Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Amazon turning Alexa devices into an opt-out public WiFi mesh network

imagine the MiTM attacks

"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

"A redline a day keeps depression at bay" - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 and 2 x Seagate ST2000DM006 (in RAID 0 for games!) - The good old Corsair GS700 - Yamakasi Catleap 2703 27" 1440p and ASUS VS239H-P 1080p 23" - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

 

Avid Miata autocrosser :D

Link to post
Share on other sites
7 hours ago, Oshino Shinobu said:

I can't see this being a security issue at all. 

 

This is from the same company that once had an idea to give their delivery drivers access to people's locked doors to leave parcels in a "safe place".

it's all good until you get that one evil person that ruins everything

"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

"A redline a day keeps depression at bay" - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 and 2 x Seagate ST2000DM006 (in RAID 0 for games!) - The good old Corsair GS700 - Yamakasi Catleap 2703 27" 1440p and ASUS VS239H-P 1080p 23" - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

 

Avid Miata autocrosser :D

Link to post
Share on other sites
7 hours ago, TetraSky said:

Can't wait for somebody to find some sort of vulnerability that lets them onto other people's private networks and fuck around with the IoT devices that are connected to the network (and worst).

The reverse is way more fun (from a technical standpoint, of course...). You could deploy the largest mesh network ever if you hacked every miss-configured modem/router exposed to the internet. I've suggested that line of research to my infosec/netsec professor and we laughed for minutes.

Link to post
Share on other sites

This is going to be news to some of the Comcast/Xfinity customers. But Xfinity started doing this years ago. Your Xfinity router which you pay $20-50 per month to rent is actually letting others use your network. That aside Xfinity also charges money for non-Xfinity users to use that network on a per hour basis, I think it was $5 per hour.

 

Don't buy these things, this is horrible trend.

Link to post
Share on other sites
49 minutes ago, Jet_ski said:

This is going to be news to some of the Comcast/Xfinity customers. But Xfinity started doing this years ago. Your Xfinity router which you pay $20-50 per month to rent is actually letting others use your network. That aside Xfinity also charges money for non-Xfinity users to use that network on a per hour basis, I think it was $5 per hour.

 

Don't buy these things, this is horrible trend.

From Xfinity's WiFi FAQ:

 

Quote

 

Q: Does the Home Hotspot impact my network security?

A: The Home Hotspot is designed to work on a separate network so that your home network remains entirely secure. By enabling guests to use Xfinity WiFi, you increase your network security because you won’t need to provide your private home WiFi network password to guests.

 

Q: Does the new Home Hotspot impact my Internet speeds or data usage?

A: The broadband connection to your home will be unaffected by the new feature. For your in-home WiFi network, we have provisioned the Xfinity WiFi feature to support robust usage, and therefore anticipate minimal impact to the in-home WiFi network. WiFi uses shared wireless spectrum, and as with any shared medium, there can be some impact as more devices share the network.

Also, the usage and activities of visiting users are associated with the visitors’ accounts and therefore do not impact the homeowner.

 

Q: Is there a limit to the number of devices that can connect to the Xfinity WiFi Home Hotspot at one time?

AUp to five devices can connect to the “xfinitywifi” signal simultaneously.

 

And yes, you can disable the hotspot network/feature. Though personally I prefer buying my own approved modem with my own AP. It negates the whole issue.

 

What amazon is doing is presumably tunneling mesh traffic over port 443 via SSL via something like a VPN. But again as I've stated, it's a parasitic load on your own ISP connection and will go against your bandwidth quota. How much remains to be seen, but just FYI. 

Link to post
Share on other sites

You know, I've never liked these home assistant devices, and this just gives me more of a reason to despise them.  Hard pass for me (again).

5 hours ago, Senzelian said:

Not to mention personal attacks are incredibly counterproductive.

5 hours ago, Elisis said:

- "You're ignorant. That's not a personal attack, that's stating a thing"

 

Hilarious piece of logic there

Ignorance isn't inherently a bad thing, we're all ignorant about something.  Ignorance is merely a lack of knowledge.  That's not an attack, it's barely even an insult.

 

Saying someone is ignorant is not the same as saying someone is stupid.

5 hours ago, RejZoR said:

Your wilful ignorance is what's wrong with them.

I swear, it's like people don't even understand language anymore.

Link to post
Share on other sites

So I can go around in a car and do network penetration from all the free WiFi? Sounds good to me

Awareness is key. Never enough, even in the face of futility. Speak the truth as if you may never get to say it again. This world is full of ugly. Change it they say. The only way is to reveal the ugly. To change the truth you must first acknowledge it. Never pretend it isn't there. Never bend the knee.

