IPTV and IP video security is increasingly under scrutiny, even by high school kids.
When Township High School District 214 in Illinois got rickrolled all at once across its six different schools just before graduation, it was more than a meticulously executed senior prank.
cybersecurity star-in-the-making and recent high-school graduate Minh Duong found, and was able to exploit, a zero-day bug in the district’s Exterity IPTV system. The goof was received in good humor by school administrators, luckily for Minh and his cohorts, and the bug was reported to Exterity.
But so far, the company hasn’t responded to Minh’s disclosure or said anything about possible mitigations, he said.
“If I don’t end up hearing back from them in my next few attempts at contact, I will publish the exploit that I used,” he told Threatpost. “cve-2021-42109 has been reserved for the Exterity IPTV privesc vulnerabilities, with my blog post being listed as a reference.”
“The Big Rick,” as the prank was called, came off beautifully — hijacking every TV, projector and monitor on the district’s IPTV system to play Rick Astley’s classic video for “Never Gonna Give You Up.”
Projectors and TVs across the Township district