ARP Cache Poisoning Attack 2023 Sony bravia smart tv 85 inch

[Michael357 0]

Hello,
I saw last post about this subject here.
My tv probably sniffing my LAN from SONY or one of the applications installed (have only few).
Only the tv LAN's connected, no wifi. i have eset on my tv.
The announcement appears on all our pc's from Eset Internet Security.
TV,PC's,Eset, all are updated. no malware on my LAN.
Attached the logs of Eset logs tool. (wile collecting, no ARP attack was shown).
p.s
that start happening since i bought the tv and comes and goes every few months for 1-2 weeks

Sincerely yours 

M

eis_logs.zip

Edited September 11 by Michael357

[itman 1,746]

Refer to this Eset Knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows .

[Michael357 0]

13 hours ago, itman said:

Refer to this Eset Knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows .

Hello,

Why should i add an exception to resolve a problem without resolving it? the problem is in tv sniffing my network, so why should i ignore it? sadly this is not a solution, otherwise would be kind to explain? the exception is only for my pc, there are more pc's, nas, tv's, smartphones  vulnerable

Edited Thursday at 08:20 AM by Michael357

[Michael357 0]

16 hours ago, Michael357 said:

Hello,
I saw last post about this subject here.
My tv probably sniffing my LAN from SONY or one of the applications installed (have only few).
Only the tv LAN's connected, no wifi. i have eset on my tv.
The announcement appears on all our pc's from Eset Internet Security.
TV,PC's,Eset, all are updated. no malware on my LAN.
Attached the logs of Eset logs tool. (wile collecting, no ARP attack was shown).
p.s
that start happening since i bought the tv and comes and goes every few months for 1-2 weeks

Sincerely yours 

M

eis_logs.zip 64.8 MB · 0 downloads

would some expert answer my question ?

[itman 1,746]

11 hours ago, Michael357 said:

the problem is in tv sniffing my network, so why should i ignore it?

If you believe your Sony TV is hacked, try updating its system software for starters: https://www.sony.com/electronics/support/downloads/W0008668 . If that doesn't work, contact Sony tech support for assistance.

Edited Thursday at 07:32 PM by itman

[itman 1,746]

Of note is this just published article on Android OS TV malware: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ .

The mitigation recommendation is;

Quote

While Dr.Web does not know how Android TV streaming devices are being compromised, researchers believe they are targeted because they commonly run outdated software with vulnerabilities.

"One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges," concludes Dr.Web.

"Another possible vector could be the use of unofficial firmware versions with built-in root access."

To prevent infection by this malware, it is advised that Android TV users check for and install new firmware updates as they become available. Also be sure to remove these boxes from the internet in case they are being remotely exploited through exposed services.

Last but not least, avoid installing Android applications as APKs from third-party sites on Android TV as they are a common source of malware.

 

 

Edited Thursday at 10:54 PM by itman

[Michael357 0]

12 hours ago, itman said:

Of note is this just published article on Android OS TV malware: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ .

The mitigation recommendation is;

 

Hi and thank you for replying!
it's qiet intresting as my tv connected to my receiver and might give a false arp. on the other side i installed one APK to install the iptv smarters as there wasnt on google play for sony and the apk might be infected with vo1d exploit.

i will check both problems and reply again.

p.s

are you a stuff member? have you read my logs?

[itman 1,746]

1 hour ago, Michael357 said:

are you a stuff member? have you read my logs?

@Marcos, did you review OP's posted logs?

[itman 1,746]

3 hours ago, Michael357 said:

i installed one APK to install the iptv smarters as there wasnt on google play for sony and the apk might be infected with vo1d exploit.

Where did you download the apk file from?

[Michael357 0]

5 hours ago, itman said:

Where did you download the apk file from?

from the internet. as a cyber person who know what is binding and what is kali etc i feel a bit stupid  i know how to arp man in the middle sniffing others https and hash passwords so i wanst worry caues i dont have a camera but yes a microphone and its not good. otherwise all my accounts are 2fa. so have you seen my logs may be?

Edited Friday at 08:31 PM by Michael357

[itman 1,746]

20 minutes ago, Michael357 said:

rom the internet. as a cyber person who know what is binding and what is kali etc i feel a bit stupid

I meant the specific web site where you downloaded the apk file from. I will see if I can find anything malicious about it.

[Michael357 0]

6 minutes ago, itman said:

I meant the specific web site where you downloaded the apk file from. I will see if I can find anything malicious about it.

dont remember brother, i think from here https://www.iptvsmarters.com/download/ but there are few links at first i probably downloaded from one of them, but as i know myself , from iptvsmarters. actually it deosnt matter, i remember contacting raralab.com ceo about his downloadable winrar infected lol, so at the time i downloaded it probably was infected and today not. i think i will see if they at last uploaded the iptvsmarters apk to google app store for sony tv's so i wont need to download it again from elswhere. here are the first links https://www.google.com/search?q=iptvsmarters+apk&oq=iptvsmarters+apk&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIJCAEQABgNGIAEMggIAhAAGA0YHjIICAMQABgNGB4yCAgEEAAYFhgeMggIBRAAGBYYHjIICAYQABgWGB4yCAgHEAAYFhgeMggICBAAGBYYHjIICAkQABgWGB7SAQg2ODE1ajBqNKgCALACAQ&sourceid=chrome&ie=UTF-8

Edited Friday at 08:56 PM by Michael357

[itman 1,746]

17 minutes ago, Michael357 said:

https://www.iptvsmarters.com/download/ 

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators.

However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

Edited Friday at 09:14 PM by itman

[Michael357 0]

2 minutes ago, itman said:

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators. However, Hybrid-Analysis (CloudStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

thank you brother, i wasnt aware of cloudstrike, only of virustotal. anyway i read all information on clodstrike and i can say WTF. i will reformat my tv but the problem is i think all iptvsmarters apk's are infected. hope iptvsmarters is already available on sony google app store. i really appreciate your time and effort brother for helping!

[Michael357 0]

27 minutes ago, itman said:

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators.

However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

damn, the iptvsmarters isnt on google sony store. you know, i did the same on the other sony tv which is sony google not android and the arp indicates only 192.168.1.5 which is the big tv android. how come?

Edited Friday at 09:39 PM by Michael357