Researchers demo how Philips smart TVs do not have smart security

Share this article:
Experts demonstrated how recent Philips smart TVs are vulnerable to numerous attacks.
Experts demonstrated how recent Philips smart TVs are vulnerable to numerous attacks.

There is nothing smart about the security of recent Philips smart TVs.

Malta-based security research and solutions company ReVuln released a video on Thursday that shows exactly what an attacker can do to a 2013, internet-connected Philips Smart TV running the latest firmware.

Some of these, such as controlling the TV from another device and transmitting video and audio to the TV, are meant to be features for owners. Others are not meant to be features at all, such as accessing system and configuration files, accessing files on attached USB devices, and stealing browser cookies.

The issue exists mostly because of Miracast, a Bluetooth-like feature that recent Philips smart TVs use to establish a Wi-Fi connection to user devices without the need of involving a wireless router.

“The main problem is that Miracast uses a fixed password, doesn't show a PIN number to insert and, moreover, doesn't ask permission to allow the incoming connection,” Luigi Auriemma, CEO and security researcher at ReVuln, told SCMagazine.com in a Friday email correspondence. “So basically you just connect directly to the TV via Wi-Fi, without restrictions. Miracast is enabled by default and the password cannot be changed.”

Some of the nastier attacks are able to be carried out due to a vulnerability in JointSpace, which allows external programs to control a Philips TV, Auriemma said. The flaw, discovered in September and still unpatched, allows an attacker to access files if on the same network as the TV.

Any device with a Wi-Fi adapter can be used – including PCs, tablets and smart phones – and almost all the attacks can be executed through a web browser, Auriemma said, adding that the ReVuln team was unsuccessful after trying nearly every possible way to prevent an outside user from connecting.

Turning off Miracast from the network menu should be done as soon as possible to prevent other people from connecting, Auriemma said, adding that Philips should update their TVs to ask permissions for Wi-Fi connections, as well as provide a PIN to be inserted by individuals that are connecting.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.