
Remote Root in DirectTV's Wireless Video Bridge - amatus
https://www.zerodayinitiative.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair
======
ChrisClark
It appears emailing security@linksys.com does absolutely nothing. Do they just
pick and choose what to ignore maybe?

This is such a simple hack that anyone could exploit it, and the public
weren't even aware of it because ZDI was following responsible disclosure,
only to be ignored.

------
badrabbit
Vendors have to go through FCC certification before shipping consumer
electronics. If the FCC adds security audit to this,maybe so much of these
silly insecurities could be solved before leaving the factory(to avoid wastes
FCC certification fees).

In reality politics isn't so simple,but politicians these days keep having
hearing after hearing and declaration after another on improving "cyber"
security. Is my desire here really hopeless?

EDIT: FCC rule I was referencing:
[https://en.m.wikipedia.org/wiki/Title_47_CFR_Part_15](https://en.m.wikipedia.org/wiki/Title_47_CFR_Part_15)

------
johansch
I thought Linksys were owned by Cisco, but it seems like they were sold to
Belkin in 2013. So, don't buy Belkin stuff.

The only way to combat this kind of anti-social behavior is through
regulation. EU GDPR goes quite far for online services, but for devices it
probably makes more sense to have some other kind of scheme. I think that a
deposit-based scheme may be necessary given the lifetime of this kind of
devices.

------
mhmiles
I don’t think DirecTV is deploying these any more in favor of the gen 2 Genie
that has wireless built into the main receiver. Not sure how inclined they’ll
be to push a fix

