Avast confirms the recent Vizio Smart TV snooping scandal
Security researchers at Avast have hacked a Vizio smart TV and gained access to the WiFi network the device connects to, all using a simple MitM (Man in the Middle) attack.
Just like many other security vendors had hacked IoT devices in the past, the Avast team wanted to have their go at this endeavor as well, and they decided to start with something they used every day, a Vizio smart TV they had in their offices.
Starting their investigation, they quickly saw that, every time the device booted, it contacted the same URL: tvinteractive.tv.
While the traffic was protected using HTTPS, researchers found out that, by using a local authoritive DNS and ARP spoofing, they were able to carry out a MitM attack. Since the TV did not validate the authenticity of the SSL certificate used for the communications channel, researchers were able to gain access to some of the data.
Unfortunately, they could not get their hands on the entire data, so they moved on to hacking the device itself so they could gain access to the cryptographic key found on the TV, used to encrypt the rest of the data sent to the server.
Physical access to the TV is needed for this attack to work
The researchers managed to achieve this by finding a user input field that was left unprotected. Because the TV’s software did not filter out content entered in this section, the researchers put Bash commands in this field, and the TV executed their instructions.
This allowed them to copy the TV’s entire filesystem to a USB drive, from where they extracted the cryptographic key and unencrypted the entire traffic.
Using the MitM server previously created, they were able not only to spoof traffic that came from the TV but also to send instructions to the TV set.
Since there was no other barrier between the TV and the other devices on the local WiFi network, the researchers would have been able to carry all kinds of attacks on the internal network using the TV as a launching pad for malware or other types of malicious scenarios.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.