Jump to content

ARP Cache Poisoning Attack 2023 Sony bravia smart tv 85 inch


Recommended Posts

Hello,
I saw last post about this subject here.
My tv probably sniffing my LAN from SONY or one of the applications installed (have only few).
Only the tv LAN's connected, no wifi. i have eset on my tv.
The announcement appears on all our pc's from Eset Internet Security.
TV,PC's,Eset, all are updated. no malware on my LAN.
Attached the logs of Eset logs tool. (wile collecting, no ARP attack was shown).
p.s
that start happening since i bought the tv and comes and goes every few months for 1-2 weeks

Sincerely yours 

M

eis_logs.zip

Edited by Michael357
Link to comment
Share on other sites

13 hours ago, itman said:

Hello,

Why should i add an exception to resolve a problem without resolving it? the problem is in tv sniffing my network, so why should i ignore it? sadly this is not a solution, otherwise would be kind to explain? the exception is only for my pc, there are more pc's, nas, tv's, smartphones  vulnerable

Edited by Michael357
Link to comment
Share on other sites

16 hours ago, Michael357 said:

Hello,
I saw last post about this subject here.
My tv probably sniffing my LAN from SONY or one of the applications installed (have only few).
Only the tv LAN's connected, no wifi. i have eset on my tv.
The announcement appears on all our pc's from Eset Internet Security.
TV,PC's,Eset, all are updated. no malware on my LAN.
Attached the logs of Eset logs tool. (wile collecting, no ARP attack was shown).
p.s
that start happening since i bought the tv and comes and goes every few months for 1-2 weeks

Sincerely yours 

M

eis_logs.zip 64.8 MB · 0 downloads

would some expert answer my question ?

Link to comment
Share on other sites

11 hours ago, Michael357 said:

the problem is in tv sniffing my network, so why should i ignore it?

If you believe your Sony TV is hacked, try updating its system software for starters: https://www.sony.com/electronics/support/downloads/W0008668 . If that doesn't work, contact Sony tech support for assistance.

Edited by itman
Link to comment
Share on other sites

Of note is this just published article on Android OS TV malware: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ .

The mitigation recommendation is;

Quote

While Dr.Web does not know how Android TV streaming devices are being compromised, researchers believe they are targeted because they commonly run outdated software with vulnerabilities.

"One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges," concludes Dr.Web.

"Another possible vector could be the use of unofficial firmware versions with built-in root access."

To prevent infection by this malware, it is advised that Android TV users check for and install new firmware updates as they become available. Also be sure to remove these boxes from the internet in case they are being remotely exploited through exposed services.

Last but not least, avoid installing Android applications as APKs from third-party sites on Android TV as they are a common source of malware.

 

 

Edited by itman
Link to comment
Share on other sites

12 hours ago, itman said:

Of note is this just published article on Android OS TV malware: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ .

The mitigation recommendation is;

 

Hi and thank you for replying!
it's qiet intresting as my tv connected to my receiver and might give a false arp. on the other side i installed one APK to install the iptv smarters as there wasnt on google play for sony and the apk might be infected with vo1d exploit.

i will check both problems and reply again.

p.s

are you a stuff member? have you read my logs?

Link to comment
Share on other sites

3 hours ago, Michael357 said:

i installed one APK to install the iptv smarters as there wasnt on google play for sony and the apk might be infected with vo1d exploit.

Where did you download the apk file from?

Link to comment
Share on other sites

5 hours ago, itman said:

Where did you download the apk file from?

from the internet. as a cyber person who know what is binding and what is kali etc i feel a bit stupid :) i know how to arp man in the middle sniffing others https and hash passwords so i wanst worry caues i dont have a camera but yes a microphone and its not good. otherwise all my accounts are 2fa. so have you seen my logs may be?

Edited by Michael357
Link to comment
Share on other sites

20 minutes ago, Michael357 said:

rom the internet. as a cyber person who know what is binding and what is kali etc i feel a bit stupid

I meant the specific web site where you downloaded the apk file from. I will see if I can find anything malicious about it.

Link to comment
Share on other sites

6 minutes ago, itman said:

I meant the specific web site where you downloaded the apk file from. I will see if I can find anything malicious about it.

dont remember brother, i think from here https://www.iptvsmarters.com/download/ but there are few links at first i probably downloaded from one of them, but as i know myself , from iptvsmarters. actually it deosnt matter, i remember contacting raralab.com ceo about his downloadable winrar infected lol, so at the time i downloaded it probably was infected and today not. i think i will see if they at last uploaded the iptvsmarters apk to google app store for sony tv's so i wont need to download it again from elswhere. here are the first links https://www.google.com/search?q=iptvsmarters+apk&oq=iptvsmarters+apk&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIJCAEQABgNGIAEMggIAhAAGA0YHjIICAMQABgNGB4yCAgEEAAYFhgeMggIBRAAGBYYHjIICAYQABgWGB4yCAgHEAAYFhgeMggICBAAGBYYHjIICAkQABgWGB7SAQg2ODE1ajBqNKgCALACAQ&sourceid=chrome&ie=UTF-8

Edited by Michael357
Link to comment
Share on other sites

17 minutes ago, Michael357 said:

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators.

However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

Edited by itman
Link to comment
Share on other sites

2 minutes ago, itman said:

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators. However, Hybrid-Analysis (CloudStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

thank you brother, i wasnt aware of cloudstrike, only of virustotal. anyway i read all information on clodstrike and i can say WTF. i will reformat my tv but the problem is i think all iptvsmarters apk's are infected. hope iptvsmarters is already available on sony google app store. i really appreciate your time and effort brother for helping!

Link to comment
Share on other sites

27 minutes ago, itman said:

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators.

However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

damn, the iptvsmarters isnt on google sony store. you know, i did the same on the other sony tv which is sony google not android and the arp indicates only 192.168.1.5 which is the big tv android. how come?

Edited by Michael357
Link to comment
Share on other sites

On 9/14/2024 at 12:10 AM, itman said:

This is interesting.

VirusTotal shows zero detections for the .apk w/no suspicious indicators.

However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 .

hi, i asked the iptvsmarters owner on whatsapp why his apk download he gave me from his site is infected with hybrid scanner? he got really mad at me and blocked me :) after he showed me hybris scanned also detects whatsapp apk.

what do you say about that?

Link to comment
Share on other sites

Here's the full Hybrid-Analysis report: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767/66cce8a28b08e141e3011fef .

Of note:

Eset_Android.thumb.png.0aba14a045a5e14ffda449a1328a8530.png

As far as WhatsApp goes, it's a favorite target for attackers. Example here: https://thehackernews.com/2023/11/canesspy-spyware-discovered-in-modified.html ;

Quote

The development marks the continued abuse of modified versions of messaging services like Telegram and WhatsApp to distribute malware to unsuspecting users.

WhatsApp, for its part, treats unofficial and third-party versions as fake, cautioning that "we can't validate their security practices" and that using them may pose the risk of carrying malware that could breach customers' privacy and security.

"WhatsApp mods are mostly distributed through third-party Android app stores, which often lack screening and fail to take down malware," Kalinin said. "Some of these resources, such as third-party app stores and Telegram channels, enjoy considerable popularity, but that is no guarantee of safety."

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...