Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Chronicle Live
Chronicle Live
Entertainment
David Snelling & Aaron Morris

Amazon Fire Stick users issued urgent warning over security vulnerabilities

Fire Stick streamers across the United Kingdom have been warned that they should check for potential updates, as older software versions could be open to horrific cyber attacks from internet fraudsters.

The warning has been issued by the team at Bitdefender, who discovered a number of loopholes and vulnerabilities which could impact device security.

One of the known flaws is so serious that it could result in attackers gaining complete remote control of a device, which is worrying for anyone who has Amazon's popular TV technology.

Read more: 'Hidden' Amazon page that shows shoppers incredible deals

The Express Reports that three bugs in total were identified within the Fire TV operating system, with Amazon becoming aware of the issues in late 2022. As a result, the online marketplace has rolled out an urgent patch, but it's vital that customers check their devices to make sure they are running on the newest version.

Luckily, it appears that the software release landed just in time to prevent any attacks taking place, with no standing evidence that the hacks have been used and their Fire Sticks. Bitdefender says it has been working closely with the Amazon Fire TV team through all stages of vulnerability disclosure with the firm praising Amazon for its speedy response.

To check your Fire TV is up to date follow these steps

To update your Fire TV Stick, navigate to Settings > My Fire TV > About and select Check for System Update. If there is an update available, you can install it right away. Your system will restart once it is done downloading.

Vulnerabilities at a glance

• Unauthorized authentication through local network PIN brute forcing. This vulnerability was caused by improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol that could have resulted in attackers gaining control of the device. (CVE-2023-1385)

• A vulnerability in the setMediaSource function on the amzn.thin.pl service allowed for arbitrary Javascript code to be executed. It could be used to load arbitrary HTTP URLs in the webview. (CVE-2023-1384)

• A vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. (CVE-2023-1383)

Don't forget, if your Fire TV hasn't been upgraded the vulnerabilities will still be open for attackers to advantage of - so make sure you check your device as soon as possible.

Read next:

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.