Stop (or at least reduce) Nanoleaf Spying

I bought a Nanoleaf 4D light strip for my television. As installed, it works just fine. However, if you are a good sysadmin, and you block it like you block all of your IoT devices from accessing the network, you will run into a problem. The firmware cannot cope with not being able to access the internet, and will enter a (a very bright and annoying) reboot loop every 30 seconds or so. I had a ticket open with Nanoleaf. And they were about as helpful as you would expect. They have no clue what it is collecting or why, and don’t seem concerned in the slightest that the device will fail obnoxiously if there is no internet connection, even for people who aren’t properly blocking it. They shipped a new controller as a solution. The new controller will not fix things, but it allows them to close the ticket and get rid of me.

I traced the DNS queries it makes, and (so far) I only see it going to “health.nanoleaf.me” and “daemon.nanoleaf.me”. And when i monitor traffic to and from the device (filtering out the Homekit chatter), it seems to make frequent connections over https to daemon.nanoleaf.me, which is an alias for daemon-prod-node16.riibknhptt.us-east-1.elasticbeanstalk.com, which has address 52.6.7.184, which reverse lookups to ec2-52-6-7-184.compute-1.amazonaws.com.

I don’t know how often that chain will change, but I am going to block daemon.nanoleaf.me with a bogus DNS record, and see if that triggers the reboot loop. So far it hasn’t, but I have to wait for the DNS TTL to expire. I will update this once it is no longer connecting, and whether it triggers the reboot loop.

So far, the list of locations it queries (names in italic are ones I have blocked that so far have not triggered the reboot loop):

  • health.nanoleaf.me
  • daemon.nanoleaf.me
  • my.nanoleaf.me
  • controlv2.nanoleaf.me
  • wifi-test.nanoleaf.me
  • firmware.nanoleaf.me
  • firmware.nanoleaf.cn
  • 0.openwrt.pool.ntp.org
  • 1.openwrt.pool.ntp.org
  • 2.openwrt.pool.ntp.org
  • 3.openwrt.pool.ntp.org

1 thought on “Stop (or at least reduce) Nanoleaf Spying”

Leave a Comment