* [Make-wifi-fast] Attackers breach plume
@ 2023-11-16 20:29 Dave Taht
2023-11-16 21:01 ` [Make-wifi-fast] [NNagain] " rjmcmahon
0 siblings, 1 reply; 2+ messages in thread
From: Dave Taht @ 2023-11-16 20:29 UTC (permalink / raw)
To: Network Neutrality is back! Let´s make the technical
aspects heard this time!,
Make-Wifi-fast
Cc: Avery Pennarun
Plume is one of the biggest sellers of "managed wifi devices". Now breached.
https://cybernews.com/news/plume-data-breach/
I have not ever used their stuff (why should I hand *any* details of
*my* network to a third party? I trust my builds of openwrt only), but
the last I had heard (5 years ago) was Plume had managed to get
fq_codel running on two out of three devices they had, but not
deployed, so I assumed they were managing little that I cared about,
while sharing stuff I did not want them to have. On the other hand, if
attackers twere white hat in any way - or an independent researcher
were to look over all the files... especially the wifi stats - hoo
boy! what a great global view into wifi behaviors that no-one else has
in the world today. I wonder what that would be worth on the black
market... "hey buddy, you wanna know what fire tv sticks are really
doing on networks?" [1]
Cross posting this to nnagain in part because of the twisted thought
in a title ii world:
What is the ISP supposed to do about compromised devices they can see?
In this case the plume OUI MAC address is visible to the edge router.
What of transient compromise - once breached, other backdoors
installed elsewhere?
[1] (one thing few knew about chromecast and other wireless stick
devices in 1996 is a huge percentage of them were wedged into a few
inches from the tv to the AP, overdriving the wifi antennas, messing
up the network for everyone) - google's published research here:
https://apenwarr.ca/diary/wifi-data-apenwarr-201602.pdf
Having never heard a plume rep call anyone and tell them to use a wire
for their tv instead... makes me dispute the value of plumes "managed
wifi" and not having seen a drop of public research out of them and
their insane stock price... ummmm...
Also the tv sticks, many ap routers, all tablets (well the kindle is
lame), are more than powerful enough to be actively sniffing the air
of not just the local network, but ones nearby.
--
:( My old R&D campus is up for sale: https://tinyurl.com/yurtlab
Dave Täht CSO, LibreQos
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Make-wifi-fast] [NNagain] Attackers breach plume
2023-11-16 20:29 [Make-wifi-fast] Attackers breach plume Dave Taht
@ 2023-11-16 21:01 ` rjmcmahon
0 siblings, 0 replies; 2+ messages in thread
From: rjmcmahon @ 2023-11-16 21:01 UTC (permalink / raw)
To: Network Neutrality is back! Let´s make the technical
aspects heard this time!
Cc: Make-Wifi-fast, Dave Taht, Avery Pennarun
hmm, there is a claim of breach, "Attackers claim Plume data breach" vs
a statement of fact per
"Now breached." It's probably most fair to Plume to be as accurate as
possible in such communications.
Thanks for sharing the "gfiber wifi" deck. Lots of useful information in
it.
Bob
> Plume is one of the biggest sellers of "managed wifi devices". Now
> breached.
>
> https://cybernews.com/news/plume-data-breach/
>
> I have not ever used their stuff (why should I hand *any* details of
> *my* network to a third party? I trust my builds of openwrt only), but
> the last I had heard (5 years ago) was Plume had managed to get
> fq_codel running on two out of three devices they had, but not
> deployed, so I assumed they were managing little that I cared about,
> while sharing stuff I did not want them to have. On the other hand, if
> attackers twere white hat in any way - or an independent researcher
> were to look over all the files... especially the wifi stats - hoo
> boy! what a great global view into wifi behaviors that no-one else has
> in the world today. I wonder what that would be worth on the black
> market... "hey buddy, you wanna know what fire tv sticks are really
> doing on networks?" [1]
>
> Cross posting this to nnagain in part because of the twisted thought
> in a title ii world:
>
> What is the ISP supposed to do about compromised devices they can see?
> In this case the plume OUI MAC address is visible to the edge router.
>
> What of transient compromise - once breached, other backdoors
> installed elsewhere?
>
> [1] (one thing few knew about chromecast and other wireless stick
> devices in 1996 is a huge percentage of them were wedged into a few
> inches from the tv to the AP, overdriving the wifi antennas, messing
> up the network for everyone) - google's published research here:
> https://apenwarr.ca/diary/wifi-data-apenwarr-201602.pdf
>
> Having never heard a plume rep call anyone and tell them to use a wire
> for their tv instead... makes me dispute the value of plumes "managed
> wifi" and not having seen a drop of public research out of them and
> their insane stock price... ummmm...
>
> Also the tv sticks, many ap routers, all tablets (well the kindle is
> lame), are more than powerful enough to be actively sniffing the air
> of not just the local network, but ones nearby.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-11-16 21:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-16 20:29 [Make-wifi-fast] Attackers breach plume Dave Taht
2023-11-16 21:01 ` [Make-wifi-fast] [NNagain] " rjmcmahon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox