fun with XBMC

We’ve been spending some time playing around with XBMC as this platform is starting to get quite popular.

We found a way to gain shell on xbmcbuntu and raspbmc devices reliably. The out-of-the-box configuration of these devices is part of the attack. We’re currently working on finding a way to do the attack with XBMC installed on any platform.

The vulnerability pre-requisites are:

  • xbmcbuntu or raspbmc
  • Allow control of XBMC via HTTP with default credentials (enabled to control XBMC with their phone remote – often used.)
At any rate we will be posting the working attacks on xbmcbuntu and raspbmc shortly.
Oh, we also found a drive file contents disclosure vulnerability in xbmc, pre-requisite being allow control of XBMC via HTTP enabled with default credentials.
stay tuned.

Leave a Reply

Your email address will not be published. Required fields are marked *