Network - Wireless & Wired Connections

Help & troubleshooting for network issues, including connecting your device to your home Wi-Fi network, connecting to public networks, troubleshooting wireless issues & ethernet connections, and optimizing streaming performance.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fitzwat2
Level 7

Roku Streaming Stick is hacked?

My computer at my home detected a port scan originating from My Roku Streaming Stick.  Can someone please advise if this is normal behavior?  I need to know more about this device please.  Can someone install a third party application on it and access it?

0 Kudos
7 REPLIES 7\
StreamerUser
Community Streaming Expert

Re: Roku Streaming Stick is hacked?

Depending on the specific behavior, it may be completely normal (UPnP/DLNA/SSDP/mDNS/multicast/etc)

Of course someone can install a third party app on it - that's the entire purpose of it (You=first party, Roku=second party, Company app=third party).

As far as security etc goes: all computing devices are vulnerable, especially network connected devices (including streamers, regardless of OS or implementation).

As to whether your specific device is compromised, that's unlikely, though possible.

You are probably just seeing the normal Roku network/internet related "chattiness".

 

StreamerUser
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
fitzwat2
Level 7

Re: Roku Streaming Stick is hacked?

so you are saying that running port scans is normal behavior for a roku streaming stick?  Why does a roku streaming stick need to run port scans on a network?  The device wasn't even plugged into my computer.  It was plugged into my television.

0 Kudos
ppanish
Level 7

Re: Roku Streaming Stick is hacked?

My security system reports that Roku systems are using a long outdated UPnP library in their build that has buffer overflow vulnerabilities. See https://www.kb.cert.org/vuls/id/922681  for details on this issue. This report is from 2014 but I’ve been unable to verify if the library used by Roku has been updated.

0 Kudos
StreamerUser
Community Streaming Expert

Re: Roku Streaming Stick is hacked?


@ppanish wrote:

My security system reports that Roku systems are using a long outdated UPnP library in their build that has buffer overflow vulnerabilities. See https://www.kb.cert.org/vuls/id/922681  for details on this issue. This report is from 2014 but I’ve been unable to verify if the library used by Roku has been updated.


Which tool are you using to scan?

StreamerUser
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
ppanish
Level 7

Re: Roku Streaming Stick is hacked?

I’m using a router based security system by Minim (https://www.minim.com/ ). I don’t get a list of the libraries installed, only a notification of devices with potential security risks and the applicable security notification (the link I provided in my earlier reply).

I tried to find a way to ask Roku Support what library version is used in the current build, but I’m not willing to hang on the phone, and no other method other than the community appears to be available.

0 Kudos
StreamerUser
Community Streaming Expert

Re: Roku Streaming Stick is hacked?

They dont have a security-specific contact method/means, and it hampers them (nor do they offer any kind of bug bounty etc, which is consistent with their general attitude towards security)

 

 

StreamerUser
Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
fitzwat2
Level 7

Re: Roku Streaming Stick is hacked?

this speaks volumes about their corporate culture.  Probably won't be long until they get hit by ransomware.

0 Kudos