Jump to content
Stef's Coding Community

Notice: DirectTV vulnerability


Recommended Posts

For those of you using DirtectTV, there is a risk that could allow attackers access to your system and network.

Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices

https://thehackernews.com/2017/12/directv-wvb-hack.html

Quote

Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months.

The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take full control of the device, placing millions of people who've signed up to DirecTV service at risk.

The vulnerability was reported by the ZDI Initiative to Linksys more than six months ago, but the vendor ceased communication with the researcher and had yet not fixed the problem, leaving this easy-to-exploit vulnerability unpatched and open for hackers.

So, after over half a year, ZDI decided to publicize the zero-day vulnerability, and recommended users to limit their devices that can interact with Linksys WVBR0-25 "to those that actually need to reach" in order to protect themselves.

I have not discussed this issue yet as it can be a tad complicated for those who have never dealt with your routers yourselves. It may be a good idea to talk to someone in "The Know" or discuss it with your ISP support team. The real issue here is IoT (Internet of Things), all the gadgets that are being developed to use the internet. 

The folks who create your OS generally think about security. The folks who develop your router think about security. But does the developer of all this IoT crap think about security? Did the software developer for you internet connected coffee machine, pace maker, iBarbecue thing think about security? Likely not... so time and time again researchers and bad actors have found ways to bypass the best security people thought they had by hacking a unprotected IoT device. This is another example how hackers can get into your network through your Smart TV.

For those of you who like a challenge, find a way to limit your IoT things contact to your network. It needs access to the Internet, but no other devices, it needs no access to your computers or tablets and phones. This way if compromised, the attacker can't do much of anything.

Another way is to replace your Router's firmware with an opensource software with something like DD-WRT. Routers can do much more for security if you understand them, but their firmware is "Simplistic" for the average user. By getting more control with other software you can create two networks, your main network and a locked down network for just IoT devices with no contact to your personal devices.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...