP and other crap. But here's the thing: If you don't want to get bothered with the technology you are using - buy from a company that takes care of you. People just shouldn't install stuff that is meant to be used by grown-ups only.
This having been said - I installed a great number of cheap Chinese IoT devices. A wireless "smart" plug for about $10 ? I can't build one cheaper myself. Most are ESP8266 based - so you can flash it with whatever your heart desires. Put them all in insulated network groups and you're going to be ok.
More here: http://blog.michaelamerz.com/
"Think twice about buying ANY Internet-connected devices, from ANYWHERE"
Think three times about SlashDot articles being factual.
>Do you trust anything coming from USA ?
Hell No.
aaaaaaa
It's similar to buying a secondhand cellphone without it being restored to factory settings
I recently noticed that on a relatives Nokia phone, apparently it had been sold on ebay and the seller had left all his mail accounts synced up, including auction details
>> NSA approved vendors.
Like HP ?
HAHAHAHAHAHAHA
Backdoors included.
aaaaaaa
Every IT professional knows it is not possible for an Android App to communicate with and attack other devices connected to the same local WiFi network. Android phones purchased from eBay are completely safe. *
Fixed the summary for you. Even if you can get an internet-connected device that doesn't tout spying as a feature, the supply chain is full of counterfeits and tampered items.
There is one key benefit. With counterfeits and tampered items it is likely they may have broken the spying features.
Some group/person acquires an electronic device, modifies it individually to spy or do something unwanted, and then sells it online. Unless this device is crazy popular and people are fighting to get it, this won't work out well. Considering the unpredictable demographics of people buying a used device, how these people will use it, and how many devices the scammers can even sell in a reasonable amount of time, this method of scamming is going to be really work-intensive and inefficient. Yes this is possible, but it's probably not worth the effort. Much easier and better scams out there.
There are reputable sellers from US companies like trade in companies and phone insurance companies that refurbish and resell devices on e-bay vs whole sale . An unknown seller might tamper with a device but iPhones harder for spyware. Non authentic parts such as knock off cheaper battery could also be a concern. Apple CPO = Certified PreVious Owned which are supposed to be from certified Apple supply chain partners. Buying from Apple or Carriers while might be more expensive lower risk of unauthorized parts or spyware / malware.
My ROKU remote app would disagree with you but it's too busy watching Netflix.
You can have an advantage to knowing a device certainly was compromised: meaning you cannot fully be aware of its anecdotal evidence trail, or its usage, or its implications. As long as the compromised device fulfills the need you can honestly state "no, beyond that use, I don't know what you are talking about"
Its a little similar to "grandpa was the bittorrent culprit" but it removes the onus of owner as operator (which is good),
Thanks for the warning. It *is* quite concerning that someone other than Google/Facebook/Apple/Amazon/NSA/<otherGiantCorp> might be listening. Quite concerning indeed. One would never know what *those* unscrupulous actors might do with one's data.
Requiem for the American Dream