Music, as the smart TV penetration test summary
Preview
- Model: TV Plus
checklist
The default is turned adb network connectivity
System Components vulnerabilities
Remote password
Unauthorized access devices (official Android / IOS remote control)
Third-party applications for known vulnerabilities
Open ports situation
Etc.
The default is turned adb network connectivity
Test Method: adb connect ip
If successful, you will be prompted connected to xxxx.
Risk: be without the user authorized to connect smart TV device, the presence of any installed application, without the user's consent malicious play audio and video data, and so on
Examples:
During the test music as Smart TV, the network discovery enabled by default adb debug function (this function is uncertain on a tester open, or to open the default), you can directly obtain shell access successfully Smart TV through adb connect.
Unauthorized access devices (official Android / IOS remote control)
Test method: download mobile phone app, and TV simultaneously access the same Wi-Fi, the phone and communicate with the smart TV capture process. Whether there is a clear text transmission observed in the communication process, with or without certification, if there is a replay attack problems.
Risk:
There is cleartext transmission content was abducted, may be middle attack, sniffing and other risks to sensitive data
Unauthorized information can be arbitrarily controlled remote counterfeit
Examples:
Packet capture and analysis of communication process phone app Smart TV, press the app find the page up key, the phone app to send packets to send udp port 9900 Smart TV content {"CONTROL_ACTION":"up"}
. And there is no certification, which means that as long as the network up, you can control the device without having authorization. Key code, it may be obtained by reversing the APP or the like.
little:echo '{"CONTROL_ACTION":"up"}'|nc ip 9900 -u
Open ports situation
Test Method:
nmap scan Smart TV IP, and based on the scan results to determine the corresponding port services, whether there is an overflow, if the http service is open to the inspection focused on common web vulnerabilities such as sql injection
Netstat -antp program execution command adb shell, corresponding to check open ports
Risk:
- Here a secondary test, where the network can control the device under test, the next step to facilitate penetration test
Remote password
Test Method:
Looking for manual test equipment, or through a search engine to look for help with documentation
Risk:
And smart phones and other small devices is different in that the mobile phones and other open ADB, can only be connected to the computer via usb data cable, the computer can accept commands. But smart TVs and other devices, not through the data lines to link ADB, only tcp way through. So could produce unauthorized access and other risks. After individual users and use adb function, did not close, resulting in personal information safe exposure.