Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transmom.love/@elilla" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>elilla</span></a></span> and <em>this</em> is why I hardwire everything and would deploy <a href="https://infosec.space/tags/UniFi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UniFi</span></a> on a dedicaded LAN!</p><ul><li>Not to mention <a href="https://infosec.space/tags/Ring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ring</span></a> by <a href="https://infosec.space/tags/Amazon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Amazon</span></a> is providing police with warrantless <a href="https://infosec.space/tags/BulkAccess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BulkAccess</span></a> to all cameras and recordings.</li></ul><p>Given this fact, I'd not be surprised if the ring camera literally was used to <a href="https://infosec.space/tags/tunnel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tunnel</span></a> into the network and lauch a <a href="https://infosec.space/tags/DeauthingAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeauthingAttack</span></a> against any other device.</p><ul><li>This is easy to do even with low-power chips as basically <em>no consumer-grade equipment</em> implements countermeasures against <a href="https://infosec.space/tags/deauthers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deauthers</span></a> like <a href="https://infosec.space/tags/PMF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PMF</span></a> (<a href="https://infosec.space/tags/80211w" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>80211w</span></a>) at all...</li></ul><p>Cuz yes, I had to deal with this shite as part of security assessments for a past employer...</p><ul><li>I'd love to see someone doing <a href="https://infosec.space/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> on affected devices. Maybe they should contact <span class="h-card" translate="no"><a href="https://mastodon.social/@citizenlab" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>citizenlab</span></a></span> ?</li></ul><p>And even if they didn't flex <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>: <a href="https://infosec.space/@kkarhan/114393789879888272" rel="nofollow noopener noreferrer" target="_blank">Deauthers are cheap af!</a></p>