Are Set-Top boxes Vulnerable to Cyber Attack?

Comments are off
2
Marcelo Orlandi
Are Set-Top boxes Vulnerable to Cyber Attack?

You’ve likely heard a lot about Windows vulnerabilities, password weaknesses, information leaked to the wild and so on and so forth. However, do you remember when we briefly discussed the IoT (Internet of Things) and what you need to know? If you don’t, just click here to have a quick look before keep reading.

Nowadays, you will see advertisements for the new 5G, even though some people are still moving to the 4G. Even with 4G, you can easily stream your favourite sports event or movies from wherever you are. New set-top boxes allow you to be a remote, controlled from outside your home and set up it to record your favourite shows and many other features. All this, thanks to the Internet and flexibility of having a mobile device connected to your appliances.

However, not all is good and simple like that. A newly discovered IoT botnet is trying to break into Android OS-based set-top boxes, and another threat is just over the horizon.

This botnet called “Ares” was found after researchers identified suspicious behaviour on Android based set-top boxes used for streaming media from sites like Netflix and Hulu. After closely monitoring, they discovered that they were targeting Android-bases IoT devices to trigger infections on a large scale.

How did this happen? The company, WootCloud, said that “our discovery has seen Areas using misconfigured interfaces left open on custom Android installations on set-top boxes to get full control of the set-top box. We have not seen smart TVs infected in our investigation, but any Android devices with this interface open for access is vulnerable to this attack”.

You may be thinking, “Okay, but even if my set-top box was compromised it is not a big deal.” If that’s your attitude, I have some bad news. WootCloud said: “Ares attacks set-top boxes and compromises them so they can be used to install malware and further compromise other devices with DDOS (distributed denial-of-service) attacks, Bitcoin mining and brute force password cracking attacks, amongst others.”

Do you do banking on your computer which is connected to the same network as your set-top box? Now you probably know where I am going with this… keep your set-top box up to date with all vendor changes. Yes, you have to update your set-top box as well your Windows… at the end of the day, it is another mini-computer.

Another thing to keep in mind when configuring and connecting your set-top box to the Internet.

And as always, be safe out there until next Malware Monday.