1. Home
  2. UK Do-It-Yourself Forum
  3. [OT] Iomega HMNHD Spyware?

[OT] Iomega HMNHD Spyware?

Pulled the power on my Iomega Home Media Network Hard Drive last night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from " snipped-for-privacy@myremotenas.com" telling me that the NAS "was shut down improperly".

Looking at that email header the NAS has sent some information (perhaps only the email) to some place in the internet that has then relayed it back to me. WTF! If it's doing that what else is it doing, without me knowing?

About to dive into the config but I bet you can't tell it what mail server to use. I like things to email me when they have a problem but there is no need to let some unknown 3rd party know as well. Grrr...

Reply to
Dave Liquorice
Loading thread data ...

Quite common with appliance-type computers. I think all the security camera recorders do this. Its not necessarily with any evil intention, but the security design in these appliances is often non-existant, and accidentally provides a backdoor past your firewall from which both the appliance and other items on your network can be accessed remotely.

Reply to
Andrew Gabriel

Also I was querying why our office which uses bt as its email provider hasLive mail set up to pump all the email into Microsofts servers, then back out again. Are BT now using Microsoft servers? Brian

Reply to
Brian Gaff

Some NAS boxes have the option of using an "internal" email system for replaying messages - it saves the user needing to setup details of an SMTP server and knowing the credentials etc. These do indeed send out to a preconfigured email server for relaying.

Reply to
John Rumm

Why would *sending* an email open up any incoming holes?

My security cameras don't do that, they actually have the server settings for my isp set up to send emails. They have to log in before they can send.

Reply to
dennis

I suspect Andrew's comments were not specifically email related, and more internet appliance related in general.

For example lots of security cameras have server capabilities that allow (theoretically just) their owner to login remotely and see what is going on. Needless to say this encourages people to create a port forward through their firewall to facilitate this. Alas many have a reputation for allowing all manner of exploits to be vectored via them from their trusted position inside the perimeter defence of most people's networks.

Reply to
John Rumm

NSA/GCHQ ... B-)

*Retail* BT used to use Yahhoo! but switched a while back to a provider also based in the US. Not bothered to look at who owns them...
Reply to
Dave Liquorice

I've calmed down a bit now. Dug into the config and set the thing to use my server.

Bloody sheeple, shouldn't be allowed things they can't configure properly. They only need the information that every other device/app needs to send/recieve mail, in fact for this it only needs the send info.

Of course the sheeple don't have a local mail server, they rely on their ISP, Gmail or WHY.

Reply to
Dave Liquorice

Although I don't consider myself as 'sheeple', I too don't have a local mailserver so rely on N4F to email SMART alerts via my ISP's mail server.

I don't have any illusions over these reports being read by GCHQ/NSA but it's only when a genuine alert pops up that they're likely to tie the information into an online purchase (serial or model numbers) and eventually identify me as the source of many SMART test mailings (in quadruplicate every time I restart the NAS box about once every 3 or 4 months as a consequence of a firmware update).

TBH, I'm not bothered by this aspect of the NAS 'leaking information' to a potential MITM exploit. There are many other ways that the security organisations can tap into your on-line presence no matter how minimalistic you try to be in providing 'personal information' in any on-line transactions.

Reply to
Johny B Good

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.