New Bug Lets Nosy Neighbors Hijack Your TV
Credit: Koninklijke Philips N.V.
Say what you will about the picture quality on cathode-ray-tube TVs, but at least you never had to worry about hackers compromising them. A security firm has determined that some Wi-Fi-enabled Philips Smart TVs sold in Europe may be vulnerable to trivially simple exploits, which could give a hacker access to everything from your remote control to your email account.
ReVuln, a Malta-based security company, released a video that shows users how easy it may be to compromise European Philips Smart TVs, which use a protocol called Miracast to connect to a user's Wi-Fi network and stream online content from computers and mobile devices. (North American Philips Smart TVs use a similar function called WirelessConnect that works only with PCs and Macs.)
MORE: Best TVs 2014
By default, ReVuln said in its blog posting, Philips Smart TVs in Europe come with Miracast enabled. When new devices attempt to connect to Miracast, the feature apparently requires no PIN (unless the user specifically programs one) and has a fixed password ("Miracast"). From there, causing trouble seems to be simple.
Inquiries seeking comment from Philips North America were not immediately replied to.
Using a program that mirrors the functionality of a Philips remote control, ReVuln researchers were able to take full control of a TV. Using this method, a malefactor could change channels, stream his or her own content, control the TV set's volume or even steal files from a USB drive attached to the TV. Imagine hosting a fancy dinner party, perhaps using your TV to display fine art, when your neighbor decides to Rickroll you — or worse.
Perhaps the most troubling part of the Miracast hack is the fact that a hacker could use it to steal login information for sites such as Facebook or Gmail. Like most smart TVs, Philips Smart TVs have a built-in Internet browser, which stores login information via cookies, the same way any computer browser does. If someone got his or her hands on these, hacking into your email or social media would not present a problem.
While it's not impossible for such a hack to happen in the wild, it’s not that likely, either. Only a close neighbor who knew your Wi-Fi password could access your Wi-Fi network to begin with, which might make it difficult for a hacker to remain anonymous. Furthermore, programming a PIN for Miracast would probably stop an attacker. PINs are relatively easy to brute-force open, but the time required is often not worth the effort.
Given the media attention growing around this vulnerability, the manufacturer may soon issue a software patch. In the meantime, don't be shocked if your neighbor tries to pull a few pranks on your Philips TV.