Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

TV streaming stick leaves home networks vulnerable

Check Point : 12 January, 2016  (Technical Article)
Check Point uncovers vulnerability that allows hackers to infiltrate home network through a TV streaming stick
TV streaming stick leaves home networks vulnerable

Researchers from Check Point have discovered a vulnerability in the EZCast TV streaming stick that enables hackers to take full control of home networks.

EZCast, which has five million users, is a HDMI dongle-based TV streamer that converts a TV into a smart TV, enabling users to connect to the Internet and other media and is controlled a smartphone device or PC. The device also allows users to easily connect the TV with a PC to view and transfer videos, photos, music and files.

Since the EZCast dongle runs on its own Wi-Fi network, entering the network is straightforward.  This network is secured only by an 8-digit numeric password, which can be easily cracked. Check Point conducted a successful brute-force attack which allowed researchers to gain full unauthorized access to the network.  They were also easily able to use Social Engineering to gain additional network access, by sending the user a malicious link through most messaging services, such as email, Facebook and Skype.

The vulnerabilities leave all information stored on personal networks exposed to possible theft, including tax returns, bank statements, credit cards and other sensitive personal information, making the EZCast device a potentially lucrative attack vector for identity theft for cyber-criminals.  The Check Point team warned that any EZCast users or potential customers would essentially be selling access to their network for the cost of the device.

“This research provides a glimpse of what will be the new normal in 2016 and beyond – cyber criminals using creative ways to the exploit the cracks of a more connected world,” said Oded Vanunu, security research group manager, Check Point. “The Internet of Things trend will continue to grow, and it will be important for consumers and businesses to think about how to protect their smart devices and prepare for the wider adoption of IoT.”

The Check Point team uncovered a number of critical vulnerabilities in the device earlier this year, leading them to the conclusion that the device was never designed with security in mind. Check Point has reached out to EZCast several times since their discovery to alert them of the findings but at time of publication (7th January 2016) Check Point has received no response.

Check Point advised that security for IoT should be raised to the same levels that are expected and taken for granted in computer security. They added that by reporting vulnerabilities to associated vendors would improve IoT security and that vendors themselves should be aware of the information security aspect at the time when new IoT devices are still at the product design stage. They concluded that this is crucial to avoid introducing security flaws such as the ones discovered in the EZCast device.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo