Cyber criminals have found another technique to wreak havoc on online users by remotely controlling some Philips smart TV models that researchers say contain firmware which opens the Miracast wireless network to vulnerabilities.
The vulnerability was first spotted in September of 2013 but apparently Philips ignored the red flags and failed to work on some fixes so the latest firmware of its smart TVs has been consequently infected.
According to security analysts from ReVuln, which first discovered the loophole in Philips smart TVs, attackers worked their way around accessing the wireless network of the affected TV sets. Then they can perform various malicious activities such as viewing and possibly exploiting the configuration settings, contents stored within a removable drive connected to the TV, inserting video and audio files to the TV and swipe authentication cookies of millions of websites stored in the TV’s browser.
In particular, the Opera browser’s cookies contained in the TV is easily exposed to attackers for the taking because it is stored in a single file that has been created with only one path and name. A no-brainer for criminals.
What makes the Philips smart TV vulnerable is the lax security infrastructure embedded in the device, which lacks the mechanism for a unique password creation each time a new client sends a request to connect to the wireless network. Basically, there is no way the administrator can confirm the request and an outsider can automatically connect to it.
Early this month, security researchers also detected a compromise in routers used at home and in offices. The bug was built to change configurations of more than 300,000 routers, including such brands as D-Link, Micronet, and TP-Link.
The affected Philips smart TV models were manufactured in 2014 but also some that were produced last year are believed to be possessing this vulnerability to such kinds of attacks.
What exactly are the risks? Well, malicious parties can access your online accounts such as email, credit card numbers and other valuable assets in the cyberspace, especially if the security measures of each website have not been bolstered yet. So it really depends on a certain website how far the impact on you as a user this risk can do.
But a mere fix alone is not enough to address the insecurity in the Miracast wireless network. The network will still be susceptible to other forms of attacks such as the unauthorized transmission of video and audio to the TV from remote servers or via a third party application.
Leave a Reply