Jailbreaking Roku sticks with RootMyRoku

This week, developers Marcus T. and Ammar Askar (llamasoft) have released an exploit called “RootMyRoku” which is capable of achieving persistent root jailbreak on select Roku devices.

Jailbreaking is a way to manually tamper with a device’s firmware, software, or hardware to circumvent any restrictions built-in by the device’s manufacturer to limit the use of the device to use cases permitted by terms and agreements.

This could be made possible by exploiting multiple vulnerabilities that impact Roku TV devices running RokuOS version 9.4.0 (and using Realtek WiFi chip).

“Affected devices include almost all Roku TVs and some Roku set-top boxes.”

“In theory, any Roku device running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable.
You can check your current software version from Settings -> System -> About.
While it is not possible to manually check your WiFi chip manufacturer, the channel provided for this exploit will tell you if your device is vulnerable or not,” reads RootMyRoku documentation.

Although RokuOS version 10 comes with an update that remediates this jailbreak exploit, not all users may have yer received the update.

Won’t “brick” your Roku sticks

According to the developers, Roku TV owners using the RootMyRoku exploit to jailbreak their device can rest easy knowing their devices will not “brick” (suffer from severe damage making them unusable).

“It makes no changes to the underlying firmware that the device runs. If anything bad happens, a factory reset will always recover your device,” explain the developers.

Jailbreaking works by manually tampering with a device’s firmware, software, or hardware to hijack its security controls and remove any built-in restrictions that limit the device’s full capabilities.

For example, this is especially applicable when it comes to manufacturers enforcing copyright laws internationally. Select Roku TV channels or apps may only be accessible in certain regions due to intellectual property agreements in place.

Jailbreaking a device with root privileges passes total control of what apps or software can be installed on the device to the consumer, as opposed to the manufacturer who had partially “locked” some of the features of a device.

It is for that reason jailbreaking may fall in a legal area, if not be outright forbidden by the terms of agreement of a service/manufacturer that users have agreed to. Anti-circumvention laws like the Digital Millenium Copyright Act (DMCA) typically forbid tampering with Digital Rights Management (DRM) controls to bypass restrictions or reverse engineer a device.

RootMyRoku developers do provide a way to “undo” the jailbreak should a user change their mind and decide to restore their Roku TV to its original configuration.

Devs push for a Roku bug bounty program

Finally, the devs end the RootMyRoku documentation with an appeal to Roku:

“If anyone at Roku is reading this: you desperately need a real bug bounty program.”

“Without one, there’s little incentive to research and report vulnerabilities when you’re not sure if you’ll be rewarded for your efforts or not. While we took this project on for fun as a hobby, almost no professional security researchers are going to dedicate as much effort as we did for a ‘maybe’.”

A Roku spokesperson told Engadget that no customer data had been exposed as a result of the vulnerabilities identified by RootMyRoku developers, and that the vulnerabilities used in the exploit were remedied in devices running Roku OS 9.4:

“As part of our continuous monitoring, the Roku security team identified and addressed vulnerabilities in the Roku OS – though these vulnerabilities did not expose customer data and we did not identify any malicious activity. We always want to do everything we can to maintain a secure environment for Roku, our partners, and our users, and we therefore mitigated the vulnerabilities and updated Roku OS 9.4 with no impact to the end user experience.”

Roku consumers—well, those who would rather play by the rules and have no plans to jailbreak their device are advised to apply the latest updates to ensure their devices are patched against reported vulnerabilities.