Security bugs in android-based Sony Smart TVs expose Wi-fi passwords and stored images

In a stark reminder to individuals and organizations to constantly update to the latest firmware and stay aware of malware and other different forms of cyber attacks, several models of Sony’s smart TVs were found to contain two major vulnerabilities, which were discovered by DarkMatter’s xen1thLabs team recently. The first flaw, an arbitrary file read one and the second, an information disclosure vulnerability, were found within an application called Photo Sharing Plus which are featured in Smart TVs running on the Android platform. As per the advisories released by xen1thLabs, attackers  could have manipulated these flaws to steal Wi-Fi passwords and photos stored in the TVs. Photo Sharing Plus is an application that allows photos and other smartphone multimedia to be viewed on Sony’s smart TVs. The arbitrary file read flaw allowed hackers to retrieve photos and files inside the TV without any authentication whatsoever. The information disclosure vulnerability allowed attackers to retrieve Wi-Fi passowords set in the TVs, when starting Photo Sharing Plus.

xen1thLabs mentions that these flaws were discovered in October last year, following which they reported it to Sony in a bug bounty program. Later, Sony clarified that it removed the app altogether, from the affected TV models.

(Story source:

(Picture courtesy: