Philips 2013 High-end Smart TV is exposed to security vulnerabilities

[Abstract] Unsecured wireless access plus jointspace service vulnerabilities allow external programs to remotely control the TV. Philips 2013 High-end Smart TV is exposed to security vulnerabilities Smart TV plays an important role in many consumers ' living rooms, and security is also important as a smart device. According to reports, Philips Smart TV New version of the firmware currently has an unsecured Miracast wireless network vulnerability, allowing potential attackers to control the TV and unauthorized operation through remote signals. Researchers from the Malta agency said after a recent video analysis of Revulu, an attacker could launch an attack via Philips Smart TV after connecting to an unsecured wireless network. These potential attacks include accessing TV profiles, accessing files via USB storage devices, connecting to TV, broadcast video, audio and television images, and even using external TV remote-control applications to steal user authentication from the TV cookies. By opening an unsecured network via Miracast, users can be hacked into images that are projected onto a TV screen through a desktop, tablet, cell phone, or other device. Revulu, a researcher in the security agency, said in a Friday mail that the weakest firmware system of Philips Smart TV could become an attack target after being connected to a wireless network through a specific direct-xy and identifier. "So basically the user can connect the TV directly to the wireless network without any restrictions," the researchers said. "The Miracast feature is enabled by default and cannot be changed, and we have tried all possible methods to reset it in accordance with the recommendations in the Philips TV manual, but the TV still allows anyone to connect." "Usually smart TVs don't take any extra security measures, such as generating unique keys for each wireless client, manual authorization before you want to connect to the TV," he said. This problem does not exist in all Philips Smart TVs, only the latest version of the firmware found this vulnerability. Some of the stores running the old version of the firmware of the TV to test, and did not find the vulnerability mentioned. The researchers tested Philips's 55-inch 55pfl6008s Smart TV, but perhaps some 2013-year models also had such problems because they used the same firmware. For example, 47pfl6158, 55pfl8008 and 84pfl9708, although the size is different, but the firmware version is the same. Unsecured Wireless access plus jointspace service vulnerabilities allow external programs to remotely control the TV, even allowing attackers to directly extract TV profiles, files in USB devices, or cookies and Gmail messages that exist in the TV browser. "For example, the Opera browser cookie will usually protect all Web site information and TV applicationsThere is a fixed folder in which these applications have a fixed path and name, so they are easily downloaded remotely. "The researchers said. These cookies allow or the journalist to get the user's network account data. The chances of success depend on the additional security that the user accesses to each site. According to a jointspace message from a Berlin Schobert information security consultancy, which was publicly disclosed last September, they think the loophole may not exist only in the latest version of the Philips TV firmware, as Revulu company claims. But even if the vulnerability is patched up, it's still hard to get a sense of security by miracast access to wireless networks, such as attackers who can still control video and audio content via external applications or remotely controlled televisions. "We are aware of the security implications of the Revulu in the 2013 high-end series of televisions," said Eva Heller, head of global Communications, a joint venture between Philips and Miracast technology, in an e-mail. "Our experts are investigating this and are actively repairing it," he said. "What consumers need to do is to turn off the Wi-Fi miracast feature on the TV by default, in addition to waiting to fix the bug." The step is to press the navigation button in the remote control to the Setup interface, then select Network Settings, find Wi-Fi miracast and close it.