Hardcoded Miracast password means anyone can remotely control Philips smart TVs

When it comes to security, “smart” as in smart TV is like an oxymoron; Philips is in the cross-hairs this time for hard-coding the default password for Miracast into the firmware of some 2013 Smart TV models, meaning no knowledge of hacking is required. Anyone within range could connect and remotely control the TV for fun or profit.

Philips Smart TV

Miracast is a cool feature that lets two devices connect and share movies, music or other media. It is built into Windows 8.1 and BlackBerry 10.2 devices; Miracast support is built into Android 4.2 on up. If a TV has a built-in Miracast feature, then you could connect to it like you would a wireless network and take what you see on a small-screened smartphone and “mirror” it onto the much larger TV screen.

Yet that feature is more of a flaw in some Philips Smart TVs, according to vulnerability research firm ReVuln. That’s because Philips hard-coded the password, which is an uninspired ‘Miracast,’ into the Miracast wireless network. In a nutshell, that means anyone within range could connect to the TV remotely to carry out everything from mischievous to devious acts. Revuln researcher Luigi Auriemma warned about the flaw in firmware version "173.46" and believes “all 2013 Smart TV models from Philips are also at risk because they use the same susceptible firmware.”

"So basically you just connect directly to the TV via Wi-Fi without restrictions," the researchers told Computerworld. The person watching the TV isn’t going to see any kind of permission to allow or deny the incoming connection. It’s not rocket science as an “attacker” doesn’t need to be a hacker; there's no password to crack and no unique PIN to social engineer from owners. "Miracast is enabled by default and the password cannot be changed. We tried all the possible ways to reset the TV included those methods suggested in the Philips manual [...] but the TV just allows anyone to connect.”

Philips Smart TV iPad app

So big deal, what could an attacker possibly do? For starters, a prankster could freak out a person; imagine if porn was suddenly transmitted onto the TV as your kids were watching Sesame Street. Peachy, hope you’re ready to give that “birds and the bees” talk. Okay it might not be that extreme, but the point is that anyone within range of connecting can do so and then share any video, audio or images. It would also be pretty trippy if the volume or the channels kept changing; if the person remotely connecting to the TV had an external remote control app, then he or she could easily flip through the channels.

More serious potential attacks include accessing any data stored on USB devices attached to the TV, accessing the TV’s system or configuration files, and stealing browser cookies such as for Gmail as seen in ReVuln’s video “Having fun via Wi-Fi with Philips Smart TV.”  

According to the statement released by Wi-Fi Alliance, “The recent report of a non-compliant passphrase implementation appears to be limited to a single vendor's implementation. We enforce the requirements of our certification programs and have been in contact with the company in question to ensure that any device bearing the Miracast mark meets our requirements.” Here is the list of Miracast-certified TVs.

“The recent firmware versions released by Philips for their 2013 models of Smart TV (6/7/8/9xxx) have the Wi-Fi Miracast feature enabled by default ('DIRECT-xy') with a fixed password,” Revuln warned. The directory traversal vulnerability in JointSpace, “a Philips TV built-in interface for external programs to remotely control the TV,” has been a known and unpatched flaw since September.

Auriemma recommended that Philips should take steps to disallow unauthorized actions, require remote connections to input a PIN, and ask TV owners for permission before allowing wireless connections. Switching off the Wi-Fi Miracast is recommended until Philips patches. TP Vision, which manufactures and sells Philips TVs, said to turn off Wi-Fi Miracast, you “need to press the HOME button, navigate to Setup, select Network Settings, navigate to Wi-Fi Miracast and set that to OFF.”

Philips is the latest to join an “insecure” smart TV club, with Samsung and LG as the primary members. Smart TV hacking threat scenarios range from denial of service attacks, malicious code exploits, malware to create a TV-based botnet, stealing sensitive data like credit card numbers, and surveillance by an attacker tapping into the microphones or built-in cameras. Another piece of wisdom from a Smart TV researcher is, “Do not allow your TV to see your bed," as he was able to spy on people "even when the units were 'turned off'." Creepy…

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.