this post was submitted on 20 Feb 2024
39 points (77.5% liked)
Privacy
32159 readers
323 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, that is exactly what I'm saying as that's what it sounds like.
If you can buy a new amazon device and have it connect to all your stuff without your input; what stops someone else buying an amazon device and connecting to your network with it?
Obviously I'm not worried about the device I actually receive; I'm concerned that someone can buy their own device and use it to connect to other people's networks via existing amazon devices.
My dude, if someone is able to just walk up to your house with a random device and hang out long enough to establish a wifi connection and pull out any sort of useful data you have WAY BIGGER PROBLEMS than someone potentially using your Amazon account to order dildos.
First of all, they have to already know you have that device.
Then they have to physically get close enough to it for a connection to be made.
THEN they have to hang around long enough for any sort of updates and shit to happen.
THEN THEN they have to try and figure out how to get any useful data from this connection, which is likely an extremely limited one unless they've already established how to pivot out of the device and into something else in which case they probably would have just done that through your original device anyway.
THEN THEN THEN they have to find a way to remove said useful information to a device that can actually store it.
All while standing next to your front door holding their dick.
It would be FAR easier to just leave a random USB stick on your porch and wait for your dumb ass to forget it isn't yours.
Or, even easier than that, just goddamn buy your information on the open market. They already have your address. It's not like you can't be found.
Have I illustrated quite yet why these low percentage attacks are the realm of movies?
Ie: any amazon smart device; which are becoming increasingly popular and found in many homes globally.
Also, I'm not taking about someone targeting me, you, or anyone specifically. I'm talking about someone wandering around looking for homes that happen to have a vulnerable device and seeing where they can get from there.
Really not hard to find.
Trivial when you consider not everyone lives in a single-family home with significant yardspace around it. Apartments exist, so do smaller multi-family dwellings.
The useful info here being your WIFI password (the info this connection is intended to spread) allowing an attacker to piviot to the rest of your network.
This would be where I've repeatedly talked about an attacker being able to purchase an amazon device, jailbreak it, and use it to connect to your network
They can buy a device from Amazon then have all the time in the world to figure out a method of retrieving data from it. Once a method is worked out, they then deploy it against unsuspecting victims. (ie any random home they can get near and find an amazon device thats broadcasting looking for new devices)
I completely agree which is why I'm not happy with Amazon providing a hole to achieve exactly that.
Can't this all be prevented by the already connected devices checking if the new device matches a newly purchased, not yet set up device in your purchase history? Really slim chance someone eavesdrops on its id and retransmits fast enough to hijack the setup
Possibly.
A) has amazon actually implemented such a system?
B) do you trust it's functioning correctly? Both now and for the foreseeable future.(would/could you even know if it wasn't?)
Side note: does this feature work with factory reset and/or re-sold devices?
I don't see why they wouldn't. No way to verify I guess but it's really hard to think Amazon wouldn't come up with a system equivalent or better than what I did while reading this thread.
I imagine it'd be a one time convenience thing, or maybe you could open amazon and click 'set up this device again' or something and it reactivates
Oh, by the way, the person with the device has to have received one that wasn't already tied to THEIR account in any way. You know, like by the automated system that sends these things out reading a barcode on the side of the box that associates device IDs with a particular account. Not sure about anything else but this was the case a decade ago when I bought my first Kindle. I'd imagine it's a bit more sophisticated now.
Go hang around a random apartment complex with wifi sniffing boxes and see how long it is before someone tackles you.
Honey, if you think a wifi password is needed to pivot to a network then you don't know what the word pivot means. At that point you're fucking BREACHED, BITCH. There's no pivoting, only ownership.
Ah yes, just jailbreak the Amazon device with phantom software that somehow has completely different checksums but still... has the same checksums.
All of this just illustrates you're an ignorant-ass that doesn't know how any of this works, wringing your hands about scenarios that DO NOT EXIST IN THE REAL WORLD.
If I absolutely need to get into your network I'm not fucking around with a fucking rooted Amazon FireTV I'm just going to CRACK YOUR FUCKING WIFI PASSWORD DIRECTLY.
Apparently I have all day every day to fuck around so why do I give a shit about it taking a week or two?
More likely, I'll walk up to your door with my phone in my hand and go "Hey, I just moved into the apartment next to yours and the wifi up at the office is broken. Could I log onto yours for a moment and pay a bill real quick? I apparently don't get any damn signal here either. I just moved from a fuckin' building where I had no signal, you'd think they'd have figured it out by now!"
And almost every time this will be more than enough.
Jesus, would you like some fries to go with all that salt?
Have a good day m8.