Get 1,000+ Free Secret Apps on Firestick & Android TV/Google TV

TV Channels

Firestick Keyboard Remote Tool Removed for Security Reasons

Firestick Keyboard tool removed

In February of this year, Amazon added a new feature to Firestick and Fire TV devices that would allow remote access to the keyboard via web browser.

The tool was built to make it easier for device owners to type long URLs or insert usernames and passwords instead of using the Firestick remote that does not have any keyboard functionality.

Accessing the keyboard remote tool was provided via QR Code that displayed any time you open the keyboard on Firestick devices as pictured below.

Scan QR Code to access Firestick Keyboard Remote Tool

This would then open a webpage on your preferred browser to easily type web addresses or login credentials. Unfortunately, Amazon has since removed this feature due to possible security issues associated with the new feature.

If you visit the page that hosted access to the Keyboard remote tool, you will see that it is now “Under Maintenance” and no longer available for use.

Keyboard Remote Tool under maintanence

The QR Code that once displayed when launching the keyboard has also been removed and has returned to its original format as pictured below.

original firestick keyboard

These changes were made after tech firm Green Line Analytics noticed security issues associated with this feature that could leave Firestick owners susceptible to unauthorized access to their devices.

This is because someone could potentially acquire the QR Code or personal device URL of another Firestick owner and access it remotely to install unwanted or malicious applications without the users’ consent.

This was first reported by Elias at AFTVNews.com who reached out to Amazon for a comment on the situation and was provided with the following:

We appreciate the work of independent researchers to help bring issues to our attention. While we’re still reviewing this research, we immediately disabled the QR feature at issue for Fire TV customers, which fully mitigates the scenario described by the researchers. We look forward to bringing this feature back for customers soon.

It is unclear if or when this feature will ever return but in the meantime, users can always use the Fire TV Remote App on mobile devices and tablets that has a built-in keyboard to type without using the Firestick remote.

Let us know your thoughts on this article and Amazon removing the Firestick Keyboard Remote Tool in the comment section below!

Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.

This Advisor provides all the best cord-cutting tips to get the most out of your favorite streaming devices and more.

Click the link below to join the other 800,000 Advisor subscribers.

Free TROYPOINT Advisor

This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, visitors will receive a discount due to the special arrangements made for our fans. Learn more on my Affiliate Disclaimer page.


YOU'RE BEING RECORDED...

Your online activity is recorded by your government, Internet Service Provider, app/addon/IPTV devs and all websites through your identifying IP address

Stream anonymously by using Surfshark VPN

Your Current Identifying IP Address (digital fingerprint):

TODAY'S DEAL
SAVE 86% ON SURFSHARK VPN + 3 FREE MONTHS

Surfshark backs their service with a 30-day money back guarantee

Use your account on unlimited devices & share with family members

CLAIM SURFSHARK DISCOUNT


Notable Replies

  1. Official Press Release From Green Line Analytics

    "Researchers at Green Line Analytics have concluded that the recently removed off-site remote represented perhaps the most egregious security vulnerability ever released on Fire TVs. The lack of any obvious change-log notification about the feature or user authentication as well as the inability to disable, hide or reset the QR code within the 1-2 weeks before it expired created a security threat that allowed attackers the capability to install malicious apps on Fire TV’s without seeing the target’s TV screen or requiring any user interaction on the targeted Fire TV.

    Amazon explicitly designed the troubleshooting feature so that recipients of the QR link in text or email messages who never actually saw the QR code could control the corresponding Fire TV device from a different location. Previous owners of a specific Fire TV and Airbnb renters could transfer possession of the device clean of any malware and then have this capability within the 1-2 week period without the current owner or renter taking any action. Compounding the threat posed by these scenarios, the user’s false impression of the innocuous nature of the ubiquitous Fire TV on-screen keyboard and standard QR codes instilled an absence of user screen-visibility discretion when this pseudo master password displayed on-screen in the presence of others or when they transmitted the QR link by phone.

    Attackers could remotely navigate the Fire TV without line of sight to the connected TV screen through a simple process in which they use the same model of Fire TV (identified on the QR-code web page) as a visual mirror for directional navigation from the universal wake position. They need only emulate on the QR page, one click at a time, the simple series of clicks that they perform on their own Fire TV at a time when they anticipate the target’s device to be asleep. The attacker would first enable administrator access, wait fifteen minutes for the device to go to sleep, download and open a download-capable browser like Downloader from the Amazon app store, and then download malware. Notably, this simple navigation does not require the Home, Menu or Back buttons not included in the QR-code remote control web page.

    The absence of industry-standard security protocols and the unusual use of a QR code for off-site remote control of a device combined to produce these attack vectors that posed one of the most significant security threats ever pushed to Fire TVs.”

Continue the discussion at troypointinsider.com

Participants

Avatar for TROYPOINT Avatar for TXRon Avatar for JMalone

Save 86% on Surfshark VPN + 3 Free Months

X