Stories

Netflix and Chromecast bug lets jerks crash your television

Photo: Jaap Arriens/NurPhoto via Getty Images

A glitch in software designed by Netflix in 2013, used in early versions of Google Chromecast and installed in several mid-decade televisions and other devices would allow an attacker to crash a TV, according to new research from security firm ForAllSecure.

The big picture: Netflix's DIAL software allowed people to broadcast video from a phone or computer onto their television and was an early component of Chromecast until Google moved that software in a different direction. Though the software is now obsolete, many TVs came preinstalled with DIAL.

The discovery was made by 2 interns at ForAllSecure completing an assignment to use the company's Mayhem automated security analysis software to analyze open source software.

  • The interns turned the glitches over to Netflix through a "bug bounty" program, where Netflix offers cash rewards to researchers who uncover security flaws in its products. Netflix has now patched the bug.
  • The interns will get to keep the bounty, co-founder and CEO David Brumley told Axios.
    • “You’ve got to motivate interns to stay in security somehow,” he said.

Details: The DIAL glitch comes from an error in how data is stored in computer memory in a modified version of a coding library known as Mongoose.

  • It’s not immediately clear if the glitch affects other products using Mongoose around the same time, noted Brumley.