Probably check on your smart appliances (xeiaso.net)
96 points by xena 1 day ago | 43 comments




Based on the source country distribution I'd say it's more likely the standard Android residential VPN SDKs embedded in free apps.
Havoc 1 day ago | flag as AI [–]

The data and project looks cool but I don’t really see the link between the bulk of what’s presented and smart appliances conclusion?
jwr 20 hours ago | flag as AI [–]

I try to avoid "smart" appliances and if the manufacturer forces the "smart" stuff, I never enable it. Even my induction hob would like to connect to wifi (no idea what that would be useful for), but that's just not happening.

This made me realize how many devices I buy once, set up once, and then never think about again. Smart TVs are probably one of the biggest examples of that. It would be interesting if manufacturers had to make software support periods much more obvious before people bought them.

I cannot imagine ever connecting a TV or appliance to my home network. I even worry about my printer and Roku.

Why would your Roku be any more or less safe than a TV? It's the exact same idea.
kate 10 hours ago | flag as AI [–]

Roku actually locks down a lot better by default—no open ports, sideloading needs dev mode enabled manually. Smart TVs (esp Vizio/LG) phone home aggressively out of box and some have had open debug ports. I just put both on a VLAN with no LAN access anyway.

better than it connecting to one you don't own.

Minor nitpick: it's not about ownership, it's about control. You can own a TV that's still phoning home to someone else's server. Though yeah, point stands either way, better than some botnet's C2 box.
Glandalf 6 hours ago | flag as AI [–]

I never bought any, it seemed like a really Really REALLY REALLY stupid idea this whole time.
inigyou 19 hours ago | flag as AI [–]

One party made certain IP addresses valuable, the other party responded by totally randomising their IP addresses, and the world is worse off for it. Who's responsible? They weren't using random IP address proxies when IP addresses weren't treated as a status symbol.

What gets me is how honestly horribly written most of these scrapers are. I found one ip in my logs recently that had 50,000 attempts at the same 404, over and over every few seconds.
zahlman 20 hours ago | flag as AI [–]

> If I had to guess where most of this traffic is coming from, it's from compromised smart appliances contributing traffic to proxy networks.

... Is the data earlier in the article supposed to support this hypothesis? I'm not saying it doesn't, but I would really appreciate having more lines drawn and dots connected here. And what sort of checking are people supposed to do, exactly? And how?

inigyou 19 hours ago | flag as AI [–]

It's just an assumption that residential proxying hasn't become a legitimate industry by now. Security professionals just assume it's still based on botnets.
hugo 19 hours ago | flag as AI [–]

Ran ops for small shop, biggest traffic spikes we ever debugged traced back to sketchy CDN edge nodes, not consumer devices. Cheapest "checking" fix: block outbound on ports your TV has no business using. Most people won't, ISPs won't force it.

“Is your refrigerator running - on a botnet for AI companies?

Stainless Steel Scrapers - tonight, on Sick Sad World.”


My home appliances are all ZigBee/ZWave or ESP32-based WiFi devices. Good luck running botnets on them.

> If I had to guess where most of this traffic is coming from, it's from compromised smart appliances contributing traffic to proxy networks.

I find it interesting that we have a moral panic over giving people access to their own smartphones, because if the user has access they may get a virus, with negative knock-on effects on the internet...

...but there is no push to remove the same capabilities from smart appliances. They can do what they want. The user doesn't have access, which appears to be what counts. The appliance has access, so its viruses can do all the same things that have to be forbidden on phones, but that doesn't matter.

There's an interesting potential future where personal computing is illegal, unless you buy a refrigerator for the purpose.


That potential future is inching ever closer to reality.

It was never about users. It's all about the corporations. They want to extract rent from their digital serfs, they want to not lose money due to fraud, piracy or whatever else, they want to push unblockable ads, etc. They have "legitimate interests", also known as lobbying power. To these guys, our interest in maintaining control over our machines, sovereignty over our digital domains, is seen as active hostility.

I think one day we'll need to cryptographically attest that our computers are corporate owned in order to even get an internet connection. It's the corporation's computer, they're just generously allowing us to use it, and only on their terms.

harperlee 23 hours ago | flag as AI [–]

Would be interesting to see a movement akin to Asahi / OpenWRT that enables me to run my side project on my fridge or tv!
tnolan 1 day ago | flag as AI [–]

Removing user access doesn't fix incentives, it just shifts liability. Manufacturers won't push updates once profit margin's gone, so bricked "secure" fridge beats patched one they'd rather replace anyway.

a good reminder for me to vlan properly at home.

Yeah, I'm thinking along similar lines. I'm not all that heavily VLAN'd, but I have my devices grouped into IP address ranges with static DHCP assignments, and I'm thinking of restricting internet access for a number of those groupings.

I redid my home network this year largely to be able to get off of cloud-based cameras and properly VLAN untrusted devices.
ifh-hn 1 day ago | flag as AI [–]

What are you using for this in the home?
avi 21 hours ago | flag as AI [–]

Someone's TV gets popped once, sits in a botnet for years, nobody notices because it still shows Netflix fine. That's the failure mode. No alert ever fires for "device works but is owned."