All Your DVR are Belong to Us

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
53,043
Why subscribe to a cable or satellite service when there are tens of thousands of those on the net for you to access? Because you are not a criminal, most likely. That said, I hate browsing through my own DVR's menu, and probably even hate browsing through yours even more. Although this DVR vulnerability has been confirmed, not attacks have been verified yet. Also it can be fairly easily blocked as well should the companies using these decide to. I need to go check if my DVR is mining right now though.


Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of "Cookie: uid=admin," the DVR would respond with the device's admin credentials in cleartext. The entire exploit is small enough to fit inside a tweet.

...companies can still detect attempts to access /login.rsp or /device.rsp URL paths and block those, allowing access to the DVR's management interface only for trusted IPs.
 

nutzo

Supreme [H]ardness
Joined
Feb 15, 2004
Messages
7,380
Windows 7 Media Center DVR, with a proper firewall. Don't think I need to worry.
 

cdabc123

2[H]4U
Joined
Jun 21, 2016
Messages
3,880
Mine probably is... damn thing slowed to a crawl a few months ago. If I want to watch a movie on-demand, I need to demand it about 3 hours in advance.

Mine did that when it hit a bad sector on the HDD stayed like that till we basically emptied it and reset it.
 

DukenukemX

Supreme [H]ardness
Joined
Jan 30, 2005
Messages
6,138
D...V...R? Oh, that's a thing you use for TV. Ah TV, that takes me back.

9d78a5e3982fb88d29e8e63c59519457.jpg
 

Dekoth-E-

Supreme [H]ardness
Joined
Mar 23, 2010
Messages
7,599
I used to like DVR..then I discovered on demand streaming for less money per month than what my cable company was charging me for that piece of equipment. Then I DISCOVERED streaming and finally cut cable completely.
 

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
A few years ago I somehow was able to gain access to our(then) directv dvr's folders and files thru my wifi network. I don't remember how I did it since I was just tinkering at the time and bored but I was able to locate and copy/play files that were recorded in an mp4 format.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
34,066
MythTV backends with Kodi frontends work great and are very secure.

Why would a DVR box ever need to be visible to the public internet? If I still had them, I'd firewall that shit off.
 

exiled350

2[H]4U
Joined
Jun 26, 2013
Messages
2,159
Oh man, I hope this gets patched before some nation state sponserd hackers get their hands on it... Not too many better ways to sow chaos than to start randomly deleting people's recorded showed.
 
Top