#AceNewsReport – Oct.12: Editor says l reported on the IOT matrix some time ago and also on ‘ Smart TV’s ‘ now reality is coming to fruition as TVs, vehicles and even fridges are able to be connected under this system and once the matrix is built and of course controlled by governments and business people it just takes a hacker to break into it and have access to all of our computerised systems in homes or even our infrastructure #AceNewsDesk reports
Software patching becomes a new reality for smart TV owners
Heres our latest post: As the number of smart TVs grows, so does the number of vulnerabilities inside of them. On Thursday, security researchers revealed that eight Sony Bravia smart TV models are vulnerable to three separate bugs, one rated critical: The flaws – a stack buffer overflow, a directory traversal and a command-injection bug – were found by Fortinet in March by its FortiGuard Labs team. The most serious of the vulnerabilities is the command-injection (CVE-2018-16593) bug, which is tied to a proprietary Sony application called Photo Sharing Plus. The app allows users to share multimedia content from their phones or tablets via Sony TVs #AceNewsDesk reports
“This application handles file names incorrectly when the user uploads a media file,” wrote Fortinet’s Tony Loi, who found the vulnerability. “An attacker can abuse such filename mishandling to run arbitrary commands on the system, which can result in complete remote code-execution with root privilege.”
Fortinet researchers said a compromised TV could be recruited into a botnet or be used as springboard for additional attacks against devices that shared the same network: To be successful, an adversary would need to be on the same wireless network as the Sony TV.
Similar to the previous vulnerability, the other two Sony Bravia bugs are also tied to Sony’s Photo Sharing Plus application, but are rated high severity. The stack buffer overflow (CVE-2018-16595) is a “memory corruption vulnerability that results from insufficient size checking of user input,” Loi wrote in a technical write up.
The directory-traversal vulnerability (CVE-2018-16594) relates to the way the Photo Sharing Plus app handles file names. “An attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem,” the researcher wrote.
Fortinet said Sony’s over-the-air patch needs a user’s approval and a network connection to work. In its security bulletin, Sony said that impacted televisions are set to automatically receive updates by default, and should have already. Affected Bravia models include: R5C, WD75, WD65, XE70, XF70, WE75, WE6 and WF6.
Loi also cautioned that the vulnerability landscape for smart-TV platforms and other net-connected devices is growing. “[Cybercriminals] increasingly target IoT devices, such as smart TVs, that include always-on connectivity and high-performance GPUs that can be hijacked for malicious purposes,” he wrote. Those powerful GPUs can commandeered for cryptomining, and increasingly are falling victim to it.
Earlier this year, Consumer Reports identified two smart TV models from Samsung and TCL that included bugs that allowed an attacker to take control of targeted TVs. A hacker who exploited these vulnerability would be able to take control of the TV and change the channel, turn up the volume and play offensive YouTube videos from anywhere on the planet, the report stated.
This attack surface is growing, too: According to market researchers at GFK, more than half of all 2017 TV sales in the U.S. were smart TVs.
Source: Threatpost.Com/ Published:October.2018:
Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here Live Feeds https://acenewsroom.wordpress.com/ Ace News Services Posts https://t.me/AceSocialNews_Bot and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews all private chat messaging on here https://t.me/sharingandcaring