Owners of several Sony Bravia models should check that their smart TVs are running the latest firmware to ensure they're still not vulnerable to three security flaws, one of which can result in "complete remote code execution with root privilege".
The flaws, reported by researchers at Fortinet, were plugged in over-the-air (OTA) firmware updates Sony shipped in August. After completing the rollout in early August, Sony published an advisory detailing the flaws at the end of the month.
Fortinet's FortiGuard Labs researchers found the vulnerabilities in the Sony TVs' Photo Sharing Plus application. These included a stack buffer overflow, a directory traversal bug, and a command injection flaw.
According to Fortinet, the command injection flaw is the bug that could lead to remote code execution with root privilege.
"Since they can be exploited remotely without authentication by attackers who are connected to the same local network, customers should upgrade their TVs as soon as possible," the researchers warn.
Sony Bravia TV owners should have automatically received the firmware updates assuming they've not changed the device's default settings.
By default the affected Bravia TVs are set to automatically receive updates when they connect to the internet.
Despite this default, Sony has advised users to visit the Download section of the TV's product page and check it's running the fixed firmware.
Affected Bravia TVs include models from Sony's R5C, WD75, WD65, XE70, XF70, WE75, WE6, and WF6 series.
Fortinet notified Sony's product security incident response team in March, which the company immediately acknowledged. After confirming the flaws, Sony began shipping the OTA updates on June 1.
The researchers note that Sony's response suggests smart TV security is getting better, but warned that privacy issues remain.
Smart TVs though are just part of a growing number of connected devices that could give remote attackers a foothold in homes or businesses.
Previous and related coverage
Anyone could watch and listen to the live stream from the internet-connected smart camera.
Smart office devices could create a major security headache: do you really know what those gadgets can do?
Vulnerable devices like routers and webcams are providing an easy means of cyber criminals conducting attacks - and staying anonymous while doing it.
Researchers have discovered that cyber-attackers can remotely gain control of an IoT camera, allowing them to spy on users and more.
More and more Americans are trading a cubicle for a couch, but it does come with some obstacles. Here are the main challenges and how to handle them.
Certain smart TVs not only raise privacy concerns but can be controlled by hackers exploiting easy-to-find security flaws, according to the publication.