Author Topic: How BLE/ Mesh networks (IE your light bulbs) can spy on you  (Read 3598 times)

0 Members and 1 Guest are viewing this topic.

Offline BeaminTopic starter

  • Super Contributor
  • ***
  • Posts: 1567
  • Country: us
  • If you think my Boobs are big you should see my ba
https://youtu.be/-tIK3Fk-bLA

They can use blueTooth to send traffic 1/2 mile then another 1/2 mile and the FCC doesn't know/care about this.

I thought it was bad enough how comcast will use your bandwidth you pay for to support their xfinity network.
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #1 on: July 06, 2021, 10:38:34 pm »
This is some next level paranoia. What would your light bulb be sending about you exactly? Why would FCC care as long and devices pass certification?

Also, Comcast bandwidth consumption by others does not count against your bill.
Alex
 
The following users thanked this post: bd139, eti

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #2 on: July 06, 2021, 10:47:46 pm »
What exactly are my light bulbs going to know about me? Whether or not the light is on? Out of all the things to concern myself with, this is pretty low on my list.
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #3 on: July 06, 2021, 10:56:12 pm »
The drug police used to check for excessive power draw at night, looking for marijuana cultivation under artificial light.
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #4 on: July 06, 2021, 11:06:36 pm »
The drug police used to check for excessive power draw at night, looking for marijuana cultivation under artificial light.
What this has to do with anything? You can get this information from the power supplier. You don't need BLE fro that, you already have monthly electricity bills.
Alex
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #5 on: July 06, 2021, 11:13:18 pm »
My electric bill doesn't include time-of-day information.  Some do, now that "smart meters" are popular.
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #6 on: July 06, 2021, 11:25:21 pm »
If your consumption is generally higher that similar homes around, you will be at least a suspect. There is no need for time of day information.
Alex
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #7 on: July 06, 2021, 11:31:20 pm »
Every clue helps.  Fifteen or so years ago, a house on my block was busted while I was out of country, so I didn’t read all the details.
An example of unintended consequences of monitoring data:  modern tire pressure monitors require information transfer across a rotating boundary, and then to the car’s computer.  Since no one else cares about your tire pressure data, the RF link used to go to a general purpose input port on the computer, thus providing a back door into your car useable for theft.
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #8 on: July 06, 2021, 11:53:31 pm »
How exactly can you use TPM data for car theft? 
Alex
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #9 on: July 07, 2021, 01:07:15 am »
You send something else by RF to the unencrypted general-purpose input to the computer.  I believe this hole was patched when it became known.
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #10 on: July 07, 2021, 01:11:27 am »
You are sending pressure data. That's all. There is no hole. If your computer can be taken over by sending incorrect data, then it is the firmware flaw, encryption is not relevant here.
Alex
 

Offline eti

  • Super Contributor
  • ***
  • !
  • Posts: 1801
  • Country: gb
  • MOD: a.k.a Unlokia, glossywhite, iamwhoiam etc
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #11 on: July 07, 2021, 01:15:34 am »
A wise old friend of mine, once said "Look, once you've connected to the internet for the first time, ALL your privacy and anonymity has gone; if you believe otherwise, you're delusional, just forget about it and get on with it."

Far too many "theories" and "debates" consume FAR too much time, all of which product nothing except paranoia and arguments. Life is WAY too short for that junk.

"Any fool can speculate, most of them do".
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #12 on: July 07, 2021, 02:43:36 am »
You are sending pressure data. That's all. There is no hole. If your computer can be taken over by sending incorrect data, then it is the firmware flaw, encryption is not relevant here.

When sending innocuous pressure data, the coder may well neglect the security of the connection.  This firmware flaw needed to be fixed once it was discovered.
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9320
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #13 on: July 07, 2021, 03:15:28 am »
How exactly can you use TPM data for car theft? 
You could spoof a flat tire to get the driver to stop, then robbing them is much easier. Granted, it's not that helpful when lightly rear ending them would be far easier and just as effective. (I saw a post on Facebook warning about that a few years back.)
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #14 on: July 07, 2021, 03:20:45 am »
My electric bill doesn't include time-of-day information.  Some do, now that "smart meters" are popular.

They don't need time of day information, they go by the overall consumption, often far higher than normal for a house of that size, it's the reason growers would often seek out houses with electric resistance heat to rent for their grow operations. I believe they also used thermal cameras looking for heat signatures that suggest a grow operation, such as specific rooms that are much warmer than the rest of the house.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #15 on: July 07, 2021, 03:22:51 am »
How exactly can you use TPM data for car theft? 
You could spoof a flat tire to get the driver to stop, then robbing them is much easier. Granted, it's not that helpful when lightly rear ending them would be far easier and just as effective. (I saw a post on Facebook warning about that a few years back.)

If my car was still handling reasonably ok I would continue driving until I came to a safe place to stop and check it. I think it would be obvious that something is going on though if the pressure suddenly dropped without the obvious effect of a blowout though.
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #16 on: July 07, 2021, 03:38:17 am »
When sending innocuous pressure data, the coder may well neglect the security of the connection.  This firmware flaw needed to be fixed once it was discovered.
But the coder may also misinterpret the encrypted data. Coding errors have nothing to do with any of this.

It is perfectly fine to send tire pressure monitor data in the open.
Alex
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #17 on: July 07, 2021, 03:42:45 am »
You could spoof a flat tire to get the driver to stop, then robbing them is much easier.


Yes sure, I'm not against encrypting the data. It is just not as huge of a security hole as some try to portray it.

