Homes signed up to AT&T’s DirecTV service may be inadvertently running hardware that can be easily hacked, according to a security researcher.
An easily-exploitable security flaw was found in the wireless video bridge that ships with DirecTV, which lets laptops, tablets, and phones connect with the main Genie digital video recorder. Because the wireless video bridge, manufactured by Linksys, isn’t protected by a login page, anyone with access to the device could obtain sensitive information about the device.
Trend Micro’s Ricky Lawshae, who discovered the flaw, said the device was spewing out diagnostic data about the bridge, including information on connected clients, running processes, and the Wi-Fi Protected Setup passcode.
Lawshae said in a write-up of the bug seen by ZDNet prior to publication that the device could accept commands as the “root” user, effectively granting him the highest level of access on the device.