iStock_000036603448Small1

Internet of Fails: Serious Vulnerability Found in Philips Smart TVs

Apr 02, 2014 By Sharon Solomon

Just a couple of decades ago, the Internet of Things (IoT) idea was restricted to sci-fi movies and novels. But the internet revolution has changed everything. Millions of new home appliances are going online on a daily basis, enabling hackers to spread malware, create botnets and harvest sensitive information worldwide.

 

 

As we had previously reported, Internet of Things (IoT) Cyberattacks have become a common sight in today’s cyberspace. Refrigerators, microwaves and basically all home appliances that have the ability to connect to the internet are prone to attack.

 

The latest security breach has been found in Phillips Smart TVs by security firm ReVulm. The Dutch company’s latest firmware update has unveiled glaring vulnerabilities that enable hackers to steal cookies and perform a wide range of malicious activities.

 

Philips is an established player in the Smart TV market, with a wide range of screens for the consumer market. The Dutch company recently released a firmware update for its 2013 line of models (6/7/8/9xxx). While most updates bring in welcome improvements and patches, this firmware has created a serious loophole in Miracast, the TV’s WiFi adapter.

 

The following security issues have been caused due to the aforementioned update:

 

  • Automatic enabling of unrestricted WiFi access.
    Users can’t set up personal passwords and anyone can in range can use the built-in WiFi service.
  • Stealing of files from plugged in USB devices.
    Hackers can easily access and download data from connected mass storage devices.
  • Gaining full system access using DirectFB software.
    The televisions internal settings can be fully accessed and manipulated.
  • Full browser cookie visibility.
    The user’s complete browsing history can be harvested by accessing the cookies.

 

These are not the only problems created by the new update. The TV’s WiFi access point Miracast is enabled by default and protected with a hard-coded password “Miracast”. Once compromised and linked remotely to the infiltrators computer, the hacker can transmit unwanted videos, audio files and images to the TV screen.

 

Philips has acknowledged the problem and is working on a security patch. The company also recommends disabling the Miracast feature till the issue is solved. But eventually the vulnerabilities can only be eliminated by using safe coding practices. This ultimately is achieved by creating a safe Software Development Life-Cycle (SDLC).

 

Source Code Analysis (SCA), a solution belonging to the SAST methodology, is an effective solution. SCA is unique as it scans Source Code and locates loopholes early in the development process. This helps in cutting production times and costs. This solution can be integrated into the SDLC and enables the automation of the testing process.

 

Source –  Having Fun via WiFi with Philips Smart TV

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.