To summarize: the device is riddled with security flaws, originally shipped with default passwords, communicates with servers in China, comes preinstalled with hacking tools, and even includes a built-in microphone - fully equipped for recording audio - without clear mention of it in the documentation. Could it get any worse?
I am pretty sure these issues stem from extreme negligence and rushed development rather than malicious intent. However, that doesn’t make them any less concerning.
Slop everywhere. As far as the eye can see.
Nest’s security system shipped with an undocumented microphone they activated later, sadly this isn’t totally limited to Chinese crap.
They have fixed most of the security flaws.
Yeah the author clearly searched and replaced all the em dashes with hyphens, yet still used an ellipsis character. Certified slop.
I had several IOT smart plugs that have GPS built in.
why? why would it need to know its exact geographic location?!
after that I created an entire hardware segmented network that’s specifically used for IOT and cameras.
last I checked the router/firewall it’s on has blocked over 11million requests a month trying to access the outside.
I will never have a “smart” device in my home that’s connected to the internet. I’ll live like it’s the 1930s if I ever have to.
I’ve done the same but that request number is BS. Of course it keeps retrying cause it couldn’t get an answer. It does not mean if it could connect it would connect 21 million times.
GPS is a great way to get an accurate time.
Likely because the manufacturer used of off the shelf hardware that just happened to have GPS built in? That’s just how these things go, it’s easier to just use pre designed hardware for what you need, even if it has functionalities you won’t use.
Hell, I’d argue that the vast majority of computer hardware out there isn’t using half of the features that it has.
Just because features are there doesn’t mean they’re used, and definitely doesn’t automatically mean that there are evil or nefarious intentions with its design
I agree with you in principle but that doesn’t really help us much when poorly wrought digital devices get compromised en masse. I can say “Mirai” and way too much of the population knows that it’s an IoT botnet.
Those default passwords and superfluous software packages are cut corners, and directly translate to risk in your own home. Maybe you don’t feel that 2025 has been enough years of neglect to start calling it malfeasance , but if they’re tired of shit breaking and getting hacked and losing support I can definitely see the point of keeping more analog devices to minimize those risks.
Opportunity makes the thief, right?
How I discovered a microphone by reading the he documentation on GitHub?
It’s the headline rewritten for reality
Is that a question or a statement?
Yes?
I mean, I wouldn’t call
tcpdumpa “hacking tool”…I have this hacking tool called “passwd” which is useful for hacking. Also one called “Linux”
Guys I discovered a hidden microphone in my headphones speaker!!!
And poorly designed software in my… everything
I was really sketched out with my BLI-KVM. I had a server that was off, when I booted it the bios was in Chinese. Although someone did say that motherboard had a flaw that would do that, I wasn’t Sure if it was the KVM or the motherboard, but still…
No critical thinking I guess. How the hell would a KVM flash your BIOS or more likely UEFI.
It could probably change the language selector.
If I’m an elite hacker spy who works for the hacker spy division of the Chinese army, am I going to change the system language of the thing I am hacking to Chinese and forget to change it back?
