Amazon Fire TV security patch stops crypto-miners from hacking your set-top box

News
By published

Software update 5.2.6.6 is crucial for all Fire TVs made before 2017

Earlier this year, older Amazon Fire TV models were overtaken by a malicious worm that spread from between devices using the set-top box's ADB (Android Debug Bridge) connection. Today, Amazon has released a patch that will plug the hole in the vulnerability and stop the infection in its tracks.

The software update – version 5.2.6.6 – is now available for Amazon Fire TV, Amazon Fire TV Stick and Amazon Fire TV Edition televisions, and it'll disable ADB by default. It'll also prompt users every time a device wants to install a new piece of software on their device. In the past, once you approved one ADB connection, any device could then connect to your Fire TV and install some code without asking. 

The offending exploit from February helped spread a pretty vicious malware worm called ADB.miner and the unchecked vulnerability of Amazon Fire TVs was used to mine cryptocurrency. This caused massive slow downs on infected devices, leading to long install times and abrupt crashing in the middle of streamed content.

The silver lining in all this is that newer devices, like the Amazon Fire TV Cube and latest version of the Amazon Fire TV, weren’t impacted by the malware as the protocol of asking before installing any software was built in from the start. 

So why have ADB in the first place?

This all raises the question: If ADB is such a vulnerability, why even allow it to exist on Amazon Fire TV devices? 

The answer is that ADB gives users some customizability options for their Fire TV – allowing you to install apps that aren't available on Amazon's limited Fire TV store (called sideloading). 

Sideloading is most often used by the KODI/XMBC crowd to install the app on the Fire TV, creating an even more robust streaming device that can stream local video content as well as content from traditional sources like Netflix and Amazon Video. 

Now that the ADB vulnerability is fixed, you'll be prompted before any additional software is installed on the device, quashing bugs like ADB.miner in its tracks.

Source: AFTVnews

See more Television News
TOPICS
Nick Pino
Nick Pino

Nick Pino is Managing Editor, TV and AV for TechRadar's sister site, Tom's Guide. Previously, he was the Senior Editor of Home Entertainment at TechRadar, covering TVs, headphones, speakers, video games, VR and streaming devices. He's also written for GamesRadar+, Official Xbox Magazine, PC Gamer and other outlets over the last decade, and he has a degree in computer science he's not using if anyone wants it.

Latest in Streaming Devices
Google Chromecast 2
Chromecasts are still broken – but Google tells fuming owners not to factory reset their devices
Google Chromecast 2
Chromecast users are getting increasingly angry about a weird 'untrusted device' bug that blocks casting – but a fix is coming
Blue Chromecast with Google TV plugged into the back of a TV with the remote next to it.
Google has stopped selling the Chromecast with Google TV – but there's no way I'm replacing mine
Roku Express HD Streaming Device
Roku Express and Express 4K+ are 40% off in the Presidents' Day sale – don't miss out!
xbox game pass
Amazon's Android TV update hints at new Fire TV devices – maybe at the next-gen AI Alexa event soon
Nvidia Shield TV Pro
The Nvidia Shield lives! A new update adds a Dolby Atmos competitor, and a load of other fixes
Latest in News
Samsung Galaxy Z Fold 6
The Samsung Galaxy Z Fold 7 could be in line for a Galaxy S25 Ultra-level camera upgrade
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close up of Billy Bob Thornton's Tommy Norris in Paramount Plus' Landman TV series
The Taylor Sheridan supremacy lives on at Paramount+ as Landman gets renewed for season 2
Ryzen 9000 promotional material
AMD's most powerful processor ever actually runs better on Windows 10 than Windows 11
Intel CEO Lip-Bu Tan
Intel reveals its new CEO
The SAG-AFTRA San-Fransisco-North California Local
SAG-AFTRA union and video game industry bargaining group remain at odds as agreements on AI protections still 'frustratingly far apart'
More about streaming devices
Google Chromecast 2

Chromecasts are still broken – but Google tells fuming owners not to factory reset their devices
Google Chromecast 2

Chromecast users are getting increasingly angry about a weird 'untrusted device' bug that blocks casting – but a fix is coming
A close up of Billy Bob Thornton's Tommy Norris in Paramount Plus' Landman TV series

The Taylor Sheridan supremacy lives on at Paramount+ as Landman gets renewed for season 2
See more latest
Most Popular
A close up of Billy Bob Thornton's Tommy Norris in Paramount Plus' Landman TV series
The Taylor Sheridan supremacy lives on at Paramount+ as Landman gets renewed for season 2
Samsung Galaxy Z Fold 6
The Samsung Galaxy Z Fold 7 could be in line for a Galaxy S25 Ultra-level camera upgrade
Assassin's Creed Shadows cinematic trailer shot showing Naoe in her hood
Actually, yes, Assassin's Creed Shadows will be playable on Steam Deck at launch, Ubisoft confirms
Printer
No, your printer isn't possessed: a Windows 11 23H2 bug could be making it print random characters when connected via USB
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Ryzen 9000 promotional material
AMD's most powerful processor ever actually runs better on Windows 10 than Windows 11
Intel CEO Lip-Bu Tan
Intel reveals its new CEO
A bloodied and crying Mark Grayson in the Invincible season 3 finale
Invincible season 3 ending explained: is [spoiler] dead, Damien Darkblood end credits scene, will there be a season 4, and more big questions answered
The SAG-AFTRA San-Fransisco-North California Local
SAG-AFTRA union and video game industry bargaining group remain at odds as agreements on AI protections still 'frustratingly far apart'
Data center racks with cables and servers
Data centers are being pushed to their limits, but digital twins could help