What's new

IOT Mystery - Help Needed

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

krash867

New Around Here
I am a longtime Merlin user and have lurked the board for what seems like ages. I've never had to post before because like every tech savvy guru, I know that my problems are not unique. Someone... at least one person has had the same issue as I, and most likely there are multiple solutions available. This is not a unique situation either. About six months ago I purchased my first smart home devices, two Philips Wiz Light Bulbs. Not counting the original Google Home purchased on launch day, and two outdoor Nest cams.

I recently started trying to monitor and be aware of what all the devices in the house have been doing. This month I was surprised to see the amount of data that these light bulbs have been transmitting/uploading. I am not sure exactly what they are sending, I am hoping for some help as to how to figure that out. For now though I leave you with the screenshots of the Traffic Analyzer tab for each bulb.

I would like any pointers or help with trying to figure out exactly what these bulbs are doing. I am sure that they are not really browsing CNN or watching TikTok. Highly unlikely.

What are some methods to capture the traffic from the bulbs and analyze it?
I did notice that each bulb only connects to one IP address and there are no dns queries in my logs. (logging may not have been implemented at the time the bulbs were being wonky)

I can only assume that they are infected with some sort of malware or are being used in a bot network.

Thank you all in advance.
 

Attachments

  • wiz1.png
    wiz1.png
    537.9 KB · Views: 152
  • wiz2.png
    wiz2.png
    309.6 KB · Views: 153
Welcome to the forums @krash867.

You are assuming correctly about how they are being used. However, the 'infection' is most likely directly from the manufacturer.

You paid to have them do this to you.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top