newbi3 Posted January 11, 2015 Share Posted January 11, 2015 I had a pineapple running that had PineAP enabled and i completely forgot about it and then later that night (last night) I turned on my laptop and I was connected to the pineapple (i forgot to delete open networks from my list!) and then i noticed this other device also connected to it... so I did a port scan, found out 8080 was opened, googled the error in the XML code and BOOM its a LG Smart TV that for some reason wants to connect to ATT wifi (Do they all do this out of the box??). Anyways so then I googled a little bit more and come to find out you can control these TVs over HTTP with an iPhone or Android app all you need is a 6 digit pin code to pair to the TV (which you can brute force!). Also find out that there is a php module that lets you control your smart tv as well. So after brute forcing the pin code I had full control over the TV from my laptop! Funny ending to this: People who live in my house noticed the TV was turning it self up... This would be a nifty, however pointless, pineapple infusion. Maybe I'll make one if anyone is interested. Quote Link to comment Share on other sites More sharing options...
THCMinister Posted January 11, 2015 Share Posted January 11, 2015 I'm very interested in an infusion for this. Curious as to what model it was. Quote Link to comment Share on other sites More sharing options...
dustbyter Posted January 11, 2015 Share Posted January 11, 2015 What would be very interesting is to understand what the TV "API" is. This may enable you to get a screenshot from an embedded web cam, or even stream audio. Quote Link to comment Share on other sites More sharing options...
DataHead Posted January 11, 2015 Share Posted January 11, 2015 Hmmm. Some random roll tv broadcast, anyone? Hahaha Quote Link to comment Share on other sites More sharing options...
newbi3 Posted January 11, 2015 Author Share Posted January 11, 2015 It would be cool to have a "tv-berry-pi" that you carried around on a battery pack that automatically messed with all of the tvs in like best buy or hotels Quote Link to comment Share on other sites More sharing options...
DataHead Posted January 11, 2015 Share Posted January 11, 2015 Oh man, that's epic. in a neighborhood full of lg smart TV's, all volumes full blast, "Neva gonna give you up peanutbutter jelly nananana afro circus" hahaha Quote Link to comment Share on other sites More sharing options...
DataHead Posted January 11, 2015 Share Posted January 11, 2015 I'm curious, how is the 6digit pin bruteforced? online or offline? And is it encrypted? Quote Link to comment Share on other sites More sharing options...
digip Posted January 11, 2015 Share Posted January 11, 2015 I've got a Vizio and I see it doing DLNA and uPnP stuff all the time, but never bothered to see what I could do with it. Makes me wonder what kind of things my TV can do now, or who is spying on our viewing habits..lol. Quote Link to comment Share on other sites More sharing options...
newbi3 Posted January 11, 2015 Author Share Posted January 11, 2015 What would be very interesting is to understand what the TV "API" is. This may enable you to get a screenshot from an embedded web cam, or even stream audio. They have documentation if you are a registered developer, if youre not then you just do a pcap and look at the GET requests I'm curious, how is the 6digit pin bruteforced? online or offline? And is it encrypted? Its litterally 6 numbers all you do is start counting from 100000 - 999999 and eventually you get it. Quote Link to comment Share on other sites More sharing options...
DataHead Posted January 11, 2015 Share Posted January 11, 2015 Oh man, way too easy lol deffinately would be a fun infusion Quote Link to comment Share on other sites More sharing options...
DataHead Posted January 11, 2015 Share Posted January 11, 2015 (edited) Maybe even integrate an ettercap -T -M arp // // option to discover and play with such tvs on an already connected network aswel :-) Edit: I'm pretty sure I'm missing something more on that ettercap arp switch Edited January 11, 2015 by DataHead Quote Link to comment Share on other sites More sharing options...
newbi3 Posted January 11, 2015 Author Share Posted January 11, 2015 I guess I will be adding this to my list of infusions to develop then :) Quote Link to comment Share on other sites More sharing options...
Broti Posted January 11, 2015 Share Posted January 11, 2015 Maybe there's a masterkey hidden in the depths. would make an infusion much more fun... Quote Link to comment Share on other sites More sharing options...
newbi3 Posted January 11, 2015 Author Share Posted January 11, 2015 Maybe there's a masterkey hidden in the depths. would make an infusion much more fun... I was reading something on a dutch forums and it looks like the 2012 models have a master key Quote Link to comment Share on other sites More sharing options...
barry99705 Posted January 12, 2015 Share Posted January 12, 2015 We were screwing around with the smart tv in the bar at Shmoocon four or five years ago. We got it to turn off but that's about it. Quote Link to comment Share on other sites More sharing options...
siddharth Posted January 17, 2015 Share Posted January 17, 2015 what brute force scrip can to used get password for ssh root@xxx.xxx.xxx.xxx now it is asking password ..can i do brute force Quote Link to comment Share on other sites More sharing options...
digip Posted January 17, 2015 Share Posted January 17, 2015 (edited) what brute force scrip can to used get password for ssh root@xxx.xxx.xxx.xxx now it is asking password ..can i do brute force Write a loop to generate the wordlist to be used, then run your brute using the generated wordlist. ..../me grumbles at Aaron's avatar from person asking this question.. R.I.P. Edited January 17, 2015 by digip Quote Link to comment Share on other sites More sharing options...
barry99705 Posted January 19, 2015 Share Posted January 19, 2015 what brute force scrip can to used get password for ssh root@xxx.xxx.xxx.xxx now it is asking password ..can i do brute force Judging from my server logs, there are hundreds of these kinds of scripts out there... Quote Link to comment Share on other sites More sharing options...
siddharth Posted January 19, 2015 Share Posted January 19, 2015 plz send me a link..is their any other methods other than brute force for open ssh and user name and ssh key Quote Link to comment Share on other sites More sharing options...
DataHead Posted January 19, 2015 Share Posted January 19, 2015 Judging from my server logs, there are hundreds of these kinds of scripts out there... lol Quote Link to comment Share on other sites More sharing options...
alcatos Posted April 2, 2015 Share Posted April 2, 2015 Depending on the model and firmware on your smart TV, you'd be surprised about what kind of information is being transmitted (unencrypted, nonetheless) back to LG headquarters in South Korea. Particularily user viewing habits, channels being watched... you can run Wireshark or the like yourself to see exactly what I mean. Quote Link to comment Share on other sites More sharing options...
bytedeez Posted April 3, 2015 Share Posted April 3, 2015 There are a few cafes' and bars that have smart TVs that i normally just use my galaxy note 3 to control, however that is still very obvious. I would love to mess with a good friend of mine who owns one of these fine establishments. Quote Link to comment Share on other sites More sharing options...
vailixi Posted April 4, 2015 Share Posted April 4, 2015 This is really a pretty awesome hack. Quote Link to comment Share on other sites More sharing options...
{ Hex } Posted April 4, 2015 Share Posted April 4, 2015 very cool my m8 has a smart tv gonna go camp outside his house sometime soon and hopefully fuck with his tv. Quote Link to comment Share on other sites More sharing options...
digitalnull Posted May 5, 2015 Share Posted May 5, 2015 I’m curious if the screenshot code could be rewritten to stream the display, even if you could only get 32fps. Sound wouldn’t matter so much if you’re in the other room. I’ve connected to a few Smart TVs before but just for the purpose of capturing the browsing traffic. Don’t have time to “mess with people” but the above would actually be a useful hack around the house. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.