Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Barnes & Nobles Nook secretly connects to the internet. SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Barnes & Nobles Nook secretly connects to the internet.
Hi,

I was routinely scanning my internal network when I noticed that one of my Nook ebook readers was wifi connected. As I don't use internet on these devices, wifi is always turned off. I double checked, and indeed wifi was turned off, but that specific device was charging. Further investigation brought to light that the device will turn on wifi when external power is supplied, regardless of the wifi configuration setting. It will NOT show the wifi symbol in the status bar on the top of the screen, so the user will not be aware. The device will check the time with a NTP server, and will contact serveral other IP adresses, mostly over https.

As I don't like devices secretly communicating when told not to, I tried to google some information about this, but there seems no mention of this behavior.

Is this generally known? Or should I try to make a trace of the communication of this device?

Regards,
Karel.
Karel

1 Posts
I would definitely check the traffic. I read about some malware a few months back that used various low power devices (routers, DVRs, phones, etc) to mine bitcoins. I believe one actually only activated when plugged in and on wifi as a means of stealth. This might be similar. thirstycamel

1 Posts
That's pretty sneaky lol.. gotta love these devices acting without approval. Dwilber

2 Posts

Sign Up for Free or Log In to start participating in the conversation!