Imagine if every single gadget in your life was “smart.” Your self-driving car could let your house know you’re on the way home so it can adjust the thermostat and kick on the lights.
Your fridge could detect that you’re out of milk and order more online before you even wake up. A drone delivers the milk just in time for your morning bowl of cereal. These are all super helpful features, but they do come with some digital risks.
Now, something as simple as satellite television can be targeted by hackers.
Who’s at risk?
If you are one of the millions of people with AT&T’s DirecTV service, you could be at risk of attack by hackers. That’s due to a vulnerability recently discovered by security researcher Ricky Lawshae.
He said the flaw was found in DirecTV’s Genie digital video recorder (DVR) system. More specifically, Linksys WVBRo-25 model. The vulnerability is located in the wireless video bridge that lets DirecTV devices communicate with the DVR.
Lawshae said that he discovered the flaw when trying to browse to the web server on the Linksys WVBRo-25. He was expecting to find a login page, but instead found a wall of text. It contained output of diagnostic scripts dealing with information about the bridge, including the WPS pin, connected clients, processes that were running, and more.
That means anyone who accesses the device can obtain sensitive information about it. Not only that but the device is able to accept commands as the “root” user.
Lawshae said, “It literally took 30 seconds of looking at this device to find and verify an unauthenticated remote root command injection vulnerability. It was at this point that I became pretty frustrated. The vendors involved here should have had some form of secure development to prevent bugs like this from shipping.”
If a hacker has root access, they can steal data or even turn the device into a botnet. Cybercriminals are not always trying to steal personal and banking information. Sometimes they are trying to create havoc.
Cybercriminals can use an army of internet of things (IoT) gadgets to disrupt services or shut down websites. This is called a distributed denial of services (DDoS) attack.
DDoS attacks occur when servers are overwhelmed with more traffic than they can handle. These types of attacks are performed by a botnet.
A botnet is a group of gadgets that hackers have taken over without the owner’s knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.
How to resolve this issue
A spokesperson for Linksys told “Forbes” earlier this week that it had “provided the firmware fix to DirecTV and they are working to expedite software updates to the affected equipment.”
The good news is, once the software is pushed out, the flaw should be fixed. The bad news is, we don’t know how long it will take for DirecTV to send the updates.
As a DirecTV customer, you don’t need to do anything to receive the updates. As long as your satellite receiver is connected to the internet updates that are automatically installed behind the scenes.