News

Jailbreaking Roku sticks with RootMyRoku

This week, developers Marcus T. and Ammar Askar (llamasoft) have released an exploit called “RootMyRoku” which is capable of achieving persistent root jailbreak on select Roku devices.

Jailbreaking is a way to manually tamper with a device’s firmware, software, or hardware to circumvent any restrictions built-in by the device’s manufacturer to limit the use of the device to use cases permitted by terms and agreements.

This could be made possible by exploiting multiple vulnerabilities that impact Roku TV devices running RokuOS version 9.4.0 (and using Realtek WiFi chip).

“Affected devices include almost all Roku TVs and some Roku set-top boxes.”

“In theory, any Roku device running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable.
You can check your current software version from Settings -> System -> About.
While it is not possible to manually check your WiFi chip manufacturer, the channel provided for this exploit will tell you if your device is vulnerable or not,” reads RootMyRoku documentation.

Although RokuOS version 10 comes with an update that remediates this jailbreak exploit, not all users may have yer received the update.

Won’t “brick” your Roku sticks

According to the developers, Roku TV owners using the RootMyRoku exploit to jailbreak their device can rest easy knowing their devices will not “brick” (suffer from severe damage making them unusable).

“It makes no changes to the underlying firmware that the device runs. If anything bad happens, a factory reset will always recover your device,” explain the developers.

Jailbreaking works by manually tampering with a device’s firmware, software, or hardware to hijack its security controls and remove any built-in restrictions that limit the device’s full capabilities.

For example, this is especially applicable when it comes to manufacturers enforcing copyright laws internationally. Select Roku TV channels or apps may only be accessible in certain regions due to intellectual property agreements in place.

Jailbreaking a device with root privileges passes total control of what apps or software can be installed on the device to the consumer, as opposed to the manufacturer who had partially “locked” some of the features of a device.

It is for that reason jailbreaking may fall in a legal area, if not be outright forbidden by the terms of agreement of a service/manufacturer that users have agreed to. Anti-circumvention laws like the Digital Millenium Copyright Act (DMCA) typically forbid tampering with Digital Rights Management (DRM) controls to bypass restrictions or reverse engineer a device.

RootMyRoku developers do provide a way to “undo” the jailbreak should a user change their mind and decide to restore their Roku TV to its original configuration.

Devs push for a Roku bug bounty program

Finally, the devs end the RootMyRoku documentation with an appeal to Roku:

“If anyone at Roku is reading this: you desperately need a real bug bounty program.”

“Without one, there’s little incentive to research and report vulnerabilities when you’re not sure if you’ll be rewarded for your efforts or not. While we took this project on for fun as a hobby, almost no professional security researchers are going to dedicate as much effort as we did for a ‘maybe’.”

A Roku spokesperson told Engadget that no customer data had been exposed as a result of the vulnerabilities identified by RootMyRoku developers, and that the vulnerabilities used in the exploit were remedied in devices running Roku OS 9.4:

“As part of our continuous monitoring, the Roku security team identified and addressed vulnerabilities in the Roku OS – though these vulnerabilities did not expose customer data and we did not identify any malicious activity. We always want to do everything we can to maintain a secure environment for Roku, our partners, and our users, and we therefore mitigated the vulnerabilities and updated Roku OS 9.4 with no impact to the end user experience.”

Roku consumers—well, those who would rather play by the rules and have no plans to jailbreak their device are advised to apply the latest updates to ensure their devices are patched against reported vulnerabilities.


Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.