Android-based Sony Smart TVs expose Wi-fi passwords and stored images due to security bugs

• The vulnerabilities existed in an application known as Photo Sharing Plus which can allow photos to be uploaded on a Sony Smart TV with a smartphone.
• The application turned the TV into a Wi-Fi access point to allow users to connect and view media from their smartphones or tablets on the TV screen.

Sony is under the scanner after many models of its popular Smart TVs were found containing two major vulnerabilities. These security flaws were discovered by DarkMatter’s xen1thLabs team recently.

As per the two advisories released by the team, the flaws were found in an application called Photo Sharing Plus which is featured in Smart TVs that were running Android. Attackers could have abused these flaws to steal Wi-Fi passwords as well as photos stored in the TVs.

The big picture

• Photo Sharing Plus is an application that allows photos and other multimedia on smartphones or tablets to be viewed on Sony’s Smart TVs.
• As soon as the application starts, it turns the TV into a Wi-Fi access point and displays Wi-Fi password in order to authenticate smartphone devices. This is where the two flaws were discovered.
• The first one was an arbitrary file read flaw and the second one was an information disclosure (ID) vulnerability.
• Arbitrary file read flaw could allow attackers to retrieve photos or internal files stored inside the TV without authentication.
• Information Disclosure vulnerability could allow attackers to retrieve Wi-Fi passwords that were set in the TVs when Photo Sharing Plus was started.

What actions were taken - In its advisories, xen1thLabs mentions that these flaws were discovered in October 2018. The team reported the flaws to Sony in a bug bounty program. After a series of interactions, Sony confirmed the patches for these flaws and has altogether removed the app on affected TV models.

How to stay safe - Users of the affected Smart TV models are advised to update to the latest firmware. The affected models can be found here.