Hackers could take control of Philips ‘smart TVs’ and broadcast their own ‘shows’ to watching famlies, thanks to a ‘fixed’ password which allows nearby attackers easy access to the set’s Wi-Fi adapter.
A hacker within Wi-Fi range of any 2013 Philips Smart TV can replace the image on screen with video or images of his choosing (useful, for instance, for phishing attacks, by creating a bogus login screen), and can read files on USB devices attached to the set.
Researchers ReVuln demonstrated the attack in a video, showing how private data such as browser cookies for sites used by the set’s owner could be remotely accessed.
Ars Technica’s Dan Gooodin described the attack as leaving televisions “wide open” – and said that the attack occurred in seconds, without anything being visible to the user, even as the attacker plundered files from USB sticks and the TV’s browser.
“Once someone has connected to the Miracast-enabled Wi-Fi network, they can use publicly available software to download any personal files that may be contained on USB drives plugged in to the Philips Smart TV. More troubling, connected devices can steal the highly sensitive browser cookies that many websites rely on to authenticate users when they access their private accounts.”
The vulnerability (a video demonstration is shown here) cropped up in new firmware for Philips 2013 Smart TVs, which include a hard-coded password for the devices’ “Miracast” access point, which annot be changed by users. This means hackers within range have a ‘key’ to access affected sets.
Independent security researchers ReVuln say, “The recent firmware released by Philips for their 2013 models of SmartTV (6/7/8/9xxx) have the WiFi Miracast feature enabled by default with a fixed password and no PIN or request of permission for new WiFi connections. The impact is that anyone in the range of the TV WiFi adapter can easily connect to it and abuse of all the nice features offered by these SmartTV models.”
TP Vision, the vendor of Philips Smart TV range says, “We recognize the security issue as reported by ReVuln linked to Miracast on the high end 2013 Philips TVs. Our experts are looking into this and are working on a fix . In the meantime we recommend customers to switch off their Miracast function of the TV to avoid any vulnerability. ( Quick help: Press the HOME button – navigate to Set up – select Network Settings – Select Miracast – set to OFF).”
The company is currently working on a more permanent fix for the issue – but sets from other manufacturers may also be vulnerable. The ‘screen mirroring’ function used to gain access is certified by the Wi-Fi Alliance, and Miracast is merely Philips’ brand for a technology present in several brands of ‘smart’ TV.
Author Rob Waugh, We Live Security