New Bug Lets Nosy Neighbors Hijack Your TV

Credit: Koninklijke Philips N.V.Credit: Koninklijke Philips N.V.

Say what you will about the picture quality on cathode-ray-tube TVs, but at least you never had to worry about hackers compromising them. A security firm has determined that some Wi-Fi-enabled Philips Smart TVs sold in Europe may be vulnerable to trivially simple exploits, which could give a hacker access to everything from your remote control to your email account.

ReVuln, a Malta-based security company, released a video that shows users how easy it may be to compromise European Philips Smart TVs, which use a protocol called Miracast to connect to a user's Wi-Fi network and stream online content from computers and mobile devices. (North American Philips Smart TVs use a similar function called WirelessConnect that works only with PCs and Macs.)

MORE: Best TVs 2014

By default, ReVuln said in its blog posting, Philips Smart TVs in Europe come with Miracast enabled. When new devices attempt to connect to Miracast, the feature apparently requires no PIN (unless the user specifically programs one) and has a fixed password ("Miracast"). From there, causing trouble seems to be simple.

Inquiries seeking comment from Philips North America were not immediately replied to.

Using a program that mirrors the functionality of a Philips remote control, ReVuln researchers were able to take full control of a TV. Using this method, a malefactor could change channels, stream his or her own content, control the TV set's volume or even steal files from a USB drive attached to the TV. Imagine hosting a fancy dinner party, perhaps using your TV to display fine art, when your neighbor decides to Rickroll you — or worse.

Philips Smart TV Hack

Perhaps the most troubling part of the Miracast hack is the fact that a hacker could use it to steal login information for sites such as Facebook or Gmail. Like most smart TVs, Philips Smart TVs have a built-in Internet browser, which stores login information via cookies, the same way any computer browser does. If someone got his or her hands on these, hacking into your email or social media would not present a problem.

While it's not impossible for such a hack to happen in the wild, it’s not that likely, either. Only a close neighbor who knew your Wi-Fi password could access your Wi-Fi network to begin with, which might make it difficult for a hacker to remain anonymous. Furthermore, programming a PIN for Miracast would probably stop an attacker. PINs are relatively easy to brute-force open, but the time required is often not worth the effort.

Given the media attention growing around this vulnerability, the manufacturer may soon issue a software patch. In the meantime, don't be shocked if your neighbor tries to pull a few pranks on your Philips TV.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
  • I remember a friend had a watch with an IR blaster. It was fun to change the channels/volume on TVs in big box stores or even restaurants. Nothing too offensive then.However, can you imagine what pranksters could do if they had full control over what was displayed on a TV at BestBuy? That could lead to some serious problems with the images!
  • Someone needs to make an Android app to simultaneously stream p0rn to all the TVs at BestBuy with this.
  • And then you could find out what neighbor did it and beat their ass :)