[NNagain] Attackers breach plume

Dave Taht dave.taht at gmail.com
Thu Nov 16 15:29:43 EST 2023


Plume is one of the biggest sellers of "managed wifi devices". Now breached.

https://cybernews.com/news/plume-data-breach/

I have not ever used their stuff (why should I hand *any* details of
*my* network to a third party? I trust my builds of openwrt only), but
the last I had heard (5 years ago) was Plume had managed to get
fq_codel running on two out of three devices they had, but not
deployed, so I assumed they were managing little that I cared about,
while sharing stuff I did not want them to have. On the other hand, if
attackers twere white hat in any way - or an independent researcher
were to look over all the files... especially the wifi stats - hoo
boy! what a great global view into wifi behaviors that no-one else has
in the world today. I wonder what that would be worth on the black
market... "hey buddy, you wanna know what fire tv sticks are really
doing on networks?" [1]

Cross posting this to nnagain in part because of the twisted thought
in a title ii world:

What is the ISP supposed to do about compromised devices they can see?
In this case the plume OUI MAC address is visible to the edge router.

What of transient compromise  - once breached, other backdoors
installed elsewhere?

[1] (one thing few knew about chromecast and other wireless stick
devices  in 1996 is a huge percentage of them were wedged into a few
inches from the tv to the AP, overdriving the wifi antennas, messing
up the network for everyone) - google's published research here:
https://apenwarr.ca/diary/wifi-data-apenwarr-201602.pdf

Having never heard a plume rep call anyone and tell them to use a wire
for their tv instead... makes me dispute the value of plumes "managed
wifi" and not having seen a drop of public research out of them and
their insane stock price... ummmm...

Also the tv sticks, many ap routers, all tablets (well the kindle is
lame), are more than powerful enough to be actively sniffing the air
of not just the local network, but ones nearby.

-- 
:( My old R&D campus is up for sale: https://tinyurl.com/yurtlab
Dave Täht CSO, LibreQos


More information about the Nnagain mailing list