Avast researchers exposed an IoT security flaw by hacking a Vizio Smart TV to gain access to a home WiFi network
Security researchers at Avast have hacked a Vizio smart TV and gained access to the WiFi network the device connects to, exposing a weakness in the Internet of Things (IoT) with a basic ‘Man in the Middle’ (MITM) attack.
Avast researchers said their aim was to “show just how much a regular person can be affected by vulnerabilities within a smart device.”
They experimented with a few different attacks, including a simulated MITM, the injection of an SSID, and the decoding of the device’s binary stream.
“In addition, we uncovered a vulnerability within the device that could serve as a potential attack vector for an attacker attempting to access a user’s home network. Since this all sounds pretty creepy, it’s important to note that Vizio successfully resolved these issues upon being notified of our findings.”
Gaining control of a WiFi network via a Smart TV attack could be accomplished by hijacking DNS and serving malicious control data to the TV. “As the TV calls out to a control server by default and does not verify the authenticity of the control server, it allows an attacker in without the need for any incoming ports to be opened,” the researchers explained.
How much do you know about IoT? Take our quiz!