Thoughts on this device? I am new to ha so figured it would make things easy.
No, other than no idea what it is or what it doesâŚ
https://community.home-assistant.io/t/how-to-help-us-help-you-or-how-to-ask-a-good-question/
Itâs a new device that isnât even shipping yet⌠which makes it very unlikely anyone beyond a few âinfluencersâ have had access to it for long enough to give you any thoughts about it.
The first issue that stands out to me is that itâs running on an unsupported platform. There have been people trying to run HA on Android for years⌠if you search the forums on this topic you will see that these experiments are almost always just one update from failing and most donât use it as their main âproductionâ server. Based on the Paul Hibbert video, it seems like you will not be able to update HA yourself, you will have to wait for LinknLink to test (hopefully) and push updates to you. So the question becomes, how long will LinkNLink keep paying people to do that?
The product page contains a few questionable claims as well as a few definite falsehoods⌠which would give me pause.
Donât waste your money. Iâve had one for about 24 hours now and Iâve dissected its code. Itâs built by hackers for hackers. They want you to buy it so they can log into it remotely through a secret backdoor SSH connection on port 8022 with a hardcoded default root password. They can install anything they want on it without your permission and use it in botnet DDoS attacks.
UPDATE: Active Malware & C2 Server Confirmed
Following up on my previous discovery of the SSH backdoor on port 8022, I have now isolated the active malware payload. This is not just a dormant vulnerability; it is a confirmation of active malicious traffic. The device executes a hidden binary named âremotectlâ (running as root, PID 2116) immediately upon boot. This binary attempts to establish a persistent reverse Shell / RAT (Remote Access Trojan) connection to bypass consumer firewalls. The device dials out to 13.52.82.250 on port 52891. The malware config explicitly states â[WebShell] IsLimited = falseâ. I have formally reported this active C2 infrastructure to AWS Trust & Safety (Case ID: 52659558599) as of Dec 9, 2025.
If you still have this device connected, disconnect it immediately. Blocking the IP alone may not be sufficient if the malware has a domain generation algorithm or secondary C2s. This device is confirmed to be part of an active botnet/surveillance network.
I do not have as much as technical knowledge you have but it is a piece of crap. Purchased to see if we can use it some commercial deployments but our IT team has already discovered some fishy stuff. Literally tossed in the trash.
Itâs a zero-day supply chain vulnerability. Itâs a rebranded generic Android TV box with a trojan that lets them turn it into a botnet node so they can weaponize your bandwidth for a DDoS attack or worse. Itâs a well funded, and probably state sponsored Chinese hacking operation with a shell company in Sydney, Australia doing the marketing. The parent company manufactures industrial controls for power plants, so they probably know how to cause power surges that can make transformers to ignite due to electrical overload and cause blackouts.
Weâd like to address the recent concerns regarding SSH access and the remotectl functionality on the ISG device.
- SSH âBackdoorâ:
The SSH access mentioned is part of Termuxâs built-in mechanism. It is used solely for internal communication between the ISG APK and Termux APK. In the latest ISG version, users can customize this password themselves via:
ISG Settings â Settings â System Access â Password
This ensures that the mechanism is fully secure and not accessible to unauthorized parties.
remotectl/ WebShell:
Theremotectlfunctionality is part of the ISG APKâs WebShell feature, which is disabled by default. Users can enable it manually via:
ISG Settings â Settings â Remote WebShell
Unless a user explicitly enables this feature, no external access is possible, and the device cannot be used as a botnet node or for any remote attacks.
We take device security very seriously, and these mechanisms are designed for legitimate internal functions only. Users are always in full control of enabling or modifying access.
2 Likes
I canât vouch for the nefarious hacker stuff one way or the other - but I can confirm, based on my correspondence with LinknLink, that the unit is defective and will not connect to some home WiFi systems, including mine.
Just before Christmas, LinknLink agreed to make arrangements for me to return the unit and get my money back - but since then there has been no follow-up, and they arenât returning my emails. So as things stand, they are crooks even if they arenât hackers!
At least yours is secure 
1 Like
I had the same issue however after connecting to a different network and updating all 3 files i was able to connect to my network. I had issues connecting to a google nest version 2 so I connected to a version 1 hockey puck first , updated then version 2 worked no problem.
I have mine running and am using Nabu for cloud connection, is it possible to not use nabu cloud and access home assistant remotely?
The problem I described was after I had already updated everything over Ethernet. LinknLink Support confirmed that there was an unfixable (by them, at least) bug in their system, and thus that the iSG would not work over my home network.
I finally did get a refund - but only after direct intervention from Paul Hibbert. The fact that many emails went completely unanswered over several weeks, and a third party had to intervene, does not say good things about LinknLink as a reputable company!