Casaba Security » Tivo http://www.casaba.com/blog Building and breaking software and robots Wed, 11 Jan 2012 18:08:45 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 New risks for old credentials http://www.casaba.com/blog/2008/01/new-risks-for-old-credentials/ http://www.casaba.com/blog/2008/01/new-risks-for-old-credentials/#comments Wed, 16 Jan 2008 20:16:56 +0000 Samuel Bucholtz I was playing around with my Tivo this weekend and realized that many of the new features being offered on Tivo are handy but leave valuable information stored on your Tivo.

How so?

Well, Tivo now offers Amazon Unbox downloads, Yahoo Weather/Traffic, etc. All of these services require you to store your credentials on the device or on Tivo's website. Imagine what might happen if an attacker can break into the device and gather such information. With an Amazon account an attacker has access to any stored credit cards for purchases on the site. Even if an attacker cannot hack into your private network and break into the Tivo, what happens when the Tivo is put into the trash at the end of its life?

]]> http://www.casaba.com/blog/2008/01/new-risks-for-old-credentials/feed/ 0