Hardware and Networks
How to block a compromised Amazon Firestick
Since March 2022, Fydelia has seen a surge in incidents relating to the Amazon FireTV / Firestick system.
The device attempts to access the internet using any open WiFi connection, which is usually the Guest WiFi redirect to the venue’s Fydelia login page. The device source port is incremented from 30,000 to 60,000 while it tries to gain access and will be redirected to the Fydelia splash page dozens, sometimes hundreds, of times per second. This can cause havoc at a venue with lower bandwidth and can result in Fydelia triggering an automatic blocking of the venue’s external IP for short periods of time if deemed excessive.
How to resolve
By default, Fydelia will block Amazon devices. Until this apparent vulnerability is better understood, be sure to block devices from your guest network with MAC Addresses starting with:
You should provide an alternative private network for your guests, which will only allow traffic for that MAC pattern.
On March 29th Fydelia first detected a rogue Amazon Firestick device which began hammering Fydelia servers in an attempt to open a splash page many times a second. It appears to be a vulnerability but could be related to a recent firmware update.
Be sure to check back here for updates.