FREE zero-day for every reader: AT&T's DirecTV kit has a root hole – and no one wants to patch it | 12/13/2017 | Staff
maye (Posted by) Level 3
Click For Photo:

AT&T's DirecTV wireless kit has an embarrassing vulnerability in its firmware that can be trivially exploited by miscreants and malware to install hidden backdoors on the home network equipment, according to a security researcher.

Ricky Lawshae – a DEF CON veteran and infosec guru at Trend Micro's Digital Vaccine Labs – was an AT&T U-Verse subscriber who shifted over to DirecTV, and decided to take a closer look at the service's hardware. The setup included a Linksys WVBR0-25 wireless video bridge: this pipes video, audio and a user interface from your Directv Genie DVR over the air to up to eight Genie client boxes that are plugged into your TVs around the home. The bridge sets up a private wireless network, and basically acts as a transparent coax cable to your television sets from the central Genie server.

Lawshae - Linux-powered - Wireless - Bridge - Web

Lawshae homed in on the Linux-powered wireless bridge, and found it was running a web server. Incredibly, rather than hit a login form or similar, he found the builtin web server would cough up internal diagnostic information.

"I had a bad experience with a wireless video bridge like this in the past, so it seemed like a good place to start looking for problems," he said on Wednesday. "I started out by trying to browse to the web server on the device. I expected to find a login page of some sort. What I found instead was a wall of text streaming before my eyes."

Linksys - Kit - Setup - Scripts - Log

What he saw was the Linksys kit running various setup scripts and log outputs; one of the scripts was building an MD5 hash out of his web browser's network IP address and user-agent string. By changing the browser's user-agent details – which is trivial – he was able to inject extra commands, which were run as the root user. There was...
(Excerpt) Read more at:
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!