DirecTV Wireless Kit has an Unpatched Vulnerability

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,315
Security researcher, Ricky Lawshae, has discovered a nasty vulnerability in the Linksys wireless video bridge provided with DirecTv's Genie server. This vulnerability allows a user to gain root access on the device and then install malware or backdoors without detection. You would think something like this would be patched immediately, but AT&T was notified of this over 6 months ago and still hasn't addressed this with any kind of patch. Not too cool AT&T/Linksys.

"However, after a while we heard nothing back so decided to go public. We want disclosure to drive action and the flaw can easily be exploited for a botnet covering a not-insignificant number of devices – it has the potential to be very nasty."
 

Ocellaris

Fully [H]
Joined
Jan 1, 2008
Messages
19,080
So someone with access to the home network, say via an infected PC, would be able to leverage this vulnerability to install malware...

So pretty much a non issue. If someone already has a compromised PC running scripts on other devices, it’s going to be the main problem.
 

alxlwson

You Know Where I Live
Joined
Aug 25, 2013
Messages
8,823
So pretty much a non issue. If someone already has a compromised PC running scripts on other devices, it’s going to be the main problem.


Adding millions of new nodes to a botnet is no laughing matter
 

GotNoRice

[H]F Junkie
Joined
Jul 11, 2001
Messages
11,388
Do people use their DirecTV wireless for their computers? What possible reason would anyone have to do that? My regular dual-band WiFi is totally separate from the 5Ghz DirecTV WiFi that is just used for the TV boxes in other rooms. Even if someone compromised my DirecTV wifi, aside from fucking up my TV service, what else could they even do?
 

the-one1

2[H]4U
Joined
Jan 16, 2003
Messages
2,982
The door to my closet in the hallway doesn't have a lock. If someone was to break into my home through my locked front and back doors and windows, they would be able to open the closet with no problems.
 

xinco

Weaksauce
Joined
Jul 8, 2001
Messages
73
I don't think the botnet is the real issue here. There are probably cheaper/easier/faster ways of expanding a botnet.

If the Wifi network created is easy to hack, that probably gives access to the WAN side of the Directv box, and probably the home network.

So I could see this being a focused target for wealthy individuals or corporate crime. Just one more attack vector.
 
Top