Researchers have discovered a number of vulnerabilities in EZCast, a popular streaming device. EZCast is a dongle, similar to Google’s Chromecast, which enables you to connect devices such as laptops, smart phones and tablets to your television set. The dongle is attached to the HDMI port of the TV and the EZCast software allows users to stream media content from their devices onto the television, including music, videos and pictures. The EZCast application has been downloaded by up to 5 million users in the Google Play app store. 

As reported by CheckPoint Software, the device runs its own Wi-Fi network which is easily infiltrated. This EZCast network is connected to the user’s home network, meaning that the device creates a vulnerability and potential point of attack: “Entering the network via the dongle was extremely easy…This network is secured only by an 8 (numeric) digit password with WPS enabled by default (and is easily cracked). A successful brute-force attack on WPS allows unauthorized parties to gain access to the network. Another attack vector would be via the internet.” 

After easily infiltrating the EZCast network, the researchers found two critical vulnerabilities. One could allow a potential attacker to upload a malicious file onto the device which “will fully compromise the device and enable us to stay persistent.” The second vulnerability would allow an attacker to remotely inject code into the device. This is a hypothetical hack in a research setting but it reveals the problematic nature of our increased reliance on internet-connected devices and the expectations thereof. The researchers conclude that, “The EZCast device was never designed with security in mind. We were able to uncover a number of critical vulnerabilities, and we barely scratched the surface…Security for IoT should be raised to the same levels we expect and take for granted in computer security.”