Your Roku is Spying On You

iaresee

Administrator
Moderator
I was tipped off to Rokus behaving badly on home networks by a reddit thread here:

It made me paranoid enough to want to switch out some of my home networking components. I've long just used a higher end home WiFi router and relied on its in-build DNS, DHCP, firewall, etc. and figure that was enough.

Last weekend I grabbed a Raspberry Pi and built a Pi-Hole DNS server for my network. This little box sits on my network now and resolves DNS queries (the queries that turn hosts names like www.google.com into actual IP addresses like 192.168.1.1 which is what your hardware uses to talk to other computers on the larger connected network). It also serves up DHCP for my network now. My edge wifi router, a LinkSys WRT1900ACS is now doing gateway, access point and firewall duties only.

Well...the things you discover when you have broad visibility into your network!

Yes, I can 100% confirm the two Rokus I have in my house are attempting to log frequently to data collection end points that Roku runs. These collection attempts are now being blocked by my Pi-Hole box.

But the bigger surprise?

My f'ing router is sending a crap ton of telemetry data back to Belkin! Belkin you ask? Yup. Turns out Belkin bought LinkSys (or Cisco punted LinkSys to them) a while back and in a firmware upgrade to the router they began collecting my network information for...purposes they don't clarify.

Screen Shot 2018-08-31 at 11.06.53 AM.png

Well, the pi-hole box has shut those shenanigans down.

I can keep my Rokus. Which I think are excellent devices.

I'm in the process of spec'ing out a more component-based home network using Ubiquiti gear or something like it. I'm done with this crap.

I also want to segregate all my IoT devices (which I love, because home automation is the best) onto their own VLAN so if they get popped the damage is isolated.

Bonus: the pi-hole blocks ad traffic at the DNS level for the entire network. So everything on my network is now getting ads stopped. It's been great for cleaning up the kid's browers from ads and YouTube spam too. Highly recommend a Pi-Hole. The build is very simple and not too hard to slot into your network with only basic knowledge.

Know your enemy, folks. :)
 
Page loading is good? I’m off next week so I’ll check it out. I’ve been using open dns and alienvault for siem.
 
Web page loading. There was a rumor awhile back that some sites were making parts of the page dependent on certain ads loading in an an effort to thwart ad blockers. So basically the page would load slow and you would disable the ad blocker. They were also randomizing domains in an effort to thwart dns based blockers.
 
Everything is spying on you. That's where the high-dollar business models are, and everyone from Apple to Google to Samsung to the author of the latest throwaway app or game wants a piece of the pie. Good on you for catching it at the border.

Everything has a license agreement that you must agree to, and each has a privacy policy. Each privacy policy talks about "trusted partners" with whom they share your information "from time to time." And each of those "trusted partners" has their own "trusted partners" with whom they share information from time to time. And that second tier of "trusted partners" has their own "trusted partners," and so on, and so on... To a first approximation, everyone has legal access to your data, the microphone on your cell phone, and a whole lot more.

Please forgive the rant. It's a pet issue of mine.


DAW2Hp5UIAARRcE.jpg:large
 
Someday I'll just f**k all this crap out of the house. One needs to be a high level engineer just not to be tapped all the way down, crazy.

Thanks for the info.
 
Web page loading. There was a rumor awhile back that some sites were making parts of the page dependent on certain ads loading in an an effort to thwart ad blockers. So basically the page would load slow and you would disable the ad blocker. They were also randomizing domains in an effort to thwart dns based blockers.
This could possible be a problem with pi-hole restricting access to certain domains, yes. I haven't run into it yet. For example, nytimes.com -- which won't load if uBlock Origin is on for this domain -- loads just fine, with no ads, when on my pi-hole protected network.

Screen Shot 2018-08-31 at 1.24.12 PM.png
 
That works per-machine. And can't be applied to things like IoT devices where you don't have that level of access to the devices networking. Pi-Hole is network-wide. The Rokus can't avoid DNS lookups and they have to do lookups with the DHCP-supplied DNS end point. So Pi-Hole blocks much, much, much more than editing a hosts file on a single host.
 
Depend on you to tell me who the enemy is, and for the rest of whatever the hell it is you said in that post. Build a what with a what? Dammit Jim I'm a medical student, not a network security specialist!
What is awful here is that you shouldn't need to be a network specialist. Our trusted computing devices like routers and whatnot should be safe by default. That they are not is truly a tragedy.
 
What is awful here is that you shouldn't need to be a network specialist. Our trusted computing devices like routers and whatnot should be safe by default. That they are not is truly a tragedy.
There was a cable ruling like that called push polling .. or pulling.. , where you hade to unsubscribe to the channels you didn't want. It's a similar situation here, with channels through the network, and with safety as a concern, you want to start with all off.
 
Back
Top Bottom