 

Please quote my post in your reply, so that I will be notified and can respond to it. Thanks.

Link to post
Share on other sites
5 minutes ago, huilun02 said:

So I can go around in a car and do network penetration from all the free WiFi? Sounds good to me

no because that's not how it works, it's alexas connecting together, weather or not it's exploitable is another story that i'm starting to have the urge to explore

 

9 hours ago, StDragon said:

I'm sure this is a major violation of Xfinity's ToS. You can't be offering WiFi to others outside of your home with the exception of guest access; but not perpetually.

Xfinity literally has a built in feature for that, if you're in range of an xfinity router, and you have an xfinity plan, you can connect to it.

Quote me for a reply, React if I was helpful, informative, or funny

 

AMD blackout rig

 

cpu: ryzen 5 3600 @4.4ghz @1.35v

gpu: rx5700xt 2200mhz

ram: vengeance lpx c15 3200mhz

mobo: gigabyte b550 pro 

psu: cooler master mwe 650w

case: masterbox mbx520

fans:Noctua industrial 3000rpm x6

 

 

Link to post
Share on other sites
6 hours ago, Senzelian said:

I can only care about the data that I am aware of. If you can make me aware of an issue that I might not know about, then you got my interest. But not by telling me I'm ignorant.

Ok, I'll tell you why the data harvesting is problematic, assuming you're even willing to listen. First keep in mind that these devices listen to you 24/7 and the recordings can be used to identify people. "it doesn’t take a rocket scientist to recover someone’s identity; you simply have to listen carefully to what is being said." So now think if criminals manage to get hold of these.

Let's go to tinder which collects huge amounts of your personal data, while being  less intrusive than the home assistants.

The Cambridge Analytica controversy, where data was harvested from Facebook and was used for political gains.

Let's end with a big one. China used phones to track down uyghur muslims.

Link to post
Share on other sites

Waiting for the knock on the door from police looking trying to figure which neighbor was downloading child porn...

CPU: Intel i7 - 5820k @ 4.5GHz, Cooler: Corsair H80i, Motherboard: MSI X99S Gaming 7, RAM: Corsair Vengeance LPX 32GB DDR4 2666MHz CL16,

GPU: ASUS GTX 980 Strix, Case: Corsair 900D, PSU: Corsair AX860i 860W, Keyboard: Logitech G19, Mouse: Corsair M95, Storage: Intel 730 Series 480GB SSD, WD 1.5TB Black

Display: BenQ XL2730Z 2560x1440 144Hz

Link to post
Share on other sites
8 hours ago, Gaires said:

Ok, I'll tell you why the data harvesting is problematic, assuming you're even willing to listen. First keep in mind that these devices listen to you 24/7 and the recordings can be used to identify people. "it doesn’t take a rocket scientist to recover someone’s identity; you simply have to listen carefully to what is being said." So now think if criminals manage to get hold of these.

Let's go to tinder which collects huge amounts of your personal data, while being  less intrusive than the home assistants.

The Cambridge Analytica controversy, where data was harvested from Facebook and was used for political gains.

Let's end with a big one. China used phones to track down uyghur muslims.

 

I never argued that data harvesting isn't problematic. You need to read the entire conversation. This is specifically about Google Home devices!

So with that in mind, here we go again...

 

I don't have any issues with Google knowing me and my habits and what I say. I am very well aware of that when I bought the Google Home Max. And let's be honest, I own an Android phone that I carry around with me all day long. If I was really worried about data harvesting, I'd need to get rid of that aswell. The smart speaker is at this point really just the icing on the cake. 

 

I've read the article about the cambridge analytica thing and Facebook. Yup, they used data for political advertisement. Of course that sucks, no denying that, especially when Trump's campaign is the one paying for it, but I don't believe that boycotting hardware / software companies that don't have anything to do with that makes any sense. Specifically Google in this case, because I was specifically talking about Google Home devices originally. 

 

But if I actually had a Facebook account and I read about this, then I'd consider deleting that account. Personally I don't even have one and never signed up. Btw: This cambridge analytica thing is one of the reasons I never bought a Oculus Quest, since you need a Facebook account to use it.

 

And the China thing... Yeah, what do you want me to do? Throw my phone away?

 

 

11 hours ago, Jito463 said:

Saying someone is ignorant is not the same as saying someone is stupid.

I played that card because it worked, not because it made any sense linguistically.

 

But on the other hand it doesn't really matter what the word means, if the society agrees on it beeing impolite. You even said "I swear, it's like people don't even understand language anymore.", so I assume you agree, that the society mostly thinks of something else, when they read the word ignorance.

