Cheap electronics - is there a catch?

Ena123

I may be paranoid, or just learning lessons from mistakes of others. Not needing repeating them myself. 
What concerns me: there is a flood of cheaper 'brands' of electronics on the market, whether it is e-bay, Amazon, and others (not even bothered going on Temu and alikes). 
I have been looking for a compact camera, for example. There are plenty cheaper ones. If we leave out the potential low quality and misleading claims about specifics, how concerned should I be buying and using these devices? I have in mind a case where cheap usb stick or cable was spiked with a chip that read data it shouldn't, literally sending user's data to somebody who had no business with them. 
These cheap cameras come with a card reader, or sd card... how widespread is it nowadays? I mean from those 'brands' that look like randomly picked letters of alphabet, produced in Asia. 
The price is attractive, reviews are often very positive... but those folks will usually never know if their data were syphoned to somebody they wouldn't want to share it with. 
Or are the PC security packages like defender by the MS capable of detecting these risky gadgets? 

born_again

Well for any data to be shared it needs a connection to either mobile network, WiFi & internet.

Simply make sure any you chose does not have such connections. Or choose one of the well known brands.

Any that come with SD cards or USB sticks. Simply format them before use which will remove anything on them.

Mark_d

You're talking about some dodgy program, running on a chip inside an SD card reader, harvesting your data and sending it to someone else?

Personally I think this is highly unlikely.  There are a number of lines of protections you might have which could prevent the data collection and the data transmission.

Do you know that Google and Adobe harvest data from users of this website?  Facebook is known to harvest data on site you visit, just by being open in another tab in your web browser.
All in all I would go with trusted brands over a cheap gadget from Amazon however this would be mainly due to concern over the item's quality rather than specific concerns over data security

Ena123

born_again said:

Well for any data to be shared it needs a connection to either mobile network, WiFi & internet.

Simply make sure any you chose does not have such connections. Or choose one of the well known brands.

Any that come with SD cards or USB sticks. Simply format them before use which will remove anything on them.

Connection, yes, transferring photos to my PC that is connected to the network. 
For formatting them you need to connect them to the PC first, and whether connected to the network or not, they still can infect the PC. Can you format a USB cable? 

DullGreyGuy

Ena123 said:

born_again said:

Well for any data to be shared it needs a connection to either mobile network, WiFi & internet.

Simply make sure any you chose does not have such connections. Or choose one of the well known brands.

Any that come with SD cards or USB sticks. Simply format them before use which will remove anything on them.

Connection, yes, transferring photos to my PC that is connected to the network. 
For formatting them you need to connect them to the PC first, and whether connected to the network or not, they still can infect the PC. Can you format a USB cable? 

Think we are getting a bit into tin foil hat territory. 

As has already been said, assuming you run the standard basic windows/apple security and don't give authorisation for random things to install then a cable isn't going to do anything. It doesn't have any communication capabilities itself beyond the two things it's connected to. 

Your "risk" comes from having something that is wifi connected and therefore is free to communicate with the outside world on its own after you set it up. Normally you'd want this so you can see who's at your Ring/Nest/AVDFS doorbell whilst your in the bath to see if its worth getting out for etc. Clearly in those circumstances the device could be sending either other things to other people or indeed just the video it's capturing to anyone. 

To be honest, I'd be vastly more concerned about the safety of the battery/charger in these things and their fire risks than if a Chinese governmental agent is seeing what time the postie comes to my door each day. 

Ena123

I don't know, just an hour ago I watched a 3 minute video of Louis Rossman on youtube, he repairs laptops and stuff, very informative, how a store bought vibrator attempted to download a malware when connected to the PC to charge via usb. Malwarebyte stopped it, not sure whether every security software has this capability. That item was store bought in the west, not some dodgy gadgets from Aliexpress. 
There are malwares that are bloated with zeros and general security packages don't scan full 600MB content of such stuff, just sampling it and if finding nothing suspicious, they let it pass. The malware code is hidden among zeros and often passes the security check. Those cameras I mentioned earlier come with 32GB sd cards. 

Ena123

Mark_d said:

You're talking about some dodgy program, running on a chip inside an SD card reader, harvesting your data and sending it to someone else?

Personally I think this is highly unlikely.  There are a number of lines of protections you might have which could prevent the data collection and the data transmission.

Do you know that Google and Adobe harvest data from users of this website?  Facebook is known to harvest data on site you visit, just by being open in another tab in your web browser.
All in all I would go with trusted brands over a cheap gadget from Amazon however this would be mainly due to concern over the item's quality rather than specific concerns over data security

Almost missed your comment above. 
Not only concerned with data harvesting (yes, I am aware we are the products on the websites, data cows, but those data harvests are anonymised and mostly harmless). I am generally concerned with the cyber security as the crooks are getting smarter and inventing new ways how to cause us harm and bring income to themselves. Simply infecting my pc and then getting their hands on my real data is my concern. Although not sure whether the black market doesn't already have it from so many data breaches out there. But why ignorantly helping them with more? 
Read my other comment - what is trusted? A store bought gadget had a malware in it. Lenovo has been caught selling devices with pre-installed phishing malware, killing https, while trying to discourage potential customers from buying used and refurbished devices that they may contain malware. 

Vectis

Ena123 said:

...how a store bought vibrator attempted to download a malware when connected to the PC...

Am I reading that right?

People are, apparently, connecting their vibrators to a PC?

I'm going to have that image in my head for the rest of the morning now.