MacInTouch Amazon link...

Internet of Things (IoT) security issues

Channels
Security, Products, News

Ric Ford

MacInTouch
Yet another surprising security problem with Internet of Things ("IoT") devices, Xiaomi in this case, also from China:
The Verge said:
Google disables Xiaomi access after a Nest Hub shows strangers’ images via Xiaomi camera
Google has disabled Xiaomi devices’ access to its Nest Hub and Assistant after a camera owner reported seeing unfamiliar still images apparently from other cameras, Google confirmed to The Verge. The issue was first reported by Android Police.

“We’re aware of the issue and are in contact with Xiaomi to work on a fix,” a Google spokesperson said in a statement. “In the meantime, we’re disabling Xiaomi integrations on our devices.”
Ars Technica said:
“Cache issue” causes Xiaomi cameras to show other people’s camera feeds
Chinese electronics maker Xiaomi has shut down the Google Home Hub integration of its security cameras after a cache issue caused some of Xiaomi's camera streams to go to the wrong people. The bug was first reported by Reddit user Dio-V, with a post titled "When I load the Xiaomi camera in my Google home hub I get stills from other people's homes!!"
 


I'm calling out to the MacInTouch community for new suggestions regarding firewall appliances. I am looking for a basic device that I can add between my AirPort Extreme and our ISP's gateway router. I need only a firewall that I can control from the LAN, no wireless, and one that doesn't add the complexities of routers behind routers.

The goal is to prevent apps and devices inside our home network from making unwanted connections to the outside. I don't have the skills to build something like the Rasberry Pi. Any suggestions are appreciated. Our AirPort Extreme has been very reliable but does not offer the firewall setup interface I need.
 


I'm calling out to the MacInTouch community for new suggestions regarding firewall appliances....
Instead of a hardware device, I recommend DNSFilter.com. Their service allows you to easily manage outgoing connections, and they use AI to constantly update their database of known threats — inexpensive monthly or annual subscription options. An added bonus is that their service allows for protection of roaming clients. Thus, you can be in any location with a computer, tablet, or phone and still benefit from their protection.
 


Ric Ford

MacInTouch
Here's more trouble with Ring privacy/security:
And still more security/privacy problems with Ring...
Vice said:
Ring Fired Employees for Watching Customer Videos
Amazon-owned home security camera company Ring has fired employees for improperly accessing Ring users' video data, according to a letter the company wrote to Senators and obtained by Motherboard.

The news highlights a risk across many different tech companies: employees may abuse access granted as part of their jobs to look at customer data or information. In Ring's case this data can be particularly sensitive though, as customers often put the cameras inside their home.
 


Ric Ford

MacInTouch
And still more security/privacy problems with Ring...
And the Ring privacy issues just keep coming...
BleepingComputer said:
Ring Android App Sent Sensitive User Data to 3rd Party Trackers
Amazon's Ring doorbell app for Android is sending to third-party trackers information that can be used to identify customers, research from the Electronic Frontier Foundation (EFF) has found.

Four analytics and marketing companies receive customer data that includes names, IP addresses, mobile network carriers, unique identifiers, and info from sensors on the Android device.
 


And the Ring privacy issues just keep coming...
This is something that concerns me. I don't have a Facebook account, but with all the third-party trackers sending data to it, Facebook more than likely has a lot of data about me, and since I have no account, I cannot opt-out or easily request they delete the data. I'm hoping this privacy concern is addressed, but likely that horse is already out of the barn.
 


I use Pihole for DNS in my home LAN as well as via Wireguard VPN when away from home. I've got a regex block configured for anything Facebook that blocks hundreds of Facebook exfiltration attempts every day. None of our local users have ever used Facebook, so Rodney is right to be concerned, in my opinion. I cannot say enough good things about Pihole; our setup involves two Raspberry Pi devices and a VM for the VPN. Total cost of the two Raspberry Pi installs was around $50 and was easy to do for a non-geek using available step by step recipes.
 


This is something that concerns me. I don't have a Facebook account, but with all the third-party trackers sending data to it, Facebook more than likely has a lot of data about me, and since I have no account, I cannot opt-out or easily request they delete the data. I'm hoping this privacy concern is addressed, but likely that horse is already out of the barn.
Personally, I only use browsers that allow URL filtering (Firefox on macOS and iCab Mobile on iOS), and I have filters that prevent loading of content from Facebook. This also saves on page load time.
 


Ric Ford

MacInTouch
And the Ring privacy issues just keep coming...
Ring privacy/security issues have gotten so bad, they're apparently responding with some changes:
Ars Technica said:
Amazon Ring now lets users opt out of receiving police video requests
Amazon's Ring line of cloud-connected home surveillance equipment has for several months faced steep criticism not only for its nearly 900 "partnerships" with law enforcement agencies but also for lax account protections that put users' privacy at risk. Now, the company is hoping to assuage concerns from civil rights advocates, privacy advocates, lawmakers, and some users with a slate of updates.

Ring a few days ago began pushing an update to all users that creates a new "control center" in the Ring app. The control center adds several account and camera privacy settings to Ring and brings them all together into one area. ...
 


Ric Ford

MacInTouch
Confirming the dangers of IoT devices, here's how to take control of a network to inject malware via "smart" lightbulbs...
Check Point Software said:
The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb
... Continuing from where the previous research left off, Check Point’s researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities. Our researchers focused on the market-leading Philips Hue smart bulbs and bridge, and found vulnerabilities (CVE-2020-6007) that enabled them to infiltrate networks using a remote exploit in the ZigBee low-power wireless protocol that is used to control a wide range of IoT devices.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts