Smart TV and then exposed vulnerabilities--Supra Smart Cloud TV vulnerability can cause the device to be hijacking-vulnerability warning-the black bar safety net

An attacker can take advantage of a smart TV vulnerability, the attack connected to the home router to get remote access.
Supra smart TV in a not patched the vulnerability so that the same Wi-Fi network, the attacker can hijack the TV device, play their own content, such as a fake emergency broadcast message.
By security researcher Mishra found the vulnerability, CVE-2019-12477 exist in the SUPRA Smart Cloud TV of the brand, the brand in Russia and Eastern Europe are very popular. According to the network information, the television is primarily through online sales form in Russia, China and the United Arab Emirates for sale.
This vulnerability problem is that theopenLiveURL（）function, the TV use it to get streaming content. But Mishra found that this function of the lack of certification requirements or session management. Therefore, the attacker can pass to the static URL to send a specially crafted request to trigger the vulnerability, allowing an attacker to inject a remote file.
Mishra initially through source code review found this vulnerability, and then through the Grab application, and read each request to trigger this vulnerability. Supra Smart Cloud TV allows openLiveURL function contained in the remote files allows a local attacker by“/ remote / media_control it? action = setUri & quot; uri = URI”instruction broadcast false video without any authentication.
The attacker must have access to the home Wi-Fi network requirements apparently can in some extent alleviate the threat. But the router in the growing Internet of things vulnerability can allow an attacker remote access to the network. For example, the recent discovery of two low-end TP-Link router model TP-Link WR940N and TL-WR941ND, are susceptible to vulnerabilities. IBM Research Center Grzegorz Wypych in the 4 month study found these routers in the zero-day vulnerability could allow a malicious third party from a remote control device.
SUPRA of this vulnerability is still not patched, also can not contact the supplier.
Smart TV hijacking incidents are not unheard of: this year 1 month, a hacker taking advantage of a vulnerable Chromecast and Google Home devices in the consumer TV broadcast news, propaganda famous YouTube star PewDiePie is.
2018 Consumer Reports exposure while Samsung’s and TCL’s two smart TV models, contain can lead to attacker control of the target TV vulnerability. The report noted that to exploit these vulnerabilities, hackers, regardless of location, are able to control the TV, change channels, adjust volume, or play offensive YouTube video content.
Other smart TV vulnerability also there is a problem. For example, last fall, security researchers 8 have vulnerability Sony Bravia smart TV models, these vulnerabilities could lead to root access complete remote code execution. Controlled the TV can be connected to a botnet, or be used to share the same network device attacks springboard.
With smart TVs becoming more common, their vulnerability is also growing. While the smart TV includes an Always-On connection and high-performance GPU, destined to be cybercriminals the meat and potatoes.