Streaming devices have become increasingly popular in recent years, and for good reason. Portable, frequently updated and relatively inexpensive when compared to a new smart TV, these devices offer a convenient, cost-effective, and customizable way to access a vast selection of content from the comfort of your own home. Smart TVs and streaming devices account for a whopping 20% [pdf] of all connected IoT devices, and potential vulnerabilities in firmware could affect a significant user base.
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities that might affect customers if left unaddressed. This research paper is part of a broader program and aims to shed light on the security of the world’s best-sellers in the IoT space. This report covers the Amazon Fire TV Stick and the Insignia
FireOS TV products. The research discloses vulnerabilities affecting the following products and versions:
Note: the vulnerabilities presented in this report have been responsibly disclosed to the vendor through their Bug Bounty program. Amazon has released fixes for these issues on Fire TV devices and the Fire TV remote app, and the company has no evidence that this issue has been used against customers. Bitdefender has been working closely with the Amazon Fire TV team through all stages of vulnerability disclosure. We would like to extend our thanks for the prompt response time, communication, transparency and escalation.
Home users should closely monitor IoT devices and isolate them as much as possible from the local network. This can be done by setting up a dedicated network exclusively for IoT devices.
Additionally, IoT users can use the free Bitdefender Smart Home Scanner app to scan for connected devices, identify and highlight vulnerable ones. IoT device owners should also make sure that they check for newer firmware and update devices as soon as the vendor releases new versions.
To minimize risks of compromise, smart home users should consider adopting a network cybersecurity solution integrated into the router, such as the NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.