Click For Photo: https://regmedia.co.uk/2017/12/12/chips.jpg?x=1200&y=794
AT&T's DirecTV wireless kit has an embarrassing vulnerability in its firmware that can be trivially exploited by miscreants and malware to install hidden backdoors on the home network equipment, according to a security researcher.
Ricky Lawshae – a DEF CON veteran and infosec guru at Trend Micro's Digital Vaccine Labs – was an AT&T U-Verse subscriber who shifted over to DirecTV, and decided to take a closer look at the service's hardware. The setup included a Linksys WVBR0-25 wireless video bridge: this pipes video, audio and a user interface from your Directv Genie DVR over the air to up to eight Genie client boxes that are plugged into your TVs around the home. The bridge sets up a private wireless network, and basically acts as a transparent coax cable to your television sets from the central Genie server.
Lawshae - Linux-powered - Wireless - Bridge - Web
Lawshae homed in on the Linux-powered wireless bridge, and found it was running a web server. Incredibly, rather than hit a login form or similar, he found the builtin web server would cough up internal diagnostic information.
"I had a bad experience with a wireless video bridge like this in the past, so it seemed like a good place to start looking for problems," he said on Wednesday. "I started out by trying to browse to the web server on the device. I expected to find a login page of some sort. What I found instead was a wall of text streaming before my eyes."
Linksys - Kit - Setup - Scripts - Log
What he saw was the Linksys kit running various setup scripts and log outputs; one of the scripts was building an MD5 hash out of his web browser's network IP address and user-agent string. By changing the browser's user-agent details – which is trivial – he was able to inject extra commands, which were run as the root user. There was...
Wake Up To Breaking News!