Tuesday, April 23, 2013

fun with XBMC

We've been spending some time playing around with XBMC as this platform is starting to get quite popular.

We found a way to gain shell on xbmcbuntu and raspbmc devices reliably. The out-of-the-box configuration of these devices is part of the attack. We're currently working on finding a way to do the attack with XBMC installed on any platform.

The vulnerability pre-requisites are:

  • xbmcbuntu or raspbmc
  • Allow control of XBMC via HTTP with default credentials (enabled to control XBMC with their phone remote - often used.)
At any rate we will be posting the working attacks on xbmcbuntu and raspbmc shortly.

Oh, we also found a drive file contents disclosure vulnerability in xbmc, pre-requisite being allow control of XBMC via HTTP enabled with default credentials.

stay tuned.

3 comments :

  1. It's what Kodi was called before it became Kodi.

    ReplyDelete
  2. It's what Kodi was called before it became Kodi.

    ReplyDelete