How to block a compromised Amazon Firestick

Defaut template

How to block a compromised Amazon Firestick



Print

How to block a compromised Amazon Firestick

Since March 2022, Fydelia has seen a surge in incidents relating to the Amazon FireTV / Firestick system.

Symptoms

The device attempts to access the internet using any open WiFi connection, which is usually the Guest WiFi redirect to the venue’s Fydelia login page.  The device source port is incremented from 30,000 to 60,000 while it tries to gain access and will be redirected to the Fydelia splash page dozens, sometimes hundreds, of times per second.  This can cause havoc at a venue with lower bandwidth and can result in Fydelia triggering an automatic blocking of the venue’s external IP for short periods of time if deemed excessive.

How to resolve

By default, Fydelia will block Amazon devices.  Until this apparent vulnerability is better understood, be sure to block devices from your guest network with MAC Addresses starting with:

18:48:be:xx:xx:x

f0:f0:a4:xx:xx:xx

You should provide an alternative private network for your guests, which will only allow traffic for that MAC pattern.ackground

Be sure to check back here for updates.

Table of Contents