Posted: Fri Mar 29, 2024 16:02 Post subject: Amazon Echo (Alexa) devices on their own VLAN
So I read an article a few weeks ago that mentioned that Amazon Echo and Google Home devices are indeed spying on the general public. I want to be able to prove or disprove this on my own. So I set up an exclusive VLAN WAP just for my eight Echo devices (I don't have any Google Home devices). I left out my two FireTV sticks as I believe their microphones are only built into the remotes.
I figured this would make them MUCH easier to monitor with networking tools such as WireShark or even tcpdump without the need for complex filtering. Any better ideas here would be appreciated.
I am not using any interconnect features, such as multi-room audio sync. Yet, all these devices do reach out and communicate with each other. Wondering why?
I have not yet found any evidence of them recording our conversations yet as I only got this setup yesterday, but I will add a full time logging system of some sort over the weekend.
Has anyone else attempted anything like this and if so, what were your results? _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Here is a tcpdump capture of my Echo devices, for one minute. All microphones are muted at this point. They still generate a ton of traffic. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Fri Mar 29, 2024 18:24 Post subject:
on one of my locations i do have a spammers..amason alexa and sonos and tons or other crap...
its all on a vlan and their own router...i can see hits on the WAN side form the router after...but that is normal as they are all on the same switch...as far as recording and monitoring...hmm this is a cats and dogs game...less devices and mics around better...
my Iphone on number of occasions, i can see my cam sensor is flashing green when i dont even have a cam related app running..and i know apple ware blamed of taking pic of the phone users illegally...
mdns is their thing too those smartdevices are loving it.. so, if not using it, turn it off..with a pinch of salt, router is still fine...
in the past out of curiosity, i did lots of tcpdump router side and wshark on a tap..it gets crazy...
or any interface that is concern and it gets mad...
back in the days there was one odd smart TV, that it would congest the network with UDP flood..
and in general all smart and IoT are prone to dns and tcp udp flood's ...
for the record, there is a way how to encrypt all your data on alexa side...so, nobody can see it even Amazon...well at least that was the claim _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Chasing these things around in a tcpdump is akin to keeping an eye on one fish within a school! I am slowly coming up with better filtering however.
I have decided to connect only one or two devices to the VLAN at a time to keep down the noise....(and generate smaller logs) and these things are really LOUD (referencing their traffic, ofc)! I have five different Echo models: 1 first gen Echo, 2 first gen Dots, 1 second gen Show 5, 3 third gen Dots and 1 Echo Flex.
Whenever I speak to them, they reach out to 52.46.156.62:443 so this may be the address to filter for, for any shenanigans. However, odds are they are using a load balancer so it could easily change. This is probably going to be different in others countries too, I would suspect. This ended up being much more work than I had anticipated. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Monitored all Echo devices for several days now and have yet to get one byte of evidence they are recording in secret. This does not of course mean they cannot be remotely told to record on demand, which I sure they can, but no data either way to (dis)prove that. _________________ Linksys EA8500 (Internet Gateway, AP/VAP) - DD-WRT r53562
Features in use: WDS-AP, Multiple VLANs, Samba, WireGuard, Entware: mqtt, mlocate
Wireless 5ghz only
Netgear R7800 (WDS-AP, WAP, VAP) - DD-WRT r55779
Features in use: multiple VLANs over single trunk port
Linksys EA8500 WDS Station x2 - DD-WRT r55799
Netgear R6400v2 WAP, VAP 2.4ghz only w/VLANs over single trunk port. DD-WRT r55779
OSes: Fedora 38, 9 RPis (2,3,4,5), 20 ESP8266s: Straight from Amiga to Linux in '94, never having owned a Windows PC.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Sat Apr 06, 2024 6:41 Post subject:
There are many articles here and there that claim, those can be remotely highjacked..and used for monitoring...or other malicious purpose...same for phones and their cam and mic ...
So, its not impossible, but rather matter of time... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913