Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

When WebOS has a USB thumb drive plugged into it, it opens a port on the TV. This allows peer devices to call the API /getFile?path=xxxxxx to get files from the mounted USB.

The device doesn't have any filtering on the path for directory traversal vulnerabilities. By using a classic directory traversal, you can read arbitrary files from the system.

This by itself is bad but what can we do with it? There's a database that contains peer authentication keys. By stealing these keys, it's possible to bypass authentication on the secondscreen service. With this, they can enable developer mode to install arbitrary apps and gain control of the device.

The vulnerability is simple yet the impact derived from this is terrible. Good find! I was also surprised to find that the PoC includes a Docker image for the TV, making it easy to run.