05Gb/s - USB 3.2 Gen 1 (USB 3.0)

10Gb/s - USB 3.2 Gen 2

20Gb/s - USB 3.2 Gen 2x2

40Gb/s - USB 4.0, Thunderbolt 3, Thunderbolt 4

 

Some Wallpapers I created

Link to post
Share on other sites

Glad I never bought into the smart device botnet. My smartphone and PC spying on me is already enough.

Link to post
Share on other sites
21 minutes ago, Senzelian said:

I never argued that data harvesting isn't problematic. You need to read the entire conversation. This is specifically about Google Home devices!

So with that in mind, here we go again...

I did read it all and was making general points for what can be done with your data.

 

21 minutes ago, Senzelian said:

I don't have any issues with Google knowing me and my habits and what I say. I am very well aware of that when I bought the Google Home Max.

Sure, you might trust Google and not care if they know everything you say at home. That doesn't mean your data cannot be used by other more problematic entities.

 

23 minutes ago, Senzelian said:

And let's be honest, I own an Android phone that I carry around with me all day long. If I was really worried about data harvesting, I'd need to get rid of that aswell. The smart speaker is at this point really just the icing on the cake. 

I own an android phone too, it's even Chinese brand. The thing is where you draw the line about how much and what data is collected about you. These devices can collect more personal data that makes identifying you easier. Again while you might trust Google, that doesn't mean entities you don't trust cannot get hold of the data.

 

31 minutes ago, Senzelian said:

ut I don't believe that boycotting hardware / software companies that don't have anything to do with that makes any sense. Specifically Google in this case, because I was specifically talking about Google Home devices originally. 

Again, these devices listen to you when you're talking politics with someone. So that's why it relates to these devices also.

 

34 minutes ago, Senzelian said:

And the China thing... Yeah, what do you want me to do? Throw my phone away?

No, but it's the worst case scenario how your data can be used.

 

 

As for the topic at hand, I don't even see the point of this. Who benefits from making Echoes public wifi spots, since most routers aren't powerful enough that people outside can use the wifi network.

This just means that in apartments your neighbours can use your wifi to do illegal stuff if you don't turn off the new "feature".

Link to post
Share on other sites
23 minutes ago, Gaires said:

As for the topic at hand, I don't even see the point of this. Who benefits from making Echoes public wifi spots, since most routers aren't powerful enough that people outside can use the wifi network.

 

Amazon of course benefits from that.

Anyone can become a potential source of information for Amazon, without even actively using any of their services.

There is of course no benefit for the customer that bought the echo. Amazon probably hopes for people to forget about this in the coming months, so that it just becomes the norm.

05Gb/s - USB 3.2 Gen 1 (USB 3.0)

10Gb/s - USB 3.2 Gen 2

20Gb/s - USB 3.2 Gen 2x2

40Gb/s - USB 4.0, Thunderbolt 3, Thunderbolt 4

 

Some Wallpapers I created

Link to post
Share on other sites
5 minutes ago, Senzelian said:

Amazon of course benefits from that.

Anyone can become a potential source of information for Amazon, without even actively using any of their services.

But that's the problem, they don't get all that much data out of it since most consumer routers have really short range.

Link to post
Share on other sites
48 minutes ago, Gaires said:

But that's the problem, they don't get all that much data out of it since most consumer routers have really short range.

The Alexa devices are the ones that create the network, not the routers.

I don't think you need that much range anyway. Most consumer routers and APs can reach through a couple of walls and if you live in a small apartement with lots of people, then that's probably good enough. 

05Gb/s - USB 3.2 Gen 1 (USB 3.0)

10Gb/s - USB 3.2 Gen 2

20Gb/s - USB 3.2 Gen 2x2

40Gb/s - USB 4.0, Thunderbolt 3, Thunderbolt 4

 

Some Wallpapers I created

Link to post
Share on other sites
2 minutes ago, Senzelian said:

and if you live in a small apartement with lots of people, then that's probably good enough. 

Well sure, maybe some studen apartment can have usage for it. Then again, most of those students would be using their own wifi anyway.

The signal won't be strong enough to reach the street and I doubt a lot of people in apartment building would use their neighbours wifi anyway, unless they want to do something illegal.

Link to post
Share on other sites
On 11/27/2020 at 9:26 AM, Oshino Shinobu said:

This is from the same company that once had an idea to give their delivery drivers access to people's locked doors to leave parcels in a "safe place".

now you get a garage door that amazon can open. clearly the low res camera on it will help

Good luck, Have fun, Build PC, and have a last gen console for use once a year. I should answer most of the time between 9 to 3 PST

NightHawk 2.0: R7 2700 @4.0ghz, B450m Steel Legends, H105, 4x8gb Geil EVO 2866, XFX RX 580 8GB, Corsair RM750X, 500 gb 850 evo, 500gb 850 pro and 5tb Toshiba x300

Skunkworks: R5 3500U, 16gb, 250 intel 730, 500gb Adata XPG 6000 lite, Vega 8. HP probook G455R G6

Condor (MC server): 6600K, z170m plus, 16gb corsair vengeance LPX, samsung 750 evo, EVGA BR 450.

