If you use wireless Genie clients, listen up Forbes is reporting that these devices are incredibly easy to hack and that your whole network could be vulnerable. Let’s dig into that claim and let’s talk about why you should — or shouldn’t — be worried.
First things first, yeah, they’re kinda right.
The White Paper I wrote back in 2014 gives a very easy way to connect to the wireless video bridge using the default username and password. In fact, if you have some basic experience tracing and finding devices on your network it’s even easier to get into the video bridge’s menus, you don’t even have to disconnect it. From there you can upload hacked firmware or do whatever.
Forbes says their hacker was able to get root access without even knowing the password, which is “admin” just like most Linksys devices of its age. I don’t doubt it. From there, a skilled hacker could gain entry to the rest of your network if your DVR is connected to the internet. So yeah, this is real and it’s serious.
But honestly how real and serious is it?
The DIRECTV Wireless Video Bridge has a maximum range of about 50 feet through 3 walls. That means the hacker would probably need to be in your driveway or inside the house in order to do any damage. If you’re in an apartment or condo, OK I could see that being an issue. But even so, someone would really have to want to get into your network and they could probably do it a bunch of other ways that are just as easy.
What can I do RIGHT NOW?
Well, you could unplug the wireless video bridge, which means you would lose your wireless clients. You could disconnect your Genie DVR from the internet, which means you’d lose on-demand and some other features. If your DVR isn’t connected to the internet then even if the bad guys hacked the video bridge you’d be safe because they couldn’t go anywhere after that.
Is the Genie 2 affected?
As far as I know, no. The Genie 2 uses a different set of chips and software than the wireless video bridge and no one is claiming that it’s hackable in any way.
How will I know if it’s been fixed?
If I know, you will know, I’ll tell you that. Most likely AT&T will quietly roll out a fix and not tell anyone, that’s kind of what they do. However, you’ll need to have the video bridge connected to the internet to get the fix, so that’s kind of a problem if you’re really worried.
So… should I be worried?
I can’t tell you for sure. You have to make that call yourself. I can tell you that the chances of someone using this exploit to get to your personal information are pretty slim if your network is properly protected in other ways. I can also tell you that in almost four years I’ve never heard of anyone who used a hacked video bridge to do anything. Probably the most anyone could do would be to see what’s on your playlist. AT&T’s spokespeople say that it’s doubtful this exploit could be used to even see other computers on your network.
If you’re genuinely worried, then disconnect the video bridge or the internet connection from your Genie. I wouldn’t blame you.