A glitch in software designed by Netflix in 2013, used in early versions of Google Chromecast and installed in several mid-decade televisions and other devices would allow an attacker to crash a TV, according to new research from security firm ForAllSecure.
The big picture: Netflix's DIAL software allowed people to broadcast video from a phone or computer onto their television and was an early component of Chromecast until Google moved that software in a different direction. Though the software is now obsolete, many TVs came preinstalled with DIAL.
The discovery was made by 2 interns at ForAllSecure completing an assignment to use the company's Mayhem automated security analysis software to analyze open source software.
- The interns turned the glitches over to Netflix through a "bug bounty" program, where Netflix offers cash rewards to researchers who uncover security flaws in its products. Netflix has now patched the bug.
- The interns will get to keep the bounty, co-founder and CEO David Brumley told Axios.
- “You’ve got to motivate interns to stay in security somehow,” he said.
Details: The DIAL glitch comes from an error in how data is stored in computer memory in a modified version of a coding library known as Mongoose.
- It’s not immediately clear if the glitch affects other products using Mongoose around the same time, noted Brumley.
