[ale] Stupid smart phone

Jim Kinney jim.kinney at gmail.com
Mon Dec 13 17:11:30 EST 2021


If they did it right, it's a self signed cert and it's the ONLY cert they recognize. You would have run a packet drop attack to regenerate the cert handshake. 

On December 13, 2021 1:38:14 PM EST, Alex Carver <agcarver+ale at acarver.net> wrote:
>You'd think so but it uses TLS so I can't see inside the packets easily
>
>(wow, an appliance manufacturer thought to use security, too bad it was
>
>to hide what they were doing).
>
>If I was able to gain access to the OS I could probably do a lot more 
>detective work.  From my initial outside sniffing it looks like it
>tries 
>to grab a token which I would surmise is used to identify itself in 
>further exchanges.
>
>I'll have to read up more on setting up a MITM proxy that can decode 
>TLS.  I've got a laptop with Linux, I'd just need a USB Ethernet
>adapter 
>  so I could have two interfaces that I could drop in line with the TV 
>and listen in.
>
>On 2021-12-13 05:16, Jim Kinney wrote:
>> Heh, heh. It would be way fun to proxy the phone home data stream and
>manipulate it in fun and random ways.
>> 
>> On December 12, 2021 6:49:01 PM EST, Alex Carver
><agcarver+ale at acarver.net> wrote:
>>> I haven't gone poking around too much but I do know there are some
>open
>>>
>>> ports according to a couple quick scans.  Maybe during vacation I'll
>>> poke around with it, possibly toss Kali against it.
>>>
>>> If that were the case and I got in then I could at least turn off
>some
>>> of the phone-home stuff.  I won't let it on the network directly
>>> because
>>> of that so I can't use the casting features.
>>>
>>> On 2021-12-12 05:20, Jim Kinney wrote:
>>>> But, but, but, it was only done that way to provide the the best
>>> possible user experience </snark>
>>>>
>>>> If they have hard coded network addresses, I'll bet they also have
>>> hard coded root/admin passwords. Might even have an open port. That
>>> would be sad. <sniff><sniff>
>>>>
>>>> On December 12, 2021 4:37:34 AM EST, Alex Carver via Ale
>>> <ale at ale.org> wrote:
>>>>> Oh they're very clever about it, too.  Despite DHCP giving it DNS
>>>>> servers that I control and despite the manual network
>configuration
>>>>> exposing only two DNS server entries it actually has Google's DNS
>>>>> servers hardcoded as a third server.  So if I tried to blacklist
>>>>> anything at my own DNS server, it would get around that by
>querying
>>>>> Google directly.
>>>>>
>>>>> I spotted that when I first got the TV and put a sniffer on it
>>> before I
>>>>>
>>>>> let it out into the wild.  It was querying 8.8.8.8 and 8.8.4.4
>even
>>>>> though I had manually configured it for my local DNS. When I let
>the
>>>>> sniffer pass the DNS queries through it still used Google servers
>to
>>>>> handle Vizio lookups to the mothership.  Evidently the user
>>> configured
>>>>> DNS is only for the extra applications like Netflix, Hulu, etc.
>>> while
>>>>> the core spyware uses only Google for DNS.
>>>>>
>>>>> On 2021-12-11 22:42, Bob Toxen wrote:
>>>>>> GOOD FOR YOU to block it from spying on you and tattling!
>>>>>>
>>>>>> Bob
>>>>>>
>>>>>> On Sat, Dec 11, 2021 at 10:44:30AM -0800, Alex Carver via Ale
>>> wrote:
>>>>>>> I've got a two year old Vizio that has RCA L/R audio outputs on
>>> the
>>>>> back.
>>>>>>>
>>>>>>> Of course the TV does *NOT* have a built-in battery-backed RTC.
>>> It
>>>>> wants to
>>>>>>> set its time every time you hit the power button via NTP and
>>> there's
>>>>> no
>>>>>>> manual way to set the time either.  So the firewall rewrites its
>>> NTP
>>>>>>> requests to point to my internal NTP server and blocks all other
>>>>> traffic so
>>>>>>> it can't call home like every other TV does.
>>>>>>>
>>>>>>> On 2021-12-11 02:19, Steve Litt via Ale wrote:
>>>>>>>> Jim Kinney via Ale said on Fri, 10 Dec 2021 18:22:04 -0500
>>>>>>>>
>>>>>>>>> Other days it's more like the vcr clock always
>>>>>>>>> blinking "12:00" for lack of a $0.10 rc circuit to keep the
>>> clock
>>>>>>>>> alive during a power blink.
>>>>>>>>
>>>>>>>> Speaking of for lack of, how many have noticed that
>oh-so-modern
>>>>> TVs
>>>>>>>> no longer have headphone jacks. You remember headphone jacks
>---
>>>>> you
>>>>>>>> just patch the headphone jack to the line-in of any amplifier
>and
>>>>> bang,
>>>>>>>> you've got sound, and the sound is controllable by your TVs
>>> volume
>>>>>>>> control.
>>>>>>>>
>>>>>>>> But noooooo. That's just soooo *legacy*. Instead of a 30 cent
>>>>>>>> headphone jack, my Samsung TV has one of those silly "toslink"
>>>>> infrared
>>>>>>>> fiberoptics. So you have to buy a fiberoptic cable for about
>>>>> $15.00,
>>>>>>>> and then a $40 fiberoptic to line level converter, from which I
>>> can
>>>>> use
>>>>>>>> patch cords to go into my amp's line in. Because I don't have a
>>>>> $500.00
>>>>>>>> "home theater" system --- but rather have a $30.00 20 watt amp
>>>>> that's
>>>>>>>> tiny and works just great for TV sound.
>>>>>>>>
>>>>>>>> Well, after trying for days to get the toslink plus adapter to
>>>>> work, I
>>>>>>>> read that many Samsungs just don't work with those adapters.
>For
>>>>> lack
>>>>>>>> of a 30 cent headphone jack. Oh, and of course, the Samsung's
>>>>> built-in
>>>>>>>> speakers are guaranteed to be indecipherable, with various
>>>>> oscillations
>>>>>>>> at frequencies guaranteed to obscure speech.
>>>>>>>>
>>>>>>>> A couple weeks ago we went out and bought about the cheapest TV
>>> on
>>>>> the
>>>>>>>> market. Picture's not all that great but it had what we really
>>>>> wanted,
>>>>>>>> a headphone jack. Now we hear great sound that we can raise and
>>>>> lower
>>>>>>>> with the TV remote. Life is good.
>>>>>>>>
>>>>>>>> SteveT
>>>>>>>>
>>>>>>>> Steve Litt
>>>>>>>> Spring 2021 featured book: Troubleshooting Techniques of the
>>>>> Successful
>>>>>>>> Technologist http://www.troubleshooters.com/techniques
>>>>>>>> _______________________________________________
>>>>>>>> Ale mailing list
>>>>>>>> Ale at ale.org
>>>>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>>>> http://mail.ale.org/mailman/listinfo
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Ale mailing list
>>>>>>> Ale at ale.org
>>>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>>> http://mail.ale.org/mailman/listinfo
>>>>>
>>>>> _______________________________________________
>>>>> Ale mailing list
>>>>> Ale at ale.org
>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/listinfo
>>>>
>> 

-- 
Computers amplify human error
Super computers are really cool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20211213/fb6c9e19/attachment.htm>


More information about the Ale mailing list