Philips Good TVs have safety and privateness flaws • Graham Cluley


A researcher has found that Philips’ so-called good TVs endure from various severe safety flaws that would enable hackers not solely to steal data from hooked up USB sticks and play porn films, but additionally to steal authentication cookies that enable hackers to play video video games. They’ve entry to the viewers’ on-line accounts.

as Ars Technica In accordance with the report, the intense safety challenge was uncovered by Luigi Auriemma of the Revulon Safety Analysis Group.

In accordance with Auriemma, a current firmware replace for Philips Good TVs enabled a characteristic known as “Miracast” that turns the TV right into a Wi-Fi entry level for the aim of exhibiting video content material to close by computer systems and smartphones.

Sadly, the authentication password for gadgets beaming over their video content material to Philips Good TVs is hardcoded and no PIN is required to authorize new Wi-Fi connections.

Signal Up For Our E-newsletter
Security information, recommendation and ideas.

What’s a password, you surprise? Effectively, right here it’s…

Miracast

breath.

A number of the penalties of this security screw will not be so dire. For instance, it is simple to think about how somebody may deliberately broadcast pornographic or in any other case embarrassing video to a Philips Good TV, with out the proprietor’s permission. Or they could intrude with the TV’s controls – for instance altering channels or quantity ranges – with out the TV’s viewers realizing what was occurring.

All clowns have to be inside Wi-Fi vary of the tv.

However different assaults are extra severe, resembling the power to silently extract knowledge on a USB stick hooked up to a TV.

Auriemma made a video exhibiting how flawed Good TV firmware will be exploited:

The impact of that is that anybody inside the vary of a TV WiFi adapter can simply hook up with it and abuse all the nice options provided by these SmartTV fashions resembling:
– Accessing system and configuration recordsdata positioned on the TV
– Accessing recordsdata positioned on hooked up USB gadgets
– Broadcasting video, audio and pictures to TV
– controlling the TV
– Stealing browser cookies to entry web sites utilized by the person
– very a lot
bizarre ah?

as Ars Technica Of word, the vulnerability was launched in a firmware replace launched by Philips in December final yr, and that there is no such thing as a manner for customers to vary the hard-coded password required by close by gadgets to entry the Miracast community. .

Auriemma believes that every one 2013 fashions of Philips Good TVs are in danger as a result of they use the identical flawed firmware.

This revelation of lax safety from Philips highlights one among my main issues concerning the “Web of Issues.”

Producers of gadgets that hook up with the Web should perceive that safety ought to be on the prime of their design guidelines. Producing such instruments with out due consideration to safety can backfire when customers uncover that private data is being leaked, or is placing their on-line lives in danger.

In fact, this is not the primary time we have seen so-called good TVs posing privateness and safety issues.

Final yr it was revealed that LG was spying on the viewing habits of good TV homeowners, and eliciting details about recordsdata saved on hooked up USB gadgets.

Updates:

The Wi-Fi Alliance has issued a press release concerning a reported vulnerability in some Philips good TVs:

“The Wi-Fi Alliance takes safety very severely. All of our specs and certifications embody the necessities to help the most recent technology of safety protections. Within the case of Miracast™, the underlying specification requires a device-generated passphrase , consisting of characters randomly chosen from higher case letters, decrease case letters, and numbers.

“A current report of a non-compliant passphrase implementation seems to be restricted to a single vendor implementation. We implement the necessities of our certification applications and are in touch with the corporate to make sure that any system with the Miracast mark meets our necessities. fulfills.

Discovered this text fascinating? Comply with Graham Cluley on Twitter To learn extra of the unique content material we submit.


Graham Cluley is a veteran of the anti-virus business, having labored for a number of safety corporations for the reason that early Nineteen Nineties, when he wrote the primary model of Dr. Solomon’s Anti-Virus Toolkit for Home windows. Now a contract safety analyst, he seems often within the media and is a global public speaker on the subject of laptop safety, hackers and on-line privateness. comply with him on twitter @gcluleyOr drop him an e-mail.





Supply hyperlink