Streaming News

Security Vulnerabilities Found in Firestick & Fire TV Devices

firestick security vulnerabilities

Various security vulnerabilities have been identified in Fire TV Devices including the Fire TV Stick 3rd Gen which is one of the most popular streaming devices available today.

Bitdefender, a well-known cybersecurity firm, first recognized these vulnerabilities in early May of this year with a coordinated disclosure.

The company performs regulatory audits of various IoT hardware for vulnerabilities and this includes Fire TV devices.

The issues were discovered in December of 2022 and relayed to Amazon that same month.

Amazon worked closely with Bitdefender to determine the issue and ultimately find a resolution.

The vulnerabilities identified affected two Fire TV devices, and more specifically, two different Fire OS Software versions.

These include:

  • Insignia Fire TV with versions of Fire OS before
  • Firestick 3rd Gen with versions of Fire OS before

This is the first time we have seen Amazon being transparent about vulnerabilities but it is likely not the first time these devices have encountered such issues.

This is one of the main reasons it is important to keep your device up to date and always run a VPN for complete security and anonymity.

⚖️ Legal Disclaimer: TROYPOINT does not operate, develop, host, or administer any streaming app, addon, service, or website. This is a review site where we point out the good, bad, and possibly illegal practices found within various apps, addons, services, websites, etc. The end-user is ultimately responsible for anything streamed or downloaded through his/her Internet connection. TROYPOINT assumes that all visitors are abiding by copyright laws set forth within their jurisdiciton. TROYPOINT will not be held liable for ISP termination, lawsuits, data breaches, fraudulent charges, etc.

The vulnerabilities discovered by Bitdefender included the following:

  • Unauthorized authentication through local network PIN brute forcing. This vulnerability was caused by improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol that could have resulted in attackers gaining control of the device.
  • A vulnerability in the setMediaSource function on the service allowed for arbitrary Javascript code to be executed. It could be used to load arbitrary HTTP URLs in the webview.
  • A vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.

It is important to note that different Fire TV devices have different version numbers so make sure to check your device version within settings.

You can easily locate the Fire OS software version on your Fire TV device by clicking Settings > My Fire TV > About > Fire TV.

In order to ensure your device does not have security vulnerabilities, we suggest updating your Firestick or Fire TV device to the most recent software version which has patched these issues.

You can do so by following our step-by-step guide below.

How to Update Firestick/Fire TV to Latest Software

For the latest news and tutorials in the streaming and tech world, be sure to sign up for the TROYPOINT Advisor with updates weekly.

This Advisor provides all the best tips, reviews, and guides to get the most out of your favorite streaming devices. Click the link below for your TROYPOINT Advisor Subscription:


This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, you will receive a discount due to the special arrangements made for our visitors. I will never promote something that I personally don’t use or recommend. Purchasing through my links directly supports TROYPOINT which keeps the content and tools coming. Thank you!


Your online activity is tracked by your Internet Service Provider, app/addon/IPTV devs, and government through your identifying IP address.

Stream anonymously by using Surfshark VPN.

Surfshark will encrypt your connection to the Internet, mask your identifying IP address and location so you will become anonymous.

Your Current Identifying IP Address:


Surfshark backs their service with a 30-day money back guarantee.

Surfshark allows you to use your account on unlimited Internet-connected devices

Source link

Related Articles

Firestick can NOW be ROOTED 2022 – More Amazon News

Top Tutorials

Do NOT Buy Any Amazon Devices…YET!

Top Tutorials

BREIN Can Continue Action Against Hosts in ‘Pirate CDN’ Streaming Case * TorrentFreak

Top Tutorials

Leave a Comment