Hackers can exploit vulnerabilities in your Philips or Thompson TV set-top box and convert it into zombie botnet
Hackers can abuse the vulnerabilities in your TV set-top box to launch Distributed Denial of Service (DDoS) attacks on websites or implant malware/ransomware. Security researchers from Avast have discovered serious security flaws in two popular TV set-top boxes, potentially leaving customers at risk of hacking attacks. Potential hackers can use the vulnerabilities in the THOMSON THT741FTA and Philips DTR3502BFTA TV set-up box to convert them into zombie botnet and/or launch ransomware attacks.
Both Philips and Thomspon set-top boxes are Internet of Things connected devices and are purchased by TV owners for television sets that do not support DVB-T2, the most up-to-date digital signal for terrestrial television. Avast researchers lead by Vladislav Iluishin and IoT threat researcher Marko Zbirka found that both these set-top boxes are shipped by their respective manufacturers with open telnet ports.
Open telnet ports use unencrypted protocol for communicating with remote devices or servers and have been use for 50 odd years. Avast researchers found out that these open Telnet ports can easily be easily accessed by hackers remotely. Once they gain access to the set-top box, they can convert the box into a botnet which can be used to launch Distributed Denial of Service (DDoS) attacks or for other malicious schemes. Avast researchers were able to successfully convert the Philips and Thomspon TV set-top boxes into botnet using the Mirai malware.
In addition to the above, the researchers found that both Philips and Thompson TV set-top boxes rely on Linux Kernel 3.10.23 which serves as a bridge between the devices’ hardware and software by allocating sufficient resources to the software to enable it to run. However, support for version 3.10.23 expired in November 2017, meaning patches for bugs and vulnerabilities were only issued for one year before they were discontinued, leaving users exposed to potential attacks thereafter.
The researchers said that hackers can use the unencrypted connection between the devices and a pre-installed legacy application of the popular weather forecasting service AccuWeather to modify the content users see on their TVs when using this app. This could potentially lead to ransom messages being displayed, claiming that the user’s TV has been hijacked and demanding a sum to free it.
“Manufacturers are not only responsible for ensuring safety standards are met before their products are made available for purchase, they are also responsible for securing them and therefore the security of their users,” said Iliushin. “Unfortunately, it’s rare for IoT manufacturers to assess how the threat surface of their products can be reduced. Instead, they rely on the bare minimum, or in extreme cases completely disregard IoT and customer security in order to save costs and push their products to market quicker.”