Just a couple of decades ago, the Internet of Things (IoT) idea was restricted to sci-fi movies and novels. But the internet revolution has changed everything. Millions of new home appliances are going online on a daily basis, enabling hackers to spread malware, create botnets and harvest sensitive information worldwide.
As we had previously reported, Internet of Things (IoT) Cyberattacks have become a common sight in today’s cyberspace. Refrigerators, microwaves and basically all home appliances that have the ability to connect to the internet are prone to attack.
The latest security breach has been found in Phillips Smart TVs by security firm ReVulm. The Dutch company’s latest firmware update has unveiled glaring vulnerabilities that enable hackers to steal cookies and perform a wide range of malicious activities.
Philips is an established player in the Smart TV market, with a wide range of screens for the consumer market. The Dutch company recently released a firmware update for its 2013 line of models (6/7/8/9xxx). While most updates bring in welcome improvements and patches, this firmware has created a serious loophole in Miracast, the TV’s WiFi adapter.
The following security issues have been caused due to the aforementioned update:
- Automatic enabling of unrestricted WiFi access.
Users can’t set up personal passwords and anyone can in range can use the built-in WiFi service.
- Stealing of files from plugged in USB devices.
Hackers can easily access and download data from connected mass storage devices.
- Gaining full system access using DirectFB software.
The televisions internal settings can be fully accessed and manipulated.
- Full browser cookie visibility.
The user’s complete browsing history can be harvested by accessing the cookies.
These are not the only problems created by the new update. The TV’s WiFi access point Miracast is enabled by default and protected with a hard-coded password “Miracast”. Once compromised and linked remotely to the infiltrators computer, the hacker can transmit unwanted videos, audio files and images to the TV screen.
Philips has acknowledged the problem and is working on a security patch. The company also recommends disabling the Miracast feature till the issue is solved. But eventually the vulnerabilities can only be eliminated by using safe coding practices. This ultimately is achieved by creating a safe Software Development Life-Cycle (SDLC).
Source Code Analysis (SCA), a solution belonging to the SAST methodology, is an effective solution. SCA is unique as it scans Source Code and locates loopholes early in the development process. This helps in cutting production times and costs. This solution can be integrated into the SDLC and enables the automation of the testing process.