Data Security News Headlines 15th December 2017

  1. Zero-Day Remote ‘Root’ Exploit Disclosed In AT&T DirecTV WVB Devices

DirecTV Wireless Video Bridge WVBR0-25 allows the main Genie DVR to communicate over the air with customers’ Genie client boxes (up to 8) that are plugged into their TVs around the home. Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. According to the report published by Hackernews, the problem is with a core component of the Genie DVR system that’s shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take full control of the device, placing millions of people who’ve signed up to DirecTV service at risk. The vulnerability actually resides in WVBR0-25—a Linux-powered wireless video bridge manufactured by Linksys that AT&T provides to its new customers. Successful exploitation could allow anyone get a root shell on the DirecTV wireless box in less than 30 seconds, granting them full remote unauthenticated admin control over the device. The vendor ceased communication with the researcher and had yet not fixed the problem.

Cyber Security Tips: Users are recommended to limit their devices that can interact with Linksys WVBR0-25 “to those that actually need to reach” in order to protect themselves and install the latest firmware once release by the vendor.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: