In addition, why is this malware downloding payloads etc, could it not have been pre-installed?!
redrove 2 days ago [-]
I’m immediately suspicious of cheap chinese crap like this.
$35 for a projector should cause you to raise at least one eyebrow.
Also, as always with “IoT” type devices, they’re best kept in an isolated VLAN with no internet access.
DriftRegion 2 days ago [-]
This is the first time I've read an AI-heavy piece and stayed engaged with it all the way through. I think the author's sharing the prompts was key to that experience.
DANmode 2 days ago [-]
As it should be!
tomaskafka 12 hours ago [-]
What I missed in analysis is that service sold isn't "selling your bandwidth to a highest bidder" - it's an universal binary delivery system, so if someone would pay more for eg. binary that explores your network and installs btc miner or password stealer on all unsecured devices, then that's what you'll get.
shmeeed 1 days ago [-]
Like many people, I've always been vaguely suspicious of IoT devices like these. But I've never seen reverse engineered what it is they actually do. The conclusion goes way beyond my expectations and is rather chilling:
>My $35 projector wasn't just spying on me. It was selling my network. Anyone who paid Kookeey for proxy access could route their traffic through my IP
nticompass 1 days ago [-]
Now that's just kooky! Sorry, I had to.
firesteelrain 2 days ago [-]
We need supply chain protections for the regular consumer now.
kotaKat 2 days ago [-]
Best the FCC is going to do is a misguided blanket “China bad!” router ban because Elise Stefanik got a little lobbying birdie in her ear from a certain American drone manufacturer.
thenthenthen 1 days ago [-]
Back at my old job we would get regular text messages and emails from the Chinese government when a piece of software or plugin in our public web-stack had a new cve or malware…
perarneng 2 days ago [-]
100% governments needs to crack down on these manufacturers and basically say that if China does not stop this insanity then importing them in to the US or EU will become illegal since its a national and personal security risk.
graemep 2 days ago [-]
Not going to happen. Governments are very complacent. The UK only recently banned Chinese IP CCTV cameras from sensitive government sites!
Its impossible to do with anything that gets updates. You never know what the next update will bring. Obviously things that connect to the internet and do not get updates are hopelessly insecure. its also pointless for anything controlled by an app through a server (anything from cars to fridges these days) as you cannot control what the server does.
Governments will also find excuses not to do this as its expensive and inflationary. They will play down the risk, point out the Americans can do it too, etc.
l23k4 1 days ago [-]
This would typically not be referred to as a "remote access trojan". It's just an updater, or perhaps a dropper if you want to make it sound more scary.
wordsarelies 1 days ago [-]
The us gov should pay for this sort of research to be published... bonus points for binaries.
ashout33 1 days ago [-]
Is there any instructions on how I can do a similar analysis my own devices?
sillymenow 8 hours ago [-]
How more detailed should it be? I mean you get literally every command and what tools were used.
HN discussion: https://news.ycombinator.com/item?id=48165492
$35 for a projector should cause you to raise at least one eyebrow.
Also, as always with “IoT” type devices, they’re best kept in an isolated VLAN with no internet access.
>My $35 projector wasn't just spying on me. It was selling my network. Anyone who paid Kookeey for proxy access could route their traffic through my IP
Its impossible to do with anything that gets updates. You never know what the next update will bring. Obviously things that connect to the internet and do not get updates are hopelessly insecure. its also pointless for anything controlled by an app through a server (anything from cars to fridges these days) as you cannot control what the server does.
Governments will also find excuses not to do this as its expensive and inflationary. They will play down the risk, point out the Americans can do it too, etc.