All Your DVR are Belong to Us


Just Plain Mean
Staff member
May 18, 1997
Why subscribe to a cable or satellite service when there are tens of thousands of those on the net for you to access? Because you are not a criminal, most likely. That said, I hate browsing through my own DVR's menu, and probably even hate browsing through yours even more. Although this DVR vulnerability has been confirmed, not attacks have been verified yet. Also it can be fairly easily blocked as well should the companies using these decide to. I need to go check if my DVR is mining right now though.

Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of "Cookie: uid=admin," the DVR would respond with the device's admin credentials in cleartext. The entire exploit is small enough to fit inside a tweet.

...companies can still detect attempts to access /login.rsp or /device.rsp URL paths and block those, allowing access to the DVR's management interface only for trusted IPs.
Windows 7 Media Center DVR, with a proper firewall. Don't think I need to worry.
Mine probably is... damn thing slowed to a crawl a few months ago. If I want to watch a movie on-demand, I need to demand it about 3 hours in advance.

Mine did that when it hit a bad sector on the HDD stayed like that till we basically emptied it and reset it.
D...V...R? Oh, that's a thing you use for TV. Ah TV, that takes me back.

I used to like DVR..then I discovered on demand streaming for less money per month than what my cable company was charging me for that piece of equipment. Then I DISCOVERED streaming and finally cut cable completely.
A few years ago I somehow was able to gain access to our(then) directv dvr's folders and files thru my wifi network. I don't remember how I did it since I was just tinkering at the time and bored but I was able to locate and copy/play files that were recorded in an mp4 format.
MythTV backends with Kodi frontends work great and are very secure.

Why would a DVR box ever need to be visible to the public internet? If I still had them, I'd firewall that shit off.
Oh man, I hope this gets patched before some nation state sponserd hackers get their hands on it... Not too many better ways to sow chaos than to start randomly deleting people's recorded showed.