This Monday researchers from the Malta-based security firm ReVuln revealed they had discovered a series of vulnerable exploits and unpatched holes in the newest firmware version for dozens of different Phillips Smart TVs.
By going after part of the TV’s architecture known as “Miracast” (sort of an impromptu Wi-Fi relay for any smartphones or tablets that want to broadcast content to the television), anyone within range of the signal is able to force their way in through the hardwired default password, named after the same technology being exploited in the first place.
After the link is made, it’s a simple matter of sifting through whatever files the hacker may want to take for themselves, and a quick copy paste job is all they need to own the data for good.
Not only that, anyone with ill-gotten access can also hijack authentication cookies for popular email services like Gmail, exporting the hash from the internal SD card on the TV to any device that wants to crack into someone’s account without raising any red flags on the server side of the equation.
On top of the security flaw, hackers can also take total control of the TV and the content it’s broadcasting for a bit of cheeky fun, if they so prefer. The crack gives them the ability to change channels, mute the volume, switch between applications, and even stream video directly from a device that may be considered, *ahem*, less than appropriate, for any kids who might be in the room at the time.
Phillips has yet to comment on ReVuln’s findings, however the researchers tasked to the proof-of-concept project are confident a fix shouldn’t be a very difficult sell for the security team of the television manufacturer’s smart TV division.