Security researcher says DirecTV hardware can be easily hacked

Homes signed up to AT&T's DirecTV service may be inadvertently running hardware that can be easily hacked, according to a security researcher.

An easily-exploitable security flaw was found in the wireless video bridge that ships with DirecTV, which lets laptops, tablets, and phones connect with the main Genie digital video recorder. Because the wireless video bridge, manufactured by Linksys, isn't protected by a login page, anyone with access to the device could obtain sensitive information about the device.

Trend Micro's Ricky Lawshae, who discovered the flaw, said the device was spewing out diagnostic data about the bridge, including information on connected clients, running processes, and the Wi-Fi Protected Setup passcode.

Lawshae said in a write-up of the bug seen by ZDNet prior to publication that the device could accept commands as the "root" user, effectively granting him the highest level of access on the device.

With root access, an attacker can steal data or lock up devices. Lawshae said that one of the biggest risks to home users is from botnets, in which hackers break into internet-connected devices to launch distributed denial-of-service attacks, knocking sites and services offline.

"It literally took 30 seconds of looking at this device to find and verify an unauthenticated remote root command injection vulnerability," said Lawshae. "The vendors involved here should have had some form of secure development to prevent bugs like this from shipping."

DirecTV, owned by AT&T, said earlier this month that it has more than a million customers.

He said that Trend Micro's ZDI Initiative privately disclosed the vulnerability to Linksys in June, but the device maker had "ceased being responsive."

"We have provided the firmware fix to [DirecTV] and they are working to expedite software updates to the affected equipment," said a Linksys spokesperson.

After publication, an AT&T spokesperson responded: "We are aware of this report and are working with the vendor to expedite software updates to the affected equipment."

In the meantime, Lawshae said users can protect themselves by limiting the devices that interact with the affected wireless video bridge.

ZDNET INVESTIGATIONS

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

Lawsuits threaten infosec research — just when we need it most

NSA's Ragtime program targets Americans, leaked files show

Leaked TSA documents reveal New York airport's wave of security lapses

US government pushed tech firms to hand over source code

Millions of Verizon customer records exposed in security lapse

Meet the shadowy tech brokers that deliver your data to the NSA

Inside the global terror watchlist that secretly shadows millions

198 million Americans hit by 'largest ever' voter records leak

Britain has passed the 'most extreme surveillance law ever passed in a democracy'

Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it

Leaked document reveals UK plans for wider internet surveillance

• Researchers say a breathalyzer has flaws, casting doubt on countless convictions
• Lawsuits threaten infosec research — just when we need it most
• NSA's Ragtime program targets Americans, leaked files show
• Leaked TSA documents reveal New York airport's wave of security lapses
• US government pushed tech firms to hand over source code
• Millions of Verizon customer records exposed in security lapse
• Meet the shadowy tech brokers that deliver your data to the NSA
• Inside the global terror watchlist that secretly shadows millions
• 198 million Americans hit by 'largest ever' voter records leak
• Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
• Leaked document reveals UK plans for wider internet surveillance