Update Your Sony Smart TV Now: Here's Why

If you have a Sony Bravia smart TV, you're probably familiar with its Photo Sharing Plus functionality. This innocuous app lets you share photos from your phone or computer directly to your television so that you can delight (hopefully) your friends and family without having to hunch over a tiny screen.

Unfortunately, Photo Sharing Plus is also a way for an inventive cybercriminal to potentially compromise your entire TV — unless you apply a patch ASAP.

Credit: Sony

(Image credit: Sony)

Fortinet, an enterprise security firm in Sunnyvale, California, did some research on Sony Bravia TVs earlier this year and found three alarming flaws. The first allowed an attacker to crash the app; the second allowed an attacker to browse every file on the TV. The third, however, was the most threatening, as it let an attacker execute remote code with root privileges — in other words, to completely take over your smart TV and possibly draft it into a botnet or force it to mine cryptocurrency.

How to fix this

Luckily, the fix for these flaws is extremely simple, and most of it should happen automatically. Sony put out a security advisory in late July and August for owners of Bravia R5C, WD75, WD65, XE70, XF70, WE75, WE6 and WF6 models, informing them that there's already a patch available. Bravia TVs receive software updates by default, so all you should have to do is turn on your TV and make sure it's connected to the internet. The rest should take care of itself.

MORE: Best Smart TVs

You can also check for software updates in the TV's menu, although exact instructions for how to do this depend on your model. There are links to this effect on Sony's advisory page. If both of those methods fail, Sony also provides firmware fixes in .ZIP files, which you can apply via USB thumb drives. Check the advisory for further instructions.

(Sony claims these updates will happen automatically, while Fortinet claims they require user authorization to be installed. Whatever the case, just be aware that you may have to click "OK" or "I agree" at some point during the process.)

The flaws

The bugs themselves are interesting, although they require quite a bit of effort to leverage. The first, CVE-2018-16595, allows a user to overflow Photo Sharing Plus's stack buffer with an extremely long URL. This will cause the whole app to crash. Annoying, but not catastrophic.

The second bug, CVE-2018-16594, lets an attacker name a file in a certain way, then upload said file to the TV through the app. This lets the attacker browse every file stored on the television. This could threaten your privacy, particularly if (for whatever reason) you store sensitive information on your TV, but the most compromising thing an attacker could find is your Wi-Fi network information — which would not be especially helpful, since he or she would have to be on your network already in order to launch the attack.

CVE-2018-16593 is the serious vulnerability among the three. By misnaming an uploaded media file, an attacker can gain root privileges over the TV, then run whatever kind of remote code he or she wants. The easiest way to compromise a TV in this manner would be to draft it into a botnet, although you could theoretically mine cryptocurrency on a TV. (TVs have fairly robust GPUs, although the processing power and storage pale in comparison to even a half-decent computer.)

With root access to the TV, you could also theoretically compromise other network devices, like a router or a computer. But again, you have to be logged into a network before attacking the TV anyway, and at that point, there are easier ways to steal personal information. There's also no indication that these attacks have ever been present out in the wild.

In other words: Apply the patch, and don't sweat it too much. Your Sony Bravia TV may just show you the same reruns of How I Met Your Mother over and over, but that's probably its worst crime.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in TVs
Sony A95K QD-OLED TV in front of windows in a living room
This new TV breakthrough looks like a game-changer for OLED TVs
Sony UBP-X700 on stand in living room
Forget streaming — I think Sony's new 4K Blu-ray player is coming at just the right time
woman shopping for TV with retail worker giving advice
I've been testing TVs for a decade — 5 things to avoid when shopping for a cheap TV
All-new Roku TV unveiled at CES 2023
Roku is facing a huge backlash over auto-playing ads that pop up before the home screen
Apple TV hand gestures
Say goodbye to your TV remote — how interactive gestures and AI could reshape the way we watch
LG G4 OLED in living room
This is the one setting on your HDR TV most people don't know about — here's how to tweak it
Latest in News
Nintendo Switch 2 promo image
Nintendo Switch 2 just tipped for three major upgrades — here's what we know
A still from "John Wick" spinoff "Ballerina" featuring Ana de Armas in a club
'John Wick' spinoff 'Ballerina' just got a new trailer — and I can't wait for it to hit theaters
Great Celebrity Bake Off 2025
How to watch ‘The Great Celebrity Bake Off' 2025 online – episode 1 streaming now
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
huawei pura x
This might be the most unique foldable phone design — and it's not from Samsung
Large group of protesters in Turkey following Instanbul mayor's arrest
Turkey sees huge VPN usage spike amid reports of social media crackdown