Music, as the smart TV penetration test summary

Music, as the smart TV penetration test summary

Preview

• Model: TV Plus

checklist

• The default is turned adb network connectivity

• System Components vulnerabilities

• Remote password

• Unauthorized access devices (official Android / IOS remote control)

• Third-party applications for known vulnerabilities

• Open ports situation

• Etc.

The default is turned adb network connectivity

Test Method: adb connect ip

If successful, you will be prompted connected to xxxx. 

Risk: be without the user authorized to connect smart TV device, the presence of any installed application, without the user's consent malicious play audio and video data, and so on

Examples:

During the test music as Smart TV, the network discovery enabled by default adb debug function (this function is uncertain on a tester open, or to open the default), you can directly obtain shell access successfully Smart TV through adb connect. 

Unauthorized access devices (official Android / IOS remote control)

Test method: download mobile phone app, and TV simultaneously access the same Wi-Fi, the phone and communicate with the smart TV capture process. Whether there is a clear text transmission observed in the communication process, with or without certification, if there is a replay attack problems. 

Risk:

• There is cleartext transmission content was abducted, may be middle attack, sniffing and other risks to sensitive data

• Unauthorized information can be arbitrarily controlled remote counterfeit

Examples:

Packet capture and analysis of communication process phone app Smart TV, press the app find the page up key, the phone app to send packets to send udp port 9900 Smart TV content {"CONTROL_ACTION":"up"}. And there is no certification, which means that as long as the network up, you can control the device without having authorization. Key code, it may be obtained by reversing the APP or the like.

little:echo '{"CONTROL_ACTION":"up"}'|nc ip 9900 -u

Open ports situation

Test Method:

1. nmap scan Smart TV IP, and based on the scan results to determine the corresponding port services, whether there is an overflow, if the http service is open to the inspection focused on common web vulnerabilities such as sql injection

2. Netstat -antp program execution command adb shell, corresponding to check open ports

Risk:

1. Here a secondary test, where the network can control the device under test, the next step to facilitate penetration test

Remote password

Test Method:

Looking for manual test equipment, or through a search engine to look for help with documentation

Risk:

And smart phones and other small devices is different in that the mobile phones and other open ADB, can only be connected to the computer via usb data cable, the computer can accept commands. But smart TVs and other devices, not through the data lines to link ADB, only tcp way through. So could produce unauthorized access and other risks. After individual users and use adb function, did not close, resulting in personal information safe exposure.