Think Twice About Buying Internet-connected Devices Off Ebay

If you're thinking about buying gadgets from auction sites such as Ebay, you will want to consider the potential risks. From a report: When you're buying from a third-party seller, it's a lot more difficult to tell where products have come from, whether you're getting exactly what you think you're getting, and if anything has been done to the product since it was manufactured. "It is possible for internet-connected devices to be tampered with and resold on the web," Leigh-Anne Galloway, lead cybersecurity resilience analyst at the cybersecurity firm Positive Technologies, told Quartz. "It's similar to buying a secondhand cellphone without it being restored to factory settings." In fact, buying a second hand gadget can potentially expose the user to some pretty extreme scenarios. "Cameras and IoT devices can contain spyware and malware, which can cause a plethora of problems for the user," Galloway added. "These devices could possibly listen to you, watch your every step, communicate with and attack other devices connected to the same local network, such as PCs, laptops, and TVs." Galloway said devices could also be used to perform botnet attacks -- where an unsecured internet-connected device is accessed by another computer and used along with other breached devices to take down websites or internet services, as what happened with the Mirai botnet attack in 2016.

Re:I would argue it's not just Ebay

[SethJohnson]

The Chinese have no interest in spying on the average consumer in the West.

Let's ignore the traditional image of foreign agents conducting espionage and think more about what could be gained by operating a beachhead device inside a random US home.

1. Botnet participant can be used for DDOS attacks on government and corporate entities.

2. Automated network snooping can exploit vulnerabilities to compromise network routers

3. With network router compromised, MITM attacks can inject malware and gather remote credentials to other services. This can grow the botnet population and compromise additional devices on remote networks. MITM attack enables automated identity theft to erode American economic stability.

The identity theft part highlights the probability that these trojan devices can very well be controlled by criminal elements rather than state actors. Cryptoviruses and blackmail can be implemented thanks to such compromised IOT devices.

Or newegg?

[RobinH]

I was looking at a cheap Mini PC, labeled an "industrial PC" on newegg, from a Chinese seller, obviously, and the one review said the version of windows pre-installed was pirated, and there was software installed that simulated the license authentication, but as soon as you installed anti-virus it would detect that software and quarantine it, and then your windows copy realizes it's a pirated copy. Caveat emptor.