Firewall, malicious software, and Tivo devices

Discussion in 'TiVo Coffee House - TiVo Discussion' started by Old Hickory, Mar 22, 2017.

  1. Old Hickory

    Old Hickory Active Member

    203
    28
    Jan 13, 2011

    Advertisements

    I just read an article about internet connected devices being hit by malware and becoming host to malicious software. Wall Street Journal 3/21/2017. The Hackers Inside Your Security Cam. The article mentions wifi connected devices such as cameras, thermostats, and DVRs. So I wondered how Tivo devices might be protected against this? Or is it our responsibility to protect Tivo?

    The article mentioned a few things* to help secure your smart devices but it failed to mention how to prevent these attacks from entering the home network at the entry point.

    *Things were to re-boot the devices which typically clears any malware then before you restore the internet connection apply a stricter password and install better firewall at the router.

    How do you guys deal with this?
     
  2. JoeKustra

    JoeKustra in the other Alabama TCF Club

    20,272
    3,762
    Dec 7, 2012
    Ashland, PA...
    Once I enabled DoS attack logging on my router. It filled up my log quickly. So I rely on the router, Windows Defender and Antimalware and Windows firewall. I know to pull the plug as soon as I see a Ransomeware popup. Basically, I don't care. But I don't open spam or use social media.

    If someone attacks my TiVo, maybe they will improve the guide.
     
    leswar and PSU_Sudzi like this.
  3. Mikeguy

    Mikeguy Well-Known Member

    27,636
    9,205
    Jul 28, 2005
    That is scary.
     
  4. gonzotek

    gonzotek tivo_xml developer

    2,538
    59
    Sep 24, 2004
    Outside...
    The article was referring to the security camera type of dvrs, not TiVos. These are generally produced by no-name vendors and without robust (or any) proper out-of-the-box security. Almost all TiVos(everything produced after early S3 models), however, are very difficult (to impossible) to install any third-party software on, even if you have physical access to the device. Their operating software is cryptographically signed, and as far as I know, despite a high level of interest from the hacker community, no one has been able to successfully get past that on modern tivos.
     
    Old Hickory likes this.
  5. JoeKustra

    JoeKustra in the other Alabama TCF Club

    20,272
    3,762
    Dec 7, 2012
    Ashland, PA...

    Advertisements

    I have a blanket over my Microwave. Can't be too careful. :eek:
     
    apsarkis, wish_bgr, CoxInPHX and 4 others like this.
  6. jth tv

    jth tv Well-Known Member

    1,723
    151
    Nov 15, 2014
    Since you brought it up, I saw this a while back but I have Not seen it anywhere else so grain of salt time:

    "Interestingly, the study said that the majority (79%) of exposed DVRs are in Chicago and more than three quarters (80%) of all exposed DVRs are made by TiVo."
    Study finds 178 million exposed cyber assets in the U.S.

    I haven't a clue whether it is true or not.
     
  7. JoeKustra

    JoeKustra in the other Alabama TCF Club

    20,272
    3,762
    Dec 7, 2012
    Ashland, PA...
  8. chicagobrownblue

    chicagobrownblue Well-Known Member

    3,465
    230
    May 29, 2008
    Chicago, IL
    My router has a built-in hardware firewall. Guests can connect to it wirelessly, but only with the router password which is long and random. You can check for a software / firmware update to your router and install it if one exists. My Tivo is connected wirelessly now and I feel that is fine. The camera on my notebook is covered up and I use Windows firewall on it and all my PCs.

    A lot of scare stuff on the internet is very theoretical and requires a lot of things to happen to hack a device. But, someone clicking on a malicious link or downloading a malicious file on a PC inside your network is still responsible for the vast majority of hacked systems.
     
    Old Hickory likes this.
  9. gonzotek

    gonzotek tivo_xml developer

    2,538
    59
    Sep 24, 2004
    Outside...
    Here is the report from Trend-Micro:
    US Cities Exposed in Shodan - Security News - Trend Micro USA
    Use the "Exposed Media Devices" button and search on TiVo. Here is the direct quote from their report:
    For those that don't know, TiVo-To-Go is an older, no-longer-fully-supported by TiVo, service that allows users to download unprotected recordings from TiVo. The TiVo hosts a small web server that facilitates the transfer of recordings from the tivo to a pc. In order for it to be seen on the internet, the user would have had to poke a hole in their router's firewall. By default, it would only be accessible from the local network. It is also password protected, requiring a user's unique 10-digit MAK before allowing access. To my knowledge there is no default password implemented in TiVo.
     
  10. lessd

    lessd Well-Known Member

    7,962
    93
    Jan 23, 2005
    CT
    Nobody has reported a US TiVo hack yet.
     
  11. HerronScott

    HerronScott Well-Known Member

    7,573
    1,111
    Jan 1, 2002
    Staunton, VA
    I can't imagine why any users would be doing this. Sheesh.

