All Sections

Philips Miracast bug leaves smart TVs open to hacking

IT security experts claim Philips has introduced a security flaw into its 2013 smart TVs that can let hackers take control.

Luigi Auriemma of Maltese-based IT security firm ReVuln found a flaw in the latest software update which opens up the Philips TVs via the MiraCast feature for sending content from other devices via WiFi.

According to Auriemma, Philips has hard-coded the password “Miracast” into its TVs’ firmware, with no PIN number check or warning to alert the TV’s owner of a connection. 

Having fun via WiFi with Philips SmartTV from ReVuln on Vimeo.

“The impact is that anyone in the range of the TV Wi-Fi adapter can easily connect to it and abuse of all the nice features offered by these Smart TV models,” Auriemma said.

Miracast allows TVs to become WiFi access points that can accept direct connections without being logged into your home network.

The back-door could allow a hacker to steal files from any USB drive connected to the device, access the TV’s configuration files, and simply control the TV.

Philips Miracast bug leaves smart TVs open to hacking
Philips TVs: smart but not secure

It also allows them to transmit video to the display and steal cookies from the TV’s web browser, including passwords and user names for services like webmail and cloud storage.

Surprisingly, the flaw was introduced in the most recent version of the Philips SmartTV firmware, QF2EU-0.173.46.0, installed on all 2013 models since it was released in December. 

At present, there is no way for users of the TVs to change the hard-coded password, and Auriemma warns that Philips has yet to correct another Miracast-related exploit which was discovered earlier in 2013.

Philips isn’t the only smart home tech manufacturer to leave their customers open to hacking, with researchers at Proofpoint logging thousands of compromised devices, while ReVuln has also found back-doors in Samsung’s smart TVs.

Comments