Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 27, 2019 11:25:00 GMT -5
About a year ago I purchased Asian manufactured smart TV running on Android. Even though its updated version of the system, they still have the same potential vulnerability, namely opened port 5555. So here I just want to advise caution for anyone who intends to use TV along with a internet be it Netflix, or just plain browser, because this was already detected as potential soft spot for trojan and other forms of attack.
|
|
|
Post by Pyrros on Dec 27, 2019 14:05:31 GMT -5
About a year ago I purchased Asian manufactured smart TV running on Android. Even though its updated version of the system, they still have the same potential vulnerability, namely opened port 5555. So here I just want to advise caution for anyone who intends to use TV along with a internet be it Netflix, or just plain browser, because this was already detected as potential soft spot for trojan and other forms of attack.
is it TESLA or FOX? You could just block 5555 from your firewalll if you think this is a problem. Did you "wireshark" it to actually capture the packets?
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 27, 2019 14:24:37 GMT -5
About a year ago I purchased Asian manufactured smart TV running on Android. Even though its updated version of the system, they still have the same potential vulnerability, namely opened port 5555. So here I just want to advise caution for anyone who intends to use TV along with a internet be it Netflix, or just plain browser, because this was already detected as potential soft spot for trojan and other forms of attack.
is it TESLA or FOX? You could just block 5555 from your firewalll if you think this is a problem. Did you "wireshark" it to actually capture the packets?
FOX, but as far as I know its manufactured in same factory where Toshiba is made. I didn't use wireshark, just nmap to check for the open ports and I found its open. When I netcat to it the standard shell command line doesn't seem to work, so I need to see whats different in Android. I don't think this is necessarily a problem, but I'm just putting a warning here as most folks won't bother to check the factory settings.
|
|
|
Post by Pyrros on Dec 28, 2019 1:38:32 GMT -5
Hmmm that would be a problem if they could hack the stack (just saying) and then run "system or bash" arbitary commands from within android like start nmap-ing the rest of the home net. But aren't we all vulnerable with the bazillion of chinese devices we have in our homes, or even Whesto devices to make it worse?
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 28, 2019 5:40:32 GMT -5
Hmmm that would be a problem if they could hack the stack (just saying) and then run "system or bash" arbitary commands from within android like start nmap-ing the rest of the home net. But aren't we all vulnerable with the bazillion of chinese devices we have in our homes, or even Whesto devices to make it worse? I tried to run exploits regarding port 5555 from metasploit database and they didn't work, but that doesn't mean its safe. What you're describing is exactly what I'm afraid of. I've also scanned my iPhone and iPad but they only have some ports filtered (meaning that some sort of firewall exists).
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 6, 2020 7:17:48 GMT -5
is it TESLA or FOX? You could just block 5555 from your firewalll if you think this is a problem. Did you "wireshark" it to actually capture the packets?
FOX, but as far as I know its manufactured in same factory where Toshiba is made. I didn't use wireshark, just nmap to check for the open ports and I found its open. When I netcat to it the standard shell command line doesn't seem to work, so I need to see whats different in Android. I don't think this is necessarily a problem, but I'm just putting a warning here as most folks won't bother to check the factory settings.
By the way, the reason it doesn't work is because I didn't open netcat on smart TV. These days I'll try to spoof my entire network traffic, so I could capture the packets with wireshark or tcpdump through my PC.
|
|