News

Jailbreaking Roku sticks with RootMyRoku

This week, developers Marcus T. and Ammar Askar (llamasoft) have released an exploit called “RootMyRoku” which is capable of achieving persistent root jailbreak on select Roku devices.

Jailbreaking is a way to manually tamper with a device’s firmware, software, or hardware to circumvent any restrictions built-in by the device’s manufacturer to limit the use of the device to use cases permitted by terms and agreements.

This could be made possible by exploiting multiple vulnerabilities that impact Roku TV devices running RokuOS version 9.4.0 (and using Realtek WiFi chip).

“Affected devices include almost all Roku TVs and some Roku set-top boxes.”

“In theory, any Roku device running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable.
You can check your current software version from Settings -> System -> About.
While it is not possible to manually check your WiFi chip manufacturer, the channel provided for this exploit will tell you if your device is vulnerable or not,” reads RootMyRoku documentation.

Although RokuOS version 10 comes with an update that remediates this jailbreak exploit, not all users may have yer received the update.

Won’t “brick” your Roku sticks

According to the developers, Roku TV owners using the RootMyRoku exploit to jailbreak their device can rest easy knowing their devices will not “brick” (suffer from severe damage making them unusable).

“It makes no changes to the underlying firmware that the device runs. If anything bad happens, a factory reset will always recover your device,” explain the developers.

Jailbreaking works by manually tampering with a device’s firmware, software, or hardware to hijack its security controls and remove any built-in restrictions that limit the device’s full capabilities.

For example, this is especially applicable when it comes to manufacturers enforcing copyright laws internationally. Select Roku TV channels or apps may only be accessible in certain regions due to intellectual property agreements in place.

Jailbreaking a device with root privileges passes total control of what apps or software can be installed on the device to the consumer, as opposed to the manufacturer who had partially “locked” some of the features of a device.

It is for that reason jailbreaking may fall in a legal area, if not be outright forbidden by the terms of agreement of a service/manufacturer that users have agreed to. Anti-circumvention laws like the Digital Millenium Copyright Act (DMCA) typically forbid tampering with Digital Rights Management (DRM) controls to bypass restrictions or reverse engineer a device.

RootMyRoku developers do provide a way to “undo” the jailbreak should a user change their mind and decide to restore their Roku TV to its original configuration.

Devs push for a Roku bug bounty program

Finally, the devs end the RootMyRoku documentation with an appeal to Roku:

“If anyone at Roku is reading this: you desperately need a real bug bounty program.”

“Without one, there’s little incentive to research and report vulnerabilities when you’re not sure if you’ll be rewarded for your efforts or not. While we took this project on for fun as a hobby, almost no professional security researchers are going to dedicate as much effort as we did for a ‘maybe’.”

A Roku spokesperson told Engadget that no customer data had been exposed as a result of the vulnerabilities identified by RootMyRoku developers, and that the vulnerabilities used in the exploit were remedied in devices running Roku OS 9.4:

“As part of our continuous monitoring, the Roku security team identified and addressed vulnerabilities in the Roku OS – though these vulnerabilities did not expose customer data and we did not identify any malicious activity. We always want to do everything we can to maintain a secure environment for Roku, our partners, and our users, and we therefore mitigated the vulnerabilities and updated Roku OS 9.4 with no impact to the end user experience.”

Roku consumers—well, those who would rather play by the rules and have no plans to jailbreak their device are advised to apply the latest updates to ensure their devices are patched against reported vulnerabilities.


Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

1 hour ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

2 days ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

2 days ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

5 days ago

World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?

You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js…

7 days ago

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

2 years ago

This website uses cookies.