In any case, TPMs have used security for many years now, so the issue is pretty much solved.
« Last Edit: July 07, 2021, 03:44:19 am by ataradov »
Alex
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #18 on: July 07, 2021, 03:43:44 am »
I agree that the TPM monitor safety problem has probably been solved, but it is an historical example of unexpected consequences of putting data out there.
I'm not complaining about sending my tire pressure information in the open for all to read.
I'm concerned about the path into the computer not being secure, so that malefactors can enter bad stuff into the computer.
This has been documented, and presumably fixed as the technology matured.
I do complain about the attitude that since the information is innocuous, we don't have to be careful about how it is handled.
 

Offline Mazo

  • Regular Contributor
  • *
  • Posts: 66
  • Country: bg
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #19 on: July 07, 2021, 02:07:53 pm »
Fella working in the IoT sector atm here,the company produces smart everything(including bulbs) that are cloud connected.Yes we know when your smart bulb is on,how much electricity you are consuming and whatever info our devices harvest and bonus they can be manipulated remotely.The world still turns.About the network "hopping" that is possible,yes it is even going to be a feature in the future so that your smart sensor on the other end of the yard gets that Wi-Fi signal which is otherwise lacking there using other smart devices as "extender".If this bothers you,buy "dumb" lamps.
AFAIK nobody is interested in that kind of info :)
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #20 on: July 07, 2021, 03:41:18 pm »
In the US, the police (for good or ill) are already interested in the data from your smart doorbell.
https://www.washingtonpost.com/technology/2021/03/02/ring-camera-fears/
 

Offline ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #21 on: July 07, 2021, 03:57:15 pm »
But before that the police were interested in dumb CCTV security cameras. This is a standard procedure, when a crime happens, they go to all the places that may have the camera and request the footage.

The only difference is that in case of CCTV you are the one giving consent, but in case of a cloud connected device, you have potentially given away that right to the cloud operator. It is still not legally clear.

And again, there is nothing inherently wrong with the technology, we just need to clarify the laws on how it is handled.
Alex
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8998
  • Country: us
  • Retired, now restoring antique test equipment
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #22 on: July 07, 2021, 04:09:53 pm »
I agree that laws need to be clarified for new technology.  Thereafter, we are back to the classic question "Quis custodiet ipsos custodes?"  If the stuff is in the cloud or on the air, it is difficult to control custody.
 

Offline Rick Law

  • Super Contributor
  • ***
  • Posts: 3490
  • Country: us
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #23 on: July 07, 2021, 07:10:33 pm »
...
I thought it was bad enough how comcast will use your bandwidth you pay for to support their xfinity network.
...
Also, Comcast bandwidth consumption by others does not count against your bill.

While it may not directly affect the bill, but it costs in other ways.  The coaxis cable that came into your house can carry only so much, and you do pay for the electricity that powers the modem and such.

All three consumer-class ISP's (Optima, Fios, and Comcast/xfinity) in my area pushes their one-box solution: that one box does cable-modem, firewall/router, and WiFi AP (access point).  You no longer directly control these.  You go into their website to modify your WiFi AP and or your router settings.

If you use those one-box solution they are pushing...   In Optima's case, they use a lone UBEE box doing DOCSIS 3.1, firewall, router, and WiFi.  Following the UBEE user manual (from the UBEE site), I can ping the box, but the device displays an error when I tried to http into it.  I know that IP is right since I can ping it, but I can't http into it.  The optima-provided UBEE has the local web setup pages locked out.  You must use Optima's site to get to your account page where you can edit some settings in the UBEE box.  For router - only port forwarding and nothing else I could find.  You can't do much with your WiFi AP either beyond changing the SSID and WAP password.  The cable-ISP company has control all the way down to and including your WiFi AP.  To add insult to injury, they also sell a "WiFi management service" you can add to your plan (at least comcast/xfinity do, not sure about Optima). 

All three consumer-ISPs in my area (Fios, Optima, Xfinity/Comcast) has "nation wide WiFi" service you can add to your plan - to access WiFi everywhere they have a presence.  You may well be logging onto a UBEE box / Verizon-G3100 like device in someone's business location or home.  The owner/renter of the UBEE box pays a rental fee and pays the electricity to power that box while merely just getting just a virtual AP in his/her home.  Other "nation wide WiFi" user may well be logged into another virtual AP that is in that same box.  I don't know if the ISP actually would go that far to have you fund their service, but what they deployed certainly can go that far.

I know in theory those boxes can go as high as 2.5Gb/s.  Many older buildings has RG59 instead of RG6, possibly with a splitter or two already before getting into your location.  2.5Gb/s would be pushing the luck.  What if the box is in your house/business while the dozen people in the coffee shop next door all happen to logon using their "nation wide WiFi" also from your cable company?

I am not a generous person when it comes to bandwidth and electrical bill.  I use xFinity/comcast, with my own cable modem into my own firewall/router with my own WiFi AP.  So I know at least the cable that comes into my house carry only my traffic - as long as I stay away from the "Amazon Sidewalk" types of things.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: How BLE/ Mesh networks (IE your light bulbs) can spy on you
« Reply #24 on: July 07, 2021, 08:07:35 pm »
In the US, the police (for good or ill) are already interested in the data from your smart doorbell.
https://www.washingtonpost.com/technology/2021/03/02/ring-camera-fears/

I'm more than happy to provide the police with any security footage I have in the event of a crime and the same is true of many of my neighbors. It may be one reason there is so little crime in my neighborhood, a large number of people have security cameras that record everything that goes on in their view.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf