Security Vulnerabilities Found in Firestick & Fire TV Devices
Various security vulnerabilities have been identified in Fire TV Devices including the Fire TV Stick 3rd Gen which is one of the most popular streaming devices available today.
Bitdefender, a well-known cybersecurity firm, first recognized these vulnerabilities in early May of this year with a coordinated disclosure.
The company performs regulatory audits of various IoT hardware for vulnerabilities and this includes Fire TV devices.
The issues were discovered in December of 2022 and relayed to Amazon that same month.
Amazon worked closely with Bitdefender to determine the issue and ultimately find a resolution.
The vulnerabilities identified affected two Fire TV devices, and more specifically, two different Fire OS Software versions.
These include:
Legal Disclaimer: TROYPOINT does not develop, operate, host, distribute, or administer any streaming application, add-on, website, or service. Furthermore, we cannot determine the legality of any streaming platform reviewed on this website. TROYPOINT specializes in educational tech reviews, tutorials, and news which is protected by the First Amendment of the United States Constitution. The end-user is solely responsible for media accessed and TROYPOINT assumes that all visitors are abiding by copyright laws set forth within their jurisdiction. Users should only stream works not protected by copyright when using unverified streaming solutions.
- Insignia Fire TV with versions of Fire OS before 6.2.9.5
- Firestick 3rd Gen with versions of Fire OS before 7.6.3.3
This is the first time we have seen Amazon being transparent about vulnerabilities but it is likely not the first time these devices have encountered such issues.
This is one of the main reasons it is important to keep your device up to date and always run a VPN for complete security and anonymity.
The vulnerabilities discovered by Bitdefender included the following:
- Unauthorized authentication through local network PIN brute forcing. This vulnerability was caused by improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol that could have resulted in attackers gaining control of the device.
- A vulnerability in the setMediaSource function on the amzn.thin.pl service allowed for arbitrary Javascript code to be executed. It could be used to load arbitrary HTTP URLs in the webview.
- A vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.
It is important to note that different Fire TV devices have different version numbers so make sure to check your device version within settings.
You can easily locate the Fire OS software version on your Fire TV device by clicking Settings > My Fire TV > About > Fire TV.
In order to ensure your device does not have security vulnerabilities, we suggest updating your Firestick or Fire TV device to the most recent software version which has patched these issues.
You can do so by following our step-by-step guide below.
How to Update Firestick/Fire TV to Latest Software
For the latest news and tutorials in the streaming and tech world, be sure to sign up for the TROYPOINT Advisor with updates weekly.
This Advisor provides all the best tips, reviews, and guides to get the most out of your favorite streaming devices. Click the link below for your TROYPOINT Advisor Subscription:
This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, visitors will receive a discount due to the special arrangements made for our fans. I will never promote something that I personally don't use or recommend. Purchasing through my links directly supports TROYPOINT which keeps the content and tools coming. Thank you! Learn more on my Affiliate Disclaimer page.
Your online activity is tracked by your government, Internet Service Provider, app/addon/IPTV devs and all websites through your identifying IP address
Stream anonymously by using Surfshark VPN
Your Current Identifying IP Address (digital fingerprint):
SAVE 82% ON SURFSHARK VPN + 4 FREE MONTHS
Surfshark backs their service with a 30-day money back guarantee
Use your account on unlimited devices & share with family members
HURRY! SALE ENDS SOON
Claim Surfshark VPN Discount
I have a laptop with Bitdefender antivirus, is it okay or recommended to install on a Firestick 4K Max ?