Vive calls home to servers in China - Why?

[h1z1]

Your system information

• Steam client version (build number or date): Dec 15 2017

• Distribution: CentOS

• Opted into Steam client beta?: No

• Have you checked for system updates?: Yes

• Graphics driver version (run nvidia-settings): 387.34 Tue Nov 21 03:09:00 PST 2017

• Gist for SteamVR System Information: NA

• Opted into Steam client beta?: No

• Opted into SteamVR beta?: Yes

• Have you checked for system updates?: Yes

Please describe your issue in as much detail as possible:

I noticed the Vive software and/or Valve calling home to some servers in China. As I'm not in China nor prompted for any access requests, that seemed rather odd. Apparently I'm not the only one to notice either as a bit of searching returns page like this

HTC Checkin

Overview:
HTC Checkin is the service responsible for “checking in” to HTC.  Recovery/Boot/Kernel Logs, Apps Updated/Crashed and mobile data amounts are sent off automatically.  The service also checks for Over-The-Air Updates.

How it works:
App responsible:
/system/app/CheckinProvider.apk

Data is written to:
/data/data/com.android.providers.htcCheckin/databases/htcCheckin.db

Data is sent to:
Values in /system/build.prop.

# For FOTA setting (leave empty value to use default)
ro.htc.checkin.url = http://andchin.htc.com/android/checkin
ro.htc.checkin.crashurl = http://andchin.htc.com/android/crash
ro.htc.checkin.url_CN = http://andchin.htccomm.com.cn/android/checkin
ro.htc.checkin.crashurl_CN = http://andchin.htccomm.com.cn/android/crash
ro.htc.checkin.exmsg.url = http://fotamsg.htc.com/android/extra/
ro.htc.checkin.exmsg.url_CN = http://fotamsg.htccomm.com.cn/android/extra/
ro.htc.appupdate.url = http://apu-chin.htc.com/check-in/rws/and-app/update
ro.htc.appupdate.url_CN = http://apu-chin.htccomm.com.cn/check-in/rws/and-app/update
ro.htc.appupdate.exmsg.url = http://apu-msg.htc.com/extra-msg/rws/and-app/msg
ro.htc.appupdate.exmsg.url_CN = http://apu-msg.htccomm.com.cn/extra-msg/rws/and-app/msg

One of the hosts observed was ro.htc.appupdate.url

197.170.104.152.in-addr.arpa domain name pointer static-ip-197-170-104-152.anlai.com.

inetnum:        152.104.128.0 - 152.104.255.255
netname:        DYXNET-CN
descr:          DYXNET of Shenzhen Communication Co., Ltd.
descr:          11/F,Jingan Centre,No.8 East Road,North 3rd Ring Road,
descr:          Chaoyang District,Beijing,China
admin-c:        ML2404-AP
tech-c:         ML2404-AP
country:        CN

Given the climate we continue to live in this really is not acceptable. It's interesting HTC takes a hard stance against any offline install which would preclude the vive from airgapped networks like those in any company with a sane security policy preventing R&D machines from external access.

So why is this necessary when Steam could and should be used? Why is there no disclosure about this on either install or purchase? Note those URLs are over http and completely interceptable.

This isn't the first time the lack of proper security policies has been pointed out to Valve.

[Plagman]

Can you give more details on what you're seeing? The link you posted seems unrelated as it concerns an Android service. At what stage of running SteamVR does the connection happen?

[h1z1]

@Plagman - Happens on startup of Steam before the login even appears. I'm assuming when Steam detects a Vive it begins to enable it.

The specific host was to ro.htc.appupdate.url above - http://apu-chin.htc.com and I agree, it should have nothing to do with that as I'm not using an Android nor do I have any other HTC device.

Steam itself runs in a VM and on an isolated vlan. Traffic was captured from the host.

[h1z1]

bump? [Feb 14 2018] [Apr 08 2018]

.. or would you prefer CVE's be generated before Valve takes security seriously?

[h1z1]

https://www.bleepingcomputer.com/news/security/valve-patches-security-bug-that-existed-in-steam-client-for-the-past-ten-years/

Soooo is Valve going to ever respond to people actually reporting such bugs on Github or do you need them all to be public CVE's before you start caring? Asking for the Internet.

The root cause of this vulnerability is a buffer overflow in one of Steam's many internal libraries —and more specifically in Steam's code that dealt with fragmented UDP datagram reassembly.

[VR-DM]

Did that update have any impact on the original issue? If not, are you in the US?

[ryao]

How did you install an Android service on CentOS? Also, why did you install it?

[h1z1]

@ryao Don't know who that was directed at. I didn't install anything android on CentOS. I'm guessing it's using the same infrastructure as their (HTC) mobile devices.

[ryao]

CheckinProvider.apk Is an Android package.

[h1z1]

Indeed, the refereced page and quote were simply documenting where I found the vive software was attempting a connect to:

One of the hosts observed was ro.htc.appupdate.url

Host is now out of Taiwan. Absolutely no mention of HTC.

apu-chin.htc.com has address 60.199.250.32
$ whois 60.199.250.32
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '60.198.0.0 - 60.199.255.255'

% Abuse contact for '60.198.0.0 - 60.199.255.255' is 'hostmaster@twnic.net.tw'

inetnum:        60.198.0.0 - 60.199.255.255
netname:        TFN-NET
descr:          Taiwan Fixed Network CO.,LTD.
descr:          7FI., No. 498, Ruei-Guang Rd., Nei-Hu
descr:          Taipei Taiwan 114
country:        TW
admin-c:        pNA3-AP
tech-c:         pNA3-AP
status:         ALLOCATED PORTABLE
mnt-by:         MAINT-TW-TWNIC
mnt-irt:        IRT-TWNIC-AP
mnt-lower:      MAINT-TW-TWNIC
last-modified:  2015-12-01T22:33:17Z
source:         APNIC

irt:            IRT-TWNIC-AP
address:        Taipei, Taiwan, 100
e-mail:         hostmaster@twnic.net.tw
abuse-mailbox:  hostmaster@twnic.net.tw
admin-c:        TWA2-AP
tech-c:         TWA2-AP
auth:           # Filtered
remarks:        Please note that TWNIC is not an ISP and is not empowered
remarks:        to investigate complaints of network abuse.
mnt-by:         MAINT-TW-TWNIC
last-modified:  2015-10-08T07:58:24Z
source:         APNIC

role:           profond Network Administrator
address:        8F., No.172-1, Sec.2, Ji-Lung Rd,
address:        Taipei, Taiwan, 106, R.O.C
country:        TW
phone:          +886-2-6639-0859
fax-no:         +886-2-6639-0859
e-mail:         ethanchen@taiwanmobile.com
admin-c:        EC648-AP
tech-c:         EC648-AP
nic-hdl:        pNA3-AP
remarks:        The role object should be used when making
remarks:        changes to admin-c or tech-c handle.
notify:         hostmaster@twnic.net.tw
mnt-by:         MAINT-TW-TWNIC
last-modified:  2015-04-22T00:50:45Z
source:         APNIC

% This query was served by the APNIC Whois Service version 1.88.15-46 (WHOIS-US4)