Skip to content

Hacking update

25/01/2013

Well, thank you for asking if there were any developments and well, Yes, there sort of is more news on the hacking front.. ish. But it’s more a case of: No news is good news –

I have three DVB TV Adapters at the moment:L

  • Avermedia Volar HD Pro
  • Pico TV
  • Kworld 499-UT AKA The Backdoor Bandit

With the Avermedia or the Pico installed I can work and play like a happy chappie. (well as much as you can with Linux and DVB television) No spurious file additions or file attributes changed, no file last modified dates that preceded the file creation date Nothing, not a peep.

I can even run a windows box without incident, not the slightest hint of penetration -all of this as I’d expect for a “normal” PC user, on a dynamic ip address and behind 3 different firewalls with all machines inside the last firewall set to ignore pings.

Now.. whether in Windows or Linux, plug in the Kworld adapter, install the drivers and wait. Within a day or soI start to see “strange” activity. The windows box being the worst: Terminal services is reactivated, Windows Explorer replaced, Windows updates spontaneously restart again (when they were most definitely off) and off we go with dodgy file attributes and file accessing and modification in the early hours of the morning ( 2am-5am GMT).

I’ve not left it long enough because seemingly once whoever it is has access inside my firewall, they seem to be have free access everywhere and an ability to log on to any and all of my other PCs. Although Linux provides a much more comprehensive logging system it’s also much harder to spot another user using your computer, because it’s designed to be that way.

I’ve tested this on three different occasions now since I first discovered the adapter as the source. Every single time it’s the same. The only thing I’ve not been able to track down is what the TV adapter is broadcasting or where its broadcasting it to. None of the outgoing logs I’ve spotted look strange or odd,

But since my last “test” I’ve not had a single thing to suspect the hacker is still visiting.

Trying to convince anyone that this was real.. well that’s altogether been another matter. I get looks ranging from “you’re delusional”, to “you’re an idiot”. But I spent most of my spare time in 2012 scouring logs and file attributes, monitoring alternate streams, packet sniffing and undeleting files to know that this was most certainly real.

“Why” is the normal question and one I’ve asked myself many times over the last year. I’m not a bank, nor a file repository, nor a porn collector, or warez dealer, just a regular user.
“why would anyone go to all that trouble of hacking your computer just to watch tv” which was the next most common question. Well if you have a back-door to a system anywhere then it’s no effort at all to hack, and why just watch tv.. well sadly it wasn’t just TV but that was the most common thing. In part, because its’ a TV adapter..!duh! and well, there’s lot of people who wouldn’t mind free access to British tv. Lets also not forget that all governments listen to broadcasts by other countries. Here in the UK we have a whole massive government building that solely “listens” (GCHQ).

Of course, if you manufacture hardware and it has a back-door. (as a previous Kworld TV adapter had by the way!) . Imagine selling, I don’t know, say 10,000 units, that gives you a fairly good distributed network to make use of. whether it streams tv or just gives you a backdoor to transmit or receive data that’s a lot of potential computer nodes to get access to.

Not forgetting of course that things like hardware are often freely allowed to go out to through firewalls by default. Virtually all firewalls are permissive by default for outgoing traffic, so what a great way to bypass security firewalls and NAT routers.

It was just by chance that I found this hacking in the first place, I imagine that most users would never ever know, so they have some extra C++ runtime installed, would they notice it was a Chinese c++ runtime.. probably not. Would they also notice that the version of Windows Explorer wasn’t the most current? of course not, Would they even notice that their Tv Adapter didn’t let them watch that other channel when it was recording, yes they’d notice, but like most of us you’d put it down to a glitch or just an annoyance. I know that the times I tried to use the tv adapter and it responded with “all tuners are in use”. I just thought it had crashed, so would unplug the tv adapter and plug it back it in, that fixed the problem, so I thought nothing more of it.. But now… now I wonder if it really was “in use” by someone else.

All I can say now is that it doesn’t happen now. Linux only tells me that the adapters are busy when they genuinely are.

Of course trying to convince anyone that this is happening is quite another matter. The typical response is “why you?” and to that I’ve no answer. I have nothing at all of value, except a back-door onto my home network. “Why would anyone go to all that trouble just to watch TV?” which is the second question.

Well it’s not just to watch TV, my email was being read, at one point a web server was installed then removed and most annoyingly is the cloning and repartitioning of my hard drive. The more I think of it though, the more I wonder… if someone is skilled enough to put a back-door into their hardware or driver and you sell, i dunno even 1000 units, that’s a nice little distributed network right there. But maybe they were just using my computer because they could, because it had a back-door they could access.

This wouldn’t be the first time KWorld TV adapters had a back-door either. I found out that an earlier model was famous for it’s trojan back-door. person Although I seem to be either the only person who’s noticed this or the only person affected as I can’t find anything anywhere who has the same issue. All I can say with certainty it that when I plug it in I get a “visitor”, and for the last few months with this adapter tucked away in a drawer I see nothing strange at all.. and trust me, I have looked and looked.

Advertisements

From → Uncategorized

One Comment
  1. we really need to talk.

Comments are closed.

%d bloggers like this: