It's quite interesting to notice that the recent firmware versions released by Philips for their 2013 models of SmartTV (6/7/8/9xxx) have the WiFi Miracast feature enabled by default ("DIRECT-xy") with a fixed password and no PIN or request of permission for the new incoming WiFi connections.
The impact is that anyone in the range of the TV WiFi adapter can easily connect to it and abuse of all the nice features offered by these SmartTV models like:
- accessing the system and configuration files located on the TV
- accessing the files located on the attached USB devices
- transmitting video, audio and images to the TV
- controlling the TV
- stealing the browser's cookies for accessing the websites used by the user
- a lot more
Funny eh?
revuln.com
twitter.com/revuln