now browsing by tag
The Apple TV has long been a wonderful device for consuming media on your big-screen television. From video to music, it is a great experience. Some people weren’t satisfied with the default functionality, however, opting to jailbreak Apple’s media box. In fact, the jailbroken Apple TV 2 was one of the most popular XBMC/Kodi boxes for this reason.
Are you running one of those jailbroken Apple TV 2 devices? You should be worried then. You see, as the folks over at TVAddons warn, the jailbreak process installed OpenSSH by default. This means your network could be compromised by the fairly outdated media box. A hacker only needs your ip address to attack you.
“Under normal circumstances, most people are aware of the need to set a strong password on their computer. However, in this circumstance, most users aren’t aware that their jailbroken Apple TV 2 is a computer that can be programmed for any purpose. Anyone who gains access to your insecured [sic] jailbroken Apple TV 2 device could run code to do things like send spam, DDoS, or even infiltrate your phone and personal computer,” says TVAddons.
The group also says, “Who’s to blame? We hate to say it, but the company behind the popular Seas0npass jailbreak for Apple TV 2 should have known better. For years Firecore distributed what was the only method of jailbreaking the Apple TV 2, and knowingly chose to include OpenSSH with the jailbreak. They should have seen this coming, and given the user the chance to change the SSH password at the time of jailbreak. Instead they likely turned a blind eye in order to make things simple for the average joe, to whom they also tried to upsell other premium apps.”
Before you get too scared, just know that disconnecting the jailbroken Apple TV 2 from your network will take away the threat. In other words, if you don’t use it, just get rid of it — it is outdated anyway. If you are still using it, however, you can just change the default root password to secure yourself — easy peasy.
View full post on National Cyber Security Ventures