New Bug Lets Nosy Neighbors Hijack Your TV

Credit: Koninklijke Philips N.V.

(Image credit: Koninklijke Philips N.V.)

Say what you will about the picture quality on cathode-ray-tube TVs, but at least you never had to worry about hackers compromising them. A security firm has determined that some Wi-Fi-enabled Philips Smart TVs sold in Europe may be vulnerable to trivially simple exploits, which could give a hacker access to everything from your remote control to your email account.

ReVuln, a Malta-based security company, released a video that shows users how easy it may be to compromise European Philips Smart TVs, which use a protocol called Miracast to connect to a user's Wi-Fi network and stream online content from computers and mobile devices. (North American Philips Smart TVs use a similar function called WirelessConnect that works only with PCs and Macs.)

MORE: Best TVs 2014

By default, ReVuln said in its blog posting, Philips Smart TVs in Europe come with Miracast enabled. When new devices attempt to connect to Miracast, the feature apparently requires no PIN (unless the user specifically programs one) and has a fixed password ("Miracast"). From there, causing trouble seems to be simple.

Inquiries seeking comment from Philips North America were not immediately replied to.

Using a program that mirrors the functionality of a Philips remote control, ReVuln researchers were able to take full control of a TV. Using this method, a malefactor could change channels, stream his or her own content, control the TV set's volume or even steal files from a USB drive attached to the TV. Imagine hosting a fancy dinner party, perhaps using your TV to display fine art, when your neighbor decides to Rickroll you — or worse.

Perhaps the most troubling part of the Miracast hack is the fact that a hacker could use it to steal login information for sites such as Facebook or Gmail. Like most smart TVs, Philips Smart TVs have a built-in Internet browser, which stores login information via cookies, the same way any computer browser does. If someone got his or her hands on these, hacking into your email or social media would not present a problem.

While it's not impossible for such a hack to happen in the wild, it’s not that likely, either. Only a close neighbor who knew your Wi-Fi password could access your Wi-Fi network to begin with, which might make it difficult for a hacker to remain anonymous. Furthermore, programming a PIN for Miracast would probably stop an attacker. PINs are relatively easy to brute-force open, but the time required is often not worth the effort.

Given the media attention growing around this vulnerability, the manufacturer may soon issue a software patch. In the meantime, don't be shocked if your neighbor tries to pull a few pranks on your Philips TV.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

  • 2Be_or_Not2Be
    I remember a friend had a watch with an IR blaster. It was fun to change the channels/volume on TVs in big box stores or even restaurants. Nothing too offensive then.However, can you imagine what pranksters could do if they had full control over what was displayed on a TV at BestBuy? That could lead to some serious problems with the images!
  • hoofhearted
    Someone needs to make an Android app to simultaneously stream p0rn to all the TVs at BestBuy with this.
  • Tempestwolf
    And then you could find out what neighbor did it and beat their ass :)
  • contentsmayvary
    "Say what you will about the picture quality on cathode-ray-tube TVs, but at least you never had to worry about hackers compromising them."Oh yeah?
  • canadianvice
    It is safe cause Windows is not safe anyways otherwise we wouldn't have Tuesday Patch every week. Just have a good Antivirus and Firewall and don't use IE and XP is good to go.
    False. An AV can only really work within the bounds of the operating system. Many won't even support XP any longer, and the fact is you can't build a stable building on a cracked foundation.Do you not understand how incredibly stupid it is to say Windows is not safe anyway and therefore you should not upgrade? The difference is a boat flooding and taking more holes, while other MS operating systems are programmed to be more secure at a base level - and unlike XP, they're still being patched.Seriously, I know this is ranting, but why do people say something so appallingly ill-thought out? Simple, they don't know what they're talking about. XP is far less secure than newer versions of Windows, and it isn't getting patched to boot. You put two and two together.