Cybersecurity and Entertainment
Entertainment devices are vulnerable
by Charles Parker
When people aren’t working, they tend to migrate towards some form of entertainment. One
outlet for this recreation is the Roku. The device allows the user access multiple avenues of
entertainment. As part of the service, customers need to provide a credit card number and other
information.
Fortunately, this generally works very well for the customers. They login to their subscription and
start their evening of leisure. Unfortunately, recently Roku had a little issue with a compromise.
Roku sent a notice to 15,363 of their customers. They noted the compromise disclosed the
customer accounts and their credit card information. Roku found the adversaries secured login
information and attempted to purchase streaming subscriptions in a few instances. These could
have been for Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others.
The attack vector has not been detailed. It’s likely though the attackers used the general
credential stuffing attack. There have been so many breaches over the years, there’s an
expansive list of passwords for nearly every person. With the automated attacks, all of these
and common variations of the known passwords can be checked in quick order.
The adversaries did shift the rest of the attack by changing the login information for the account
once it was compromised. They also have been selling the stolen data. For this compromise,
the one positive was the Roku accounts didn’t collect the customer social security number.
This is another example of why people should have different passwords for the different
accounts. When the user has one or two passwords for everything, when these are
compromised, the other accounts are fair game to be attacked.
About the author-
Charles Parker II has been working in the info sec field for over a decade, in the banking,
medical, automotive, and staffing industries. Charles has matriculated and attained the MBA,
MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security
(ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and
SCADA.
Kommentare