CALL TODAY! +1 212 222 7061
  • Home
  • Contact Us
  • Blog
  • 24×7 Cyber 911 Response
Report incident
  • IR & Forensics
    • Digital Forensics Services
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Proactive Security
    • Proactive Cyber Defense Services
    • Managed Threat Hunting & Response
    • Remote Cybersecurity Suite
    • The Daily T.R.U.T.H.
    • Remote Worker Cyber Resilience
    • Post Ransomware Threat Hunting Services
    • Cyber Threat Hunting
    • Penetration Testing
    • Secure Code Review
    • Phishing Attack Simulation
    • Managed Detection and Response
    • Ransomware Protection Package
    • Business Email Compromise
  • Advisory
    • Cybersecurity Advisory Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience & Response
    • Compliance Advisory
    • Cloud Security Advisory
    • Project Management as a Service (PMaaS)
    • Tabletop Exercises
    • Cyber Resiliency Training
  • SecurityScorecard
    • Request a Demo
    • Security Data
    • Security Ratings
    • Market Place
    • Security Assessments
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
  • Company
    • About LIFARS
    • About SecurityScorecard
    • Notable Cases and Evidence Contribution
    • Meet the Team
    • Clients Advisory Board
    • LISIRT – Computer Security IR Team
    • Cyber Alliances
    • Insurance Panels
    • Cyber Events & Webinars
    • Cyber Press Room
    • Career in CyberSecurity
    • Cyber Security Training Videos
    • LIFARS SMS Alerts
    • Hackbits Podcast

Smart-TV Bug Allows Rogue Broadcasts

06/4/19
attacker could gain remote access by chaining together an exploit for home routers with the TV flaw

An attacker could gain remote access by chaining together an exploit for home routers with the TV flaw.

Smart-TV hijacking is not unheard of; in January, hackers took advantage of vulnerable Chromecast and Google Home devices to display messages on consumer TVs promoting well-known YouTube star PewDiePie.

An unpatched vulnerability in smart TVs would allow attackers on the same Wi-Fi network to hijack the TV set to broadcast their own content – including, potentially, fake emergency broadcast messages.

Discovered by security researcher Dhiraj Mishra, the flaw (CVE-2019-12477) is found in the SUPRA Smart Cloud TV brand, which is popular in Russia and Eastern Europe. The TVs are mainly sold via ecommerce sites, in Russia, China and the United Arab Emirates, according to an online search.

he issue lies in the `openLiveURL()` function, which the TV uses to fetch streaming content. However, it lacks authentication requirements or session management, according to Mishra. So, an attacker can trigger the vulnerability by send a specially crafted request to a static URL, which allows the adversary to inject a remote file.

A proof-of-concept video shows the attack:

“I found this vulnerability initially by source-code review and then by crawling the application, and reading every request helped me to trigger this vulnerability,” Mishra said in his writeup on Monday. “Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri=URI.”

The requirement for the attackers to have access to the home Wi-Fi network obviously mitigates the threat to a certain extent. However, the growing tide of internet of things bugs in routers can give attackers remote access to that network. For instance, two models of TP-Link’s budget routers, models TP-Link WR940N and TL-WR941ND, were recently found to be vulnerable to flaws that allow attackers to take control of both.

Consumer Reports in 2018 meanwhile identified two smart TV models from Samsung and TCL that included bugs that allowed an attacker to take control of targeted TVs. A hacker who exploited these vulnerability would be able to take control of the TV and change the channel, turn up the volume and play offensive YouTube videos from anywhere on the planet, the report stated.

Sources:https://threatpost.com/smart-tv-bug-rogue-broadcasts/145275/

Related Posts

Share this:

  • Tweet
  • Pocket
  • WhatsApp
  • Email
  • Telegram
  • Share on Tumblr

subscribe for cybersecurity newsletter

LIFARS Cyber Security Training

  • Digital Forensics
    • Computer Forensics Services
    • LISIRT – LIFARS Computer Security Incident Response Team
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Cybersecurity
    • Proactive Cyber Security
    • Managed Cybersecurity Threat Hunting & Response Service
    • Post Ransomware Threat Hunting Services
    • The Daily TRUTH
    • Remote Worker Cyber Resilience
    • Penetration Testing
    • Secure Code Review
    • Cyber Threat Hunting
    • Phishing Attack Simulation
  • Security Advisory
    • Cybersecurity Advisory and Consulting Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience Subscription
    • Compliance Advisory
    • Cloud Security Advisory Services
    • Tabletop Exercises
    • Cyber Resiliency Training
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
    • Cyber Events
    • Webinars
    • QuBit Conference
  • Company
    • About Us
    • LIFARS Leadership
    • Alliances
    • Clients Advisory Board
    • Join US!
    • Video Gallery
    • Blog
    • Newsletter
    • Press Room
  • Contact Us
    contact@lifars.com
    (212) 222-7061
    LIFARS, LLC
    244 Fifth Avenue
    Suite 2035
    New York, NY 10001

© 2023 LIFARS, a SecurityScorecard company

  • Privacy Policy
  • Cookie Policy