Bearcat (F@H box) core 2 duo, 1x4gb EEC DDR2, 250gb WD blue, 9800GTX+, STRIX 660ti, supermicro PSU, dell T3400.

Rappter(unfinished compute server) HP DL380G6 2xE5520 24GB ram with 4x146gb 10k drives and 4x300gb 10K drives, running NOTHING can't get anything to work

Spirt  (unfinished NAS) Cisco Security Multiservices Platform server e5420 12gb ram, 1x6 1tb raid 6 for plex + Need funding 16+1 2tb raid 6 for mass storage.

PSU Tier List      Motherboard Tier List      How to get PC parts cheap    HP probook 445R G6 review

 

"Stupidity is like trying to find a limit of a constant. You are never truly smart in something, just less stupid."  @CircleTech

Camera Gear: Canon SL2, 60D, T5, 24-105 F, 50mm F1.4, 75-300 III, rokinon 25 T1.5, Helios44-m, Sony FS700R, 2 Cos-11D lavs

Link to post
Share on other sites
5 minutes ago, Gaires said:

Well sure, maybe some studen apartment can have usage for it. Then again, most of those students would be using their own wifi anyway.

The signal won't be strong enough to reach the street and I doubt a lot of people in apartment building would use their neighbours wifi anyway, unless they want to do something illegal.

Not only student apartments. There are plenty of people living in apartments that aren't students. It's basically the standard for a lot of european countries.

 

I also don't think a lot of people would use their neighbours wifi hotspot on purpose, but instead on accident.
There's a lot of people out there, that don't care about tech. They just let their phone decide what to connect to and if there's an open hotspot, then why not? Also I think that there will also be people, that will connect to their own Amazon Alexa device unintentionally.

05Gb/s - USB 3.2 Gen 1 (USB 3.0)

10Gb/s - USB 3.2 Gen 2

20Gb/s - USB 3.2 Gen 2x2

40Gb/s - USB 4.0, Thunderbolt 3, Thunderbolt 4

 

Some Wallpapers I created

Link to post
Share on other sites
2 minutes ago, Senzelian said:

It's basically the standard for a lot of european countries.

I know, I live in one.

2 minutes ago, Senzelian said:

There's a lot of people out there, that don't care about tech. They just let their phone decide what to connect to and if there's an open hotspot, then why not?

Yeah, I forgot about that, even though I'm the only in my family who's into tech. But still I would guess that's pretty small number in grand scale of things.

Link to post
Share on other sites

As for being "common" my whole street with about 200+homes (most of these are single family homes so it's kind of hard to guess exactly) theres only one open wifi spot, and that's weirdly some "Telekom fone"... I guess the owner just doesn't know it has wifi or whatever... however this isn't common at all in GERMANY, and the open wifi spots you find in bigger cities are all from some public entities like libraries, McDonald's or hotels... and of course are usually secured with a password despite being "open", private wifi hotspots tho? nah, not really common at all... 

RYZEN 5 3600 | GIGABYTE 3070 VISION OC | 16GB CORSAIR VENGEANCE LPX 3200 DDR4 | MSI B350M MORTAR | 250GB SAMSUNG EVO 860 | 4TB TOSHIBA X 300 | 1TB TOSHIBA SSHD | 120GB KINGSTON SSD | WINDOWS 10 PRO | INWIN 301| BEQUIET PURE POWER 10 500W 80+ SILVER | ASUS 279H | LOGITECH Z906 | DELL KB216T | LOGITECH M185 | SONY DUALSHOCK 4

 

LENOVO IDEAPAD 510 | i5 7200U | 8GB DDR4 | NVIDIA GEFORCE 940MX | 1TB WD | WINDOWS 10 GO HOME 

Link to post
Share on other sites
3 hours ago, GDRRiley said:

now you get a garage door that amazon can open. clearly the low res camera on it will help

Nothing to worry about, they're all trustworthy strangers. It's not like a bunch of them would get caught stealing the new Playstat.... Oh.

Link to post
Share on other sites
19 hours ago, StDragon said:

You still only have one connection from your modem to the ISP, so they can, potentially, use a significant amount of bandwidth. I'm not an expert though as I'm not an Xfinity customer and can't test it myself.

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME

LinusWare Dev | NotCPUCores Dev

Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×