Philips SmartTV susceptible to serious hack according ReVuln experts

9:30 ET, 2 April 2014

Researchers at ReVuln firm demonstrated how to exploit the last firmware update for Philips SmartTV to steal user’s cookies and other sensitive data.

The excellent team of researchers at ReVuln firm has published another interesting analysis on the possibility to hack Philips SmartTV to steal user’s cookies.

The news is disconcerting and raise serious concerns for user’s privacy, the team of experts succeeded to steal user’s cookies despite the Philips SmartTV is running the latest firmware version, the attacker just need to be within radio range.

The attack was conducted against Philips SmartTV which implements the Miracast standard, a peer-to-peer wireless screencasting standard formed via Wi-Fi Direct connections, similar to the Bluetooth protocol.

Devices that enable Miracast can exchange audio and video to or from a PC and any kind of mobile devices.

As explained by Luigi Auriemma, a researcher at ReVuln (@revuln), the attack to the Philips SmartTV is possible exploiting a recent firmware update that allows anyone within range to connect to the TV simply providing the password “Miracast” that has been hard-coded in the Philips devices.

“The main problem is just Miracast that uses a fixed password, doesn’t show a PIN number to insert and moroever doesn’t ask permission to allow the incoming connection. So basically you just connect directly to the TV via WiFi without restrictions. Miracast is enabled by default and the password cannot be changed. We tried all the possible ways to reset the TV included those methods suggested on the Philips manual (everything is in the first 40 seconds of the video) but the TV just allows anyone to connect. ” said Auriemma.

The security flaw in Philips SmartTV was introduced with the last firm firmware version (ver.QF2EU-0.173.46.0) released in December 2013 running on 55PFL6008S models, according Auriemma other 2013 Philips SmartTV models could be at risk because they use the same firmware.

“Personally we tested only the 55pfl6008s model but that firmware is the same used for all those 2013 models.Just to give you an example 47pfl6158, 55pfl8008 and 84pfl9708 use all the same firmware even if they have different sizes and series.” added Luigi Auriemma.

p1

The hack is very insidious, he took a few seconds to carry out and it is impossible for the victims to detect it.

Attackers, connecting to a Miracast-enabled Wi-Fi network, are able to browse and download any files that may be contained on USB drives plugged into the Philips SmartTV. The researchers at ReVuln also demonstrated that is possible to steal browser cookies that contain sensitive information and are used in some cases by many web services for authentication purpose.

Researchers at ReVuln published a video to show how an attacker can easily steal from the Philips SmartTV the authentication cookies for an existing Gmail account and also user’s data from a USB drive connected to the device.

It’s not the first time that security experts warn electronic manufacturers on the possible abuse of technologies within their products, in July 2013 the researcher Malik Mesellem demonstrated that SmartTV hacking is a real menace attacking Samsung models forcing their reboot with a HTTP GET request.

The same experts at ReVuln  posted more than one year ago a video to demonstrate how it was possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV.

In November 2013 a British blogger revealed that his LG SmartTV was collecting and sending details about the owners’ viewing habits, even if the users have activated a privacy setting.

All these cases remark to the security community to seriously consider the risks related to the lack of security in Internet of things paradigm, a multitude of devices, from thermostats to smart meters, could be attacked by cyber criminals. Internet of Things, a business growing at a compound annual rate of 7,9%, is considerable a privileged target for hackers and cyber criminals, it’s time to think of security by design … the hard-coding of password for sure is the antithesis of this concept.

Back to the case of Philips SmartTV it must be also considered that the firmware is also affected by a directory traversal vulnerability that could give to the attackers the access to the user’files, the bad news is that the flaw was unfixed since at least six months.

I pretend much more from a giant like Philips.

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo

 

 

 

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW