Clampdown on TV 'Dodgy Boxes'

Cheap smarthome and IOT devices are just as likely as Android bixes.

FWIW, I have both an Nvidia Shield and a Strong IPTV box. The Strong box is a cheap Chinese one from DID. They're on a separate VLAN and SSID to the rest of my network with client isolation and very strict firewall rules. I force all DNS through my own DNS server for logging and blocking and don't see anything suspicious indicating they're part of a botnet.

I don't allow anything Chinese on my regular home network but this device is isolated and controlled. I actually didn't realise Strong was Chinese when I did a bit of quick research before buying it. Their website is strong.eu, and looking at their website it really comes across that they are a native European company. A bit of deeper research shows they were bought out by a Chinese company a number of years ago. It seems that the strong.eu really try to deceive and make it look like they are European. For a cheap box it's fairly capable though still nowhere as good as the Shield.

Even iPhones. The User Agent string is one of the easiest things to spoof and it is done all the time. This botnet (and there may have been a number of them) seemed to be using these compromised devices as a web proxy so that they could each download a single webpage. When it comes to content, residential and mobile web proxies (compromised or willing) are used to steal content for AI. Most large websites have blocked Chinese and Singaporean datacentres (Tencent/Aliyun/Acevulle etc). What some of these AI operations are doing now is to use compromised devices on residential and mobile phone networks. Compromised low end Android devices may be part of those botnets.

A better approach. There is a list of the low end Android devices that are shipped in a compromised state posted on Github. It is linked from the Krebs on Security article. It is an amazing bit of research.

The Chinese companies tend to do a lot of acquisitions. That country/regional branding is very common with marketing and the .EU ccTLD is used primarily for that kind of website or for redirects to the company's relevant country level website. A cheap .EU domain name can serve all EU countries without having to buy the domain name in each EU country's ccTLD. It can be very difficult for European companies to compete with cheap Chinese hardware.

The main reason that Chinese equipment is so common is because of the cost. Much of it is reliable and does not give any problems. It is those low end Android devices that were shipped as compromised that are risky. With well known brands like Nvidia and Firestick, there is an expectation of quality.

Plus they aren't internet facing. They might be vulnerable but there likely is no path to get at them

Looks like Amazon Firesticks are finished as being the chosen "dodgy" box — well new ones anyway, according to this.

I can whole heatedly recommend the "Onn" devices that Walmart sell in the US, they're region locked, but if you are even half way Tec savvy you'll unlock them in 5 mins with a VPN and a laptop (needs to be a WiFi connection generated from the laptop with a VPN on, set to USA)

If they sound a bit daunting, go for the Thomson models available here, they're the same hardware, just repackaged and far more expensive.

I read the article and it says that Vega OS is Linux based.

So I'm sure someone has already found a way of side loading.

That's the great thing about Linux, it's so configurable if you know how.

I'd say there could be good business breaking them to sell to the dodgy box suppliers to then prep for the customer.

Because Joe Soap is not going to be able to break them.

I'm not sure guys, the select models have been out for a number of months now, and I'm not aware of any methods yet to get any IPTV apps on to them yet.

I'm not saying there's not a way.... Yet.....

Just that I'm not aware of any, I'm on record of saying eventually some dev should figure out a method, but I haven't seen one yet.

Why do you keep posting ai slop on various threads? Any thoughts of your own?

Must be a real power trip for the chosen few.

Wagging fingers at others for using dodgy boxes.

Deciding what can and cannot be posted.

Setting the quota for voting (2/3rds is not sufficient).

Keeping this dead topic alive with their wishful thinking - ' ok not today…but next week, wait til you see…next week'. A lot of 'next weeks' seems to have past.

Firestick thread maybe?

https://www.boards.ie/discussion/2058088307/firestick-general-discussion-thread#latest