Philips Smart TVs vulnerable to Screen Hijack and Cookie Theft

place Google AdSense code here

Previous articles on The Hacker News have highlighted that How Internet of Things (IoT) opens your home to cyber threats.

Recently the security researchers from vulnerability research firm ReVuln published a video demonstration shows that Philips Smart TV is prone to cyber attacks by hackers.

According to the researchers, some versions of Philips Smart TV with latest firmware update are wide open to hackers and also vulnerable to cookie theft.

The fault is in a feature called Miracast, that allows TVs to act as a WiFi access point with a hard-coded password ‘Miracast,’ and allows devices nearby within the range to connect the device for receiving the screen output.

“The main problem is that Miracast uses a fixed password, doesn't show a PIN number to insert and, moreover, doesn't ask permission to allow the incoming connection,” Luigi Auriemma, CEO and security researcher at ReVuln, told SCMagazine.

The vulnerability allows an attacker within the device’s WiFi range to access its various features. The potential attacker can:
Access the TV's configuration filesAccess files stored on USB devices attached to the TVReplace the image on screen with video or images of its choiceControl the TVs via an external remote control applicationSteal website authentication cookies from the TV's browser“So basically you just connect directly to the TV via WiFi, without restrictions. Miracas is enabled by default and the password cannot be changed.” Luigi said.
The Researchers tested the flaw on Philips 55PFL6008S TV, but believe that many 2013 models are also affected because of the same firmware installed.

However, such attacks are not possible to happen in the wild, but if your neighbor is enough smart and knows your WiFi password, then either you should change your password to stronger one or turn off the Miracast feature on your Philips Smart TV.

Philip says, "Our experts are looking into this and are working on a fix. In the meantime, we recommend customers to switch off their Miracast function of the TV to avoid any vulnerability."