Remote attack flaw found in IPTV streaming service
A critical remote execution flaw has been found in a Ukrainian TV streaming device manufacturer which, if exploited, granted attackers the power to seize control of the streaming service and content on display.
According to Check Point Research, Infomir — a Ukrainian IPTV (Internet Protocol Television), OTT (Over-the-Top) and VoD (Video-on Demand) content streaming provider was the source of the security flaw.
On Wednesday, researchers said in a blog post that Infomir’s web management platform, Ministra — also known as Stalker — is used to manage set-top boxes (STBs). The platform acts as a conduit between consumer STBs and television service providers which buy into the platform.
Ministra does require authentication to access — but a logic problem ballooned into a major security vulnerability which removed this protection.
The team was able to circumvent the demand for authentication and seize control of some admin AJAX API functions due to a sanitization key failure, leading to the potential for SQL and PHP Object injection and the remote execution of code.
Check Point says that it is difficult to estimate the full impact of the security flaw, but as over 1000 content providers and resellers are connected to Ministra, there would likely be a “very high” number of worldwide customers which may have been impacted.
“In order to receive the television broadcast, the STB connects to the Ministra and service providers use the Ministra platform to manage their clients,” the researchers say. “The risks would be their entire customer database of personal information and financial details could be stolen, as well as allowing an attacker to potentially stream any content they choose on to the screens of their customer network.”
The vulnerability was first discovered and reported in 2018 and was patched prior to public disclosure in Ministra version 5.4.1. However, as some service providers may not have applied the fix, the vulnerability has also been reported to the CTA Forum.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0