Reverse engineering Android malware from popular Chinese projectors (opens in new tab)

(zanestjohn.com)

89 points3abiton1mo ago19 comments

19 comments

19 comments · 9 top-level

firesteelrain1mo ago· 4 in thread

We need supply chain protections for the regular consumer now.

Best the FCC is going to do is a misguided blanket “China bad!” router ban because Elise Stefanik got a little lobbying birdie in her ear from a certain American drone manufacturer.

thenthenthen1mo ago

Back at my old job we would get regular text messages and emails from the Chinese government when a piece of software or plugin in our public web-stack had a new cve or malware…

perarneng1mo ago

100% governments needs to crack down on these manufacturers and basically say that if China does not stop this insanity then importing them in to the US or EU will become illegal since its a national and personal security risk.

graemep1mo ago

Not going to happen. Governments are very complacent. The UK only recently banned Chinese IP CCTV cameras from sensitive government sites!

Its impossible to do with anything that gets updates. You never know what the next update will bring. Obviously things that connect to the internet and do not get updates are hopelessly insecure. its also pointless for anything controlled by an app through a server (anything from cars to fridges these days) as you cannot control what the server does.

Governments will also find excuses not to do this as its expensive and inflationary. They will play down the risk, point out the Americans can do it too, etc.

DriftRegion1mo ago· 3 in thread

This is the first time I've read an AI-heavy piece and stayed engaged with it all the way through. I think the author's sharing the prompts was key to that experience.

zstj1mo ago

Author here. I didn't realize folks had found this, LOL. As some have noted, yes, large chunks of this article were AI-written. Whether or not it's truly justifiable, I was busy enough that I saw it as the best way to complete the capstone writing on my experience. Again, I'm mildly surprised folks came across it!

Igrom1mo ago

In case you are interested in hearing a reader's opinion: the AI writing was noticeable and detracting. The most significant cues for me were the sensational tone and the prolific "clever" one-liners. I think that while it is difficult to make the judgment with any degree of accuracy based on a single suspicious sentence, but given the length of the article, all the individual cues eventually add up to a near certainty.

I think that the sorry thing about the article is that, even though I've read through an article of yours, I have learned nothing about what kind of person you are. I think that there's more to blogging than just showing the work. It's also a stage for you. The displays of character in the article ("I had a feeling", "I sat with that for a minute") written in first person are not actually yours, and are instead, in a way, a performance of the LLM that you used. So in my opinion (and you're free to disagree) you've robbed yourself of the attention you deserved.

However, I assume that the contents of the investigation were true, and if so, they are quite damning (in fact, my SO has just surprised me with a cheap Chinese projector. Nice timing!). It was also great that you've shared the prompts and results at each stage.

DANmode1mo ago

As it should be!

thenthenthen1mo ago· 1 in thread

Wow this is pretty insane, the whole supply chain of these things might look similar to the practises described in this article: https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens...

HN discussion: https://news.ycombinator.com/item?id=48165492

thenthenthen1mo ago

In addition, why is this malware downloding payloads etc, could it not have been pre-installed?!

shmeeed1mo ago· 1 in thread

Like many people, I've always been vaguely suspicious of IoT devices like these. But I've never seen reverse engineered what it is they actually do. The conclusion goes way beyond my expectations and is rather chilling:

>My $35 projector wasn't just spying on me. It was selling my network. Anyone who paid Kookeey for proxy access could route their traffic through my IP

nticompass1mo ago

Now that's just kooky! Sorry, I had to.

ashout331mo ago· 1 in thread

Is there any instructions on how I can do a similar analysis my own devices?

sillymenow1mo ago

How more detailed should it be? I mean you get literally every command and what tools were used.

redrove1mo ago

I’m immediately suspicious of cheap chinese crap like this.

$35 for a projector should cause you to raise at least one eyebrow.

Also, as always with “IoT” type devices, they’re best kept in an isolated VLAN with no internet access.

tomaskafka1mo ago

What I missed in analysis is that service sold isn't "selling your bandwidth to a highest bidder" - it's an universal binary delivery system, so if someone would pay more for eg. binary that explores your network and installs btc miner or password stealer on all unsecured devices, then that's what you'll get.

l23k41mo ago

This would typically not be referred to as a "remote access trojan". It's just an updater, or perhaps a dropper if you want to make it sound more scary.

wordsarelies1mo ago

The us gov should pay for this sort of research to be published... bonus points for binaries.

j / k navigate · click thread line to collapse

19 comments

19 comments · 9 top-level

firesteelrain1mo ago· 4 in thread

We need supply chain protections for the regular consumer now.

kotaKat1mo ago

Best the FCC is going to do is a misguided blanket “China bad!” router ban because Elise Stefanik got a little lobbying birdie in her ear from a certain American drone manufacturer.

thenthenthen1mo ago

Back at my old job we would get regular text messages and emails from the Chinese government when a piece of software or plugin in our public web-stack had a new cve or malware…

perarneng1mo ago

graemep1mo ago

Not going to happen. Governments are very complacent. The UK only recently banned Chinese IP CCTV cameras from sensitive government sites!

Governments will also find excuses not to do this as its expensive and inflationary. They will play down the risk, point out the Americans can do it too, etc.

DriftRegion1mo ago· 3 in thread

This is the first time I've read an AI-heavy piece and stayed engaged with it all the way through. I think the author's sharing the prompts was key to that experience.

zstj1mo ago

Igrom1mo ago

DANmode1mo ago

As it should be!

thenthenthen1mo ago· 1 in thread

Wow this is pretty insane, the whole supply chain of these things might look similar to the practises described in this article: https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens...

HN discussion: https://news.ycombinator.com/item?id=48165492

thenthenthen1mo ago

In addition, why is this malware downloding payloads etc, could it not have been pre-installed?!

shmeeed1mo ago· 1 in thread

>My $35 projector wasn't just spying on me. It was selling my network. Anyone who paid Kookeey for proxy access could route their traffic through my IP

nticompass1mo ago

Now that's just kooky! Sorry, I had to.

ashout331mo ago· 1 in thread

Is there any instructions on how I can do a similar analysis my own devices?

sillymenow1mo ago

How more detailed should it be? I mean you get literally every command and what tools were used.

redrove1mo ago

I’m immediately suspicious of cheap chinese crap like this.

$35 for a projector should cause you to raise at least one eyebrow.

Also, as always with “IoT” type devices, they’re best kept in an isolated VLAN with no internet access.

tomaskafka1mo ago

l23k41mo ago

This would typically not be referred to as a "remote access trojan". It's just an updater, or perhaps a dropper if you want to make it sound more scary.

wordsarelies1mo ago

The us gov should pay for this sort of research to be published... bonus points for binaries.

j / k navigate · click thread line to collapse