    Scott
     
  12. mrizzo80

    mrizzo80 Well-Known Member

    3,207
    556
    Apr 16, 2012
    I've always been under the impression that routers, even consumer-grade ones, act as a traffic cop. Did someone inside the network initiate the request that resulted in inbound traffic on the router? If so, let the traffic in. If not, the incoming packet will be refused at the router as "sorry, no one in here asked for this." Is this not correct?

    How do recordings I schedule from my phone hit my TiVo so quickly? Do TiVo's maintain a "keep alive" connection open at all times to the mothership, which allows that incoming traffic to be allowed past the router?
     
    jth tv likes this.
  13. southerndoc

    southerndoc TiVo Fanatic

    730
    64
    Apr 4, 2003
    Atlanta, GA USA
    I tried searching for "The Hackers Inside Your Security Cam" on the WSJ's website, but was unable to find it.

    Do you have a link?
     
  14. Series3Sub

    Series3Sub Well-Known Member

    1,502
    133
    Mar 14, 2010
    AGAIN, as stated by gonzotek, the "DVR's" with this security flaw are the surveillance camera DVR's, NOT any DVR's for recordings TV shows like TiVo, Hopper, Genie, CM DVR+. These property surveillance DVR's vulnerable to mis-use are often made in China (and a few other off-shore locations). As for other Interntet of Things and how to NOT be a victim: DO NOT INSTALL ANY IOT DEVICES IN YOUR HOME.

    IF you don't like that device, then the only other safe thing to do is to ONLY put you IOT devices on a SEPERATE network from where you have your PC's, printers, etc. There are funky ways to do this or use and edge router from Ubiquity, for example, that provides full control and won't interact with any other devices, but that takes some knowledge, but can be done.

    And FWIW, it has been disclosed that thsoe internet connected HDTV's are gaterhing all sorts of data about you and transmitting it "home."

    As for me, I have NO INTEREST in ANY IOT devices. FWIW, I believe in a short time, the major router makers will introduce technology (easy configuring/set-up) to easily keep IOT devices either seperate from you LAN in some manner of tech, or won't allow them to communicate with any other devices you don't want them to. We have seen modern consumer routers (still riddled with some security flaws) offer more secuirty and ease of QoS and other settings that used to take a tech to know how to set and make the UI easy to use, but extrememly effective. Considering the big security hole IOT's provide and more people becoming aware of it, I think the major consumer router makes will add addtional security for IOT uses as a way for your to dump your current router and buy a new one and they make more money :).
     
    Old Hickory likes this.
  15. southerndoc

    southerndoc TiVo Fanatic

    730
    64
    Apr 4, 2003
    Atlanta, GA USA
    I have a separate VLAN set up for my IoT devices, another for my Samsung TV's (where I disable the ports to prevent access except when I periodically check for firmware updates), and another for my VoIP phones (RingCentral). It's not fool-proof, but it'll definitely make it a little more difficult.

    I have about 20 Amazon Dash buttons that I need to move from my main network to my "miscellaneous" networks where my IoT devices connect. I just set this up a few weeks ago, so I haven't had time to move the Dash buttons. Not sure how much of a risk they would be since they seem to connect then disconnect fairly quickly.
     
  16. JoeKustra

    JoeKustra in the other Alabama TCF Club

    20,272
    3,762
    Dec 7, 2012
    Ashland, PA...
    Certain actions, like channel list changes and other management changes cause a VCM Connection. It's how TiVo's online.com site syncs up with your box. Check a new channel and then check System Information. You should see a change in VCM Connection time. It's not always instant, so check before and after to see it change. If you want to know who gets the update, ping i.TiVo.com, which should say Akimai.
     
    Last edited: Mar 23, 2017
  17. HerronScott

    HerronScott Well-Known Member

    7,573
    1,111
    Jan 1, 2002
    Staunton, VA
    Joe,

    Are you sure that the VCM connections use i.tivo.com? I thought that was images (for which Akamai should be good handling distributed content).

    Scott
     
  18. JoeKustra

    JoeKustra in the other Alabama TCF Club

    20,272
    3,762
    Dec 7, 2012
    Ashland, PA...
    Not sure. It's not the only location I have trapped on my router. It's just the one I remember. It could even be different now. It's been a while (before Rovi). :oops:
     
  19. Old Hickory

    Old Hickory Active Member

    203
    28
    Jan 13, 2011
    I read it old school (which is the article title I provided). Front page below the crease. But here is the link (if you have access).

    Oops. Can't link an article that is behind the member access. Sorry.

    (Removed link)
     
    Last edited: Mar 24, 2017
  20. southerndoc

    southerndoc TiVo Fanatic

    730
    64
    Apr 4, 2003
    Atlanta, GA USA
    Interesting. I searched for the title you quoted, which is what was in the print edition (I finally found this in the PDF version of the front page). However, the new title is "What's Attacking the Web? A Security Camera in a Colorado Laundromat."
     

Share This Page

spam firewall

Advertisements