Sep 9, 2019 - Technology

Netflix and Chromecast bug lets jerks crash your television

Joe Uchill

Photo: Jaap Arriens/NurPhoto via Getty Images

A glitch in software designed by Netflix in 2013, used in early versions of Google Chromecast and installed in several mid-decade televisions and other devices would allow an attacker to crash a TV, according to new research from security firm ForAllSecure.

The big picture: Netflix's DIAL software allowed people to broadcast video from a phone or computer onto their television and was an early component of Chromecast until Google moved that software in a different direction. Though the software is now obsolete, many TVs came preinstalled with DIAL.

The discovery was made by 2 interns at ForAllSecure completing an assignment to use the company's Mayhem automated security analysis software to analyze open source software.

The interns turned the glitches over to Netflix through a "bug bounty" program, where Netflix offers cash rewards to researchers who uncover security flaws in its products. Netflix has now patched the bug.
The interns will get to keep the bounty, co-founder and CEO David Brumley told Axios.

“You’ve got to motivate interns to stay in security somehow,” he said.

Details: The DIAL glitch comes from an error in how data is stored in computer memory in a modified version of a coding library known as Mongoose.

It’s not immediately clear if the glitch affects other products using Mongoose around the same time, noted Brumley.

Add Axios on Google

Netflix and Chromecast bug lets jerks crash your television

What to read next