Jump to content

Hacked a smart TV last night


newbi3

Recommended Posts

I had a pineapple running that had PineAP enabled and i completely forgot about it and then later that night (last night) I turned on my laptop and I was connected to the pineapple (i forgot to delete open networks from my list!) and then i noticed this other device also connected to it... so I did a port scan, found out 8080 was opened, googled the error in the XML code and BOOM its a LG Smart TV that for some reason wants to connect to ATT wifi (Do they all do this out of the box??). Anyways so then I googled a little bit more and come to find out you can control these TVs over HTTP with an iPhone or Android app all you need is a 6 digit pin code to pair to the TV (which you can brute force!). Also find out that there is a php module that lets you control your smart tv as well. So after brute forcing the pin code I had full control over the TV from my laptop!

Funny ending to this: People who live in my house noticed the TV was turning it self up...

This would be a nifty, however pointless, pineapple infusion. Maybe I'll make one if anyone is interested.

Link to comment
Share on other sites

It would be cool to have a "tv-berry-pi" that you carried around on a battery pack that automatically messed with all of the tvs in like best buy or hotels

Link to comment
Share on other sites

I've got a Vizio and I see it doing DLNA and uPnP stuff all the time, but never bothered to see what I could do with it. Makes me wonder what kind of things my TV can do now, or who is spying on our viewing habits..lol.

Link to comment
Share on other sites

What would be very interesting is to understand what the TV "API" is. This may enable you to get a screenshot from an embedded web cam, or even stream audio.

They have documentation if you are a registered developer, if youre not then you just do a pcap and look at the GET requests

I'm curious, how is the 6digit pin bruteforced? online or offline? And is it encrypted?

Its litterally 6 numbers all you do is start counting from 100000 - 999999 and eventually you get it.

Link to comment
Share on other sites

Maybe even integrate an ettercap -T -M arp // // option to discover and play with such tvs on an already connected network aswel :-)

Edit: I'm pretty sure I'm missing something more on that ettercap arp switch

Edited by DataHead
Link to comment
Share on other sites

Maybe there's a masterkey hidden in the depths. would make an infusion much more fun...

I was reading something on a dutch forums and it looks like the 2012 models have a master key

Link to comment
Share on other sites

what brute force scrip can to used get password for ssh root@xxx.xxx.xxx.xxx

now it is asking password ..can i do brute force

Write a loop to generate the wordlist to be used, then run your brute using the generated wordlist. ..../me grumbles at Aaron's avatar from person asking this question.. R.I.P. Edited by digip
Link to comment
Share on other sites

  • 2 months later...
  • 1 month later...

I’m curious if the screenshot code could be rewritten to stream the display, even if you could only get 32fps. Sound wouldn’t matter so much if you’re in the other room.

I’ve connected to a few Smart TVs before but just for the purpose of capturing the browsing traffic. Don’t have time to “mess with people” but the above would actually be a useful hack around the house.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...