Smart TVs – despite being convenient and user-friendly they remain vulnerable to security threats. The hackers remain on the verge of hacking into a smart home network by spotting vulnerabilities in these TVs. Earlier this year, a researcher unveiled how several popular brands, like Roku and Samsung, could trigger hacks. The researchers tested Sony too that fortunately passed the test. possibly attributed to the vendor’s proactive approach towards security fixes. Lately, Sony quietly patched several critical security vulnerabilities in its Smart TV Bravia.
Critical Vulnerabilities Found In Sony Smart TV Bravia
Researchers at Fortinet discovered critical vulnerabilities in Sony Smart TVs that posed security threats to users. These vulnerabilities had different impacts on a system, the worst being remote code execution.
As disclosed in the advisory, Sony patched three critical security bugs in its Smart TV Bravia. These flaws allegedly existed in the Photo Sharing Plus application. While Sony did not reveal many details about the flaws, Fortinet has explained them all in their blog post.
As explained by Fortinet, they discovered three vulnerabilities in the smart TV app. The first among these is the Stack Buffer Overflow memory corruption vulnerability (CVE-2018-16595) that could lead to app crash. For the second vulnerability, Directory Traversal (CVE-2018-16594), the researchers stated,
“The application handles file names incorrectly when receiving a user’s input file via uploading a URL. An attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem.”
Whereas, the third one, a command injection vulnerability (CVE-2018-16593) posed a serious threat as it could trigger remote attacks. As described by Fortinet,
“This application handles file names incorrectly when the user uploads a media file. An attacker can abuse such filename mishandling to run arbitrary commands on the system, which can result in complete remote code execution with root privilege.”
Sony Rolled Over The Patches
Fortinet researchers discovered the flaw in March 2018, after which they notified Sony of the bugs. Sony then began working to patch the vulnerabilities, eventually rolling over the Over-The-Air (OTA) update from June 2018 to August 2018.
The vulnerabilities affected several Smart TV Bravia series including, R5C (firmware version 8.588 or later), WD75 and WD65 (version 8.215 and later), XE70 and XF70 (version 8.674 or later), WE75, WE6 and WF6 (v8.414 or later). Hence, users of these models should make sure they keep their TVs updated with the latest firmware versions.