With root access to the TV, you could also theoretically compromise other network devices, like a router or a computer. (TVs have fairly robust GPUs, although the processing power and storage pale in comparison to even a half-decent computer.) The easiest way to compromise a TV in this manner would be to draft it into a botnet, although you could theoretically mine cryptocurrency on a TV. By misnaming an uploaded media file, an attacker can gain root privileges over the TV, then run whatever kind of remote code he or she wants. This could threaten your privacy, particularly if (for whatever reason) you store sensitive information on your TV, but the most compromising thing an attacker could find is your Wi-Fi network information - which would not be especially helpful, since he or she would have to be on your network already in order to launch the attack.ĬVE-2018-16593 is the serious vulnerability among the three. This lets the attacker browse every file stored on the television. The second bug, CVE-2018-16594, lets an attacker name a file in a certain way, then upload said file to the TV through the app. The first, CVE-2018-16595, allows a user to overflow Photo Sharing Plus's stack buffer with an extremely long URL. The bugs themselves are interesting, although they require quite a bit of effort to leverage.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |