Vulnerability in Philips smart TVs allows Gmail and file access

News
By published

Security hole added in latest firmware update

Philips TV
Miracast feature entices consumers and hackers

A security researcher has identified a vulnerability in Philips smart TVs which could be used by hackers.

The bug, identified by researcher Luigi Auriemma, affects Philips-branded TVs with the Miracast feature, which allows nearby devices to connect to the TV.

A firmware update in December opened a new vulnerability allowing hackers to connect to the TV so long as they are in range and know the default Miracast password, which is, you guessed it, "Miracast."

The newly connected device does not require a PIN number and there is no notice that a new device has connected, letting hackers operate stealthily.

Easy access

One of the most serious repercussions of this vulnerability is that it allows Gmail authentication cookies to be stolen, granting hackers access to a user's email account.

It also allows hackers to access data stored on a USB drive connected to the TV.

If that's not bad enough, it also means hackers will have full control of the smart TV and can play any content they want, resulting in some potentially very embarrassing moments.

The bug that created this vulnerability has apparently been known for six months. While Philips takes its time to develop a patch, a simple workaround is to disable the Miracast feature completely.

Random characters

In a statement, the Wi-Fi alliance said that the security issue is not widespread and is instead "limited to a single vendor's implementation".

"Wi-Fi Alliance takes security very seriously. All of our specifications and certifications include requirements to support the latest generation of security protections. In the case of Miracast™, the underlying specification requires device-generated passphrases to consist of characters randomly selected from upper case letters, lower case letters, and numbers," the statement said.

"The recent report of a non-compliant passphrase implementation appears to be limited to a single vendor's implementation. We enforce the requirements of our certification programs and have been in contact with the company in question to ensure that any device bearing the Miracast mark meets our requirements."

Via ArsTechnica

TOPICS
Dean Wilson
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
More about software services
Page shows the getting started page on the Notability app.

I enjoyed testing this satisfying note-taking app, but its collaboration skills were weak
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
Apple iPhone 16 Pro Max Hands on

I'm actually glad the new Siri with Apple Intelligence is delayed, and here's why we've got Apple's AI problem backwards
See more latest
Most Popular
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Samsung Magician 8.3.0
Samsung reveals a new version of its popular SSD software, and yes, you should absolutely download it if you own a Samsung SSD
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia's most expensive Blackwell card gets massive price cut but it is not the RTX 5090
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so