Security experts at Bitdefender have issued a warning to anyone with a Fire TV Stick plugged into the television, to check that it is fully updated due to vulnerabilities that leave them open to cyber-criminal attacks.
One vulnerability is so serious attackers could take full control of the device.
Three bugs were found within the operating system of Fire TV. Amazon were alerted of these issues late last year.
An urgent patch has been released but it has been urged that users check that everything is fully updated to the latest operating system.
This release seems to have come soon enough to avoid any attacks from taking place. There has been no evidence that the issues have been used against customers.
Bitdefender has advised it is working quite closely with Amazon’s Fire TV team for vulnerability disclosure.
To be able to update your Fire TV Stick, go to Settings > My Fire TV > About, then select Check for System Update. If an update is available, it can be installed right away. The system will restart once it is completed.
An Amazon spokesperson has said “Security is foundational to how we design devices, features, and experiences. We have released fixes for this issue on Fire TV devices and the Fire TV remote app. We have no evidence that this issue has been used against customers, and we appreciate the work of researchers who help bring potential issues to our attention.”
The main vulnerability is Unauthorised authentication through local network PIN brute forcing. It began through an improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol. This could have resulted in attackers gaining control of the device.