Seems the FLIC HUB is easily infected with malware.
dead.beat.native last edited by
Late Saturday night I could not get any of my FLIC buttons to work. I power cycled the HUB. They started working again. Sunday morning I noticed my FLIC buttons would not work again. Power cycled the hub again, they still would not work. Opened the FLIC app to check it out. The HUB would not respond on bluetooth. Power cycled it again, still no response. So I reset the HUB and had to reconfigure it. The FLIC buttons worked again. On Monday morning my internet connection was extremely slow, and my FLIC buttons would not work. At this point I didn't care about the FLIC HUB's problem I needed to solve the internet problem first.
Went out to my network rack/cabinet. I am looking at my Netgear switch and there is one port that the traffic LED was solid yellow. It seems according to Netgear this means that port has reached its maximum rate of 100 Mbps. It never slowed down or paused for over 30 minutes. So I follow the cable back to the wiring rack and see the label 'FLIC HUB.' I unplugged it from the switch and my internet connection went back to normal. Hmmmm?
Plugged it back in and with in a couple minutes the port activity LED stop flickering yellow and went back to solid yellow. FLIC buttons did not work. Hub would not respond to the app.
I turned on the logging feature in my router. It was immediately flooded with DHCP, and UPnP, requests. From what I could tell before the router firmware crashed it the hub was sending roughly 6-8 requests a second. The router was sending an acknowledgement.
So after I got done resurrecting my router from the crash I left the hub unplugged and started the logging again. Breifly plugged in the Hub for a few seconds. In the sixteen seconds it was plugged in it made 183 DHCP requests, and 41 UPnP requests for 10 different inbound ports.
Why does the FLIC HUB want 10 different ports forwarded? YEA, it's infected with something.
I solved the problem....with a hammer. Swept up the remnants in a dust pan and disposed of it.
I installed the FLIC app on an old Android tablet, plugged it into a charger, and put it where the HUB used to sit. FLIC buttons work just fine. That certainly was a waste of $220.
Everything runs from a read-only system, so i doubt malware has gone into it. Probably just some bug in the widely used Linux OS we run on it if anything.
I would be glad if you could share Wireshark logs or something of the packets you are seeing.