Help

Network - Wireless & Wired Connections

Help & troubleshooting for network issues, including connecting your device to your home Wi-Fi network, connecting to public networks, troubleshooting wireless issues & ethernet connections, and optimizing streaming performance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fitzwat2
Level 7
‎02-08-2021 05:46 AM

Roku Streaming Stick is hacked?

My computer at my home detected a port scan originating from My Roku Streaming Stick.  Can someone please advise if this is normal behavior?  I need to know more about this device please.  Can someone install a third party application on it and access it?

0 Kudos
Reply
7 REPLIES 7\
StreamerUser
Level 20
‎02-08-2021 09:55 PM

Re: Roku Streaming Stick is hacked?

Depending on the specific behavior, it may be completely normal (UPnP/DLNA/SSDP/mDNS/multicast/etc)

Of course someone can install a third party app on it - that's the entire purpose of it (You=first party, Roku=second party, Company app=third party).

As far as security etc goes: all computing devices are vulnerable, especially network connected devices (including streamers, regardless of OS or implementation).

As to whether your specific device is compromised, that's unlikely, though possible.

You are probably just seeing the normal Roku network/internet related "chattiness".

 

0 Kudos
Reply
fitzwat2
Level 7
‎02-09-2021 03:13 AM

Re: Roku Streaming Stick is hacked?

so you are saying that running port scans is normal behavior for a roku streaming stick?  Why does a roku streaming stick need to run port scans on a network?  The device wasn't even plugged into my computer.  It was plugged into my television.

0 Kudos
Reply
ppanish
Level 7
‎06-04-2021 05:06 AM

Re: Roku Streaming Stick is hacked?

My security system reports that Roku systems are using a long outdated UPnP library in their build that has buffer overflow vulnerabilities. See https://www.kb.cert.org/vuls/id/922681  for details on this issue. This report is from 2014 but I’ve been unable to verify if the library used by Roku has been updated.

0 Kudos
Reply
StreamerUser
Level 20
‎06-04-2021 07:32 AM

Re: Roku Streaming Stick is hacked?

@ppanish wrote:

My security system reports that Roku systems are using a long outdated UPnP library in their build that has buffer overflow vulnerabilities. See https://www.kb.cert.org/vuls/id/922681  for details on this issue. This report is from 2014 but I’ve been unable to verify if the library used by Roku has been updated.

Which tool are you using to scan?

0 Kudos
Reply
ppanish
Level 7
‎06-04-2021 08:16 AM

Re: Roku Streaming Stick is hacked?

I’m using a router based security system by Minim (https://www.minim.com/ ). I don’t get a list of the libraries installed, only a notification of devices with potential security risks and the applicable security notification (the link I provided in my earlier reply).

I tried to find a way to ask Roku Support what library version is used in the current build, but I’m not willing to hang on the phone, and no other method other than the community appears to be available.

0 Kudos
Reply
StreamerUser
Level 20
‎06-04-2021 08:44 AM

Re: Roku Streaming Stick is hacked?

They dont have a security-specific contact method/means, and it hampers them (nor do they offer any kind of bug bounty etc, which is consistent with their general attitude towards security)

 

 

0 Kudos
Reply
fitzwat2
Level 7
‎06-04-2021 08:46 AM

Re: Roku Streaming Stick is hacked?

this speaks volumes about their corporate culture.  Probably won't be long until they get hit by ransomware.

0 Kudos
Reply