Wi-Fi & connectivity

Having Roku connectivity problems? Get the help and troubleshooting tips you need for Roku wireless connection issues, ethernet connections, and more.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fitzwat2
Reel Rookie

Roku Streaming Stick is hacked?

My computer at my home detected a port scan originating from My Roku Streaming Stick.  Can someone please advise if this is normal behavior?  I need to know more about this device please.  Can someone install a third party application on it and access it?

0 Kudos
7 REPLIES 7
StreamerUser
Roku Guru

Re: Roku Streaming Stick is hacked?

Depending on the specific behavior, it may be completely normal (UPnP/DLNA/SSDP/mDNS/multicast/etc)

Of course someone can install a third party app on it - that's the entire purpose of it (You=first party, Roku=second party, Company app=third party).

As far as security etc goes: all computing devices are vulnerable, especially network connected devices (including streamers, regardless of OS or implementation).

As to whether your specific device is compromised, that's unlikely, though possible.

You are probably just seeing the normal Roku network/internet related "chattiness".

 

0 Kudos
fitzwat2
Reel Rookie

Re: Roku Streaming Stick is hacked?

so you are saying that running port scans is normal behavior for a roku streaming stick?  Why does a roku streaming stick need to run port scans on a network?  The device wasn't even plugged into my computer.  It was plugged into my television.

0 Kudos
ppanish
Reel Rookie

Re: Roku Streaming Stick is hacked?

My security system reports that Roku systems are using a long outdated UPnP library in their build that has buffer overflow vulnerabilities. See https://www.kb.cert.org/vuls/id/922681  for details on this issue. This report is from 2014 but I’ve been unable to verify if the library used by Roku has been updated.

0 Kudos
StreamerUser
Roku Guru

Re: Roku Streaming Stick is hacked?


@ppanish wrote:

My security system reports that Roku systems are using a long outdated UPnP library in their build that has buffer overflow vulnerabilities. See https://www.kb.cert.org/vuls/id/922681  for details on this issue. This report is from 2014 but I’ve been unable to verify if the library used by Roku has been updated.


Which tool are you using to scan?

0 Kudos
ppanish
Reel Rookie

Re: Roku Streaming Stick is hacked?

I’m using a router based security system by Minim (https://www.minim.com/ ). I don’t get a list of the libraries installed, only a notification of devices with potential security risks and the applicable security notification (the link I provided in my earlier reply).

I tried to find a way to ask Roku Support what library version is used in the current build, but I’m not willing to hang on the phone, and no other method other than the community appears to be available.

0 Kudos
StreamerUser
Roku Guru

Re: Roku Streaming Stick is hacked?

They dont have a security-specific contact method/means, and it hampers them (nor do they offer any kind of bug bounty etc, which is consistent with their general attitude towards security)

 

 

0 Kudos
fitzwat2
Reel Rookie

Re: Roku Streaming Stick is hacked?

this speaks volumes about their corporate culture.  Probably won't be long until they get hit by ransomware.

0 Kudos