Question Are Wi-Fi Photo Frames a Security Risk?

[Caveman]

Chinese company (YunQiDeer) makes a photo frame I bought for my mom... It's wi-fi and we can down load an app to our phones and send her photos. I really don't care if someone could see/download the photos via some sort of hack, but I do wonder if the frame creates a perfect doorway for hacking bank records, etc. across the network it's connected to with other PCs and/or phones. Am I being paranoid not giving the gift to her? The last thing I want is for her to be dealing with identity theft, etc... Thoughts?

 

[akugami]

Not familiar with that digital photo frame.

While it's unlikely they can be used to that degree of intrusion that you described, anything is possible. IoT devices are not known for robust security. The more likely scenario is it gets compromised and used in some sort of DDOS attack.

This is why there is a growing interest, at least among power users, to segment your local network.

 

[mxnerd]

OP is always paranoid. You can't stop him from worrying computers/electronic devices being hacked.

You never worry car accidents all day long after you bought a car, right?

Just stop buying anything that's connected to the internet or something that will emit signals.

 

[VirtualLarry]

OP is always paranoid. You can't stop him from worrying computers/electronic devices being hacked.

That may be true, but he's not wrong. I fought for a long time buying cheaper (unlocked) Android phone, they were from various Chinese vendors, even some semi-well-known in USA brandings, they were ALL BACKDOORED.

 

[VirtualLarry]

I Bought some cheap no-name USB to ethernet adapters, and they appeared to have modified firmware running the USB controller that scanned for and collected LANMAN / NTLMv2 hashes off of one's network to send to China servers on the internet connection for offline cracking, to use for future spying events. CHINA'S hacking infosec architecture is relentless.

 

[mxnerd]

That may be true, but he's not wrong. I fought for a long time buying cheaper (unlocked) Android phone, they were from various Chinese vendors, even some semi-well-known in USA brandings, they were ALL BACKDOORED.

I know. But he shouldn't' buy that cheap stuff in the first place. Even a used Amazon tablet is way better and he can install trusted Amazon photo APPs

If he is really worried, sell the picture frame and buy a new/used/refurb Amazon tablet.

 

[mxnerd]

I Bought some cheap no-name USB to ethernet adapters, and they appeared to have modified firmware running the USB controller that scanned for and collected LANMAN / NTLMv2 hashes off of one's network to send to China servers on the internet connection for offline cracking, to use for future spying events. CHINA'S hacking infosec architecture is relentless.

Don' know about that. The only possibility that I can think of is when you run the driver installation utility, either manually or automatically and the driver comes with virus (intentionally or unintentionally ). I bought one (ethernet+3 usb ports combo) a few years back and it always malfunctioned and sometime will presented as a small USB drive with Realtek driver on it (with that blue crab icon of course), reinstall the driver multiple times did not fix the problem and I finally throw it away.

Later I bought the 1Gbe USB ethernet adapter from TP-Link with ASIX chip and never have any issue.

==

I think there is no way those Chinese companies/sellers build a custom chip just for hacking purpose, that will be too costly for no name vendors.

Small/no name OEM brand companies or personal sellers just don't have the resources to do things right.