Monday, May 12, 2014

In Soviet Russia, Television watches you!

Who didn't see this coming?
Smart tellies with built-in microphones and storage can be turned into bugging devices by malware and used to record conversations, security experts at NCC Group said. And they demonstrated exactly that just down the road from the Infosec Europe conference, held in London.

"Installing the bugging software requires physical access to the device, which is how we did it, or by installing a malicious app," said Felix Ingram, principal consultant at NCC Group.
"Malicious apps could be downloaded from the manufacturer’s app store. The TV does have the option for auto-updating, so releasing a legitimate app, then releasing a malicious update, is another attack vector."

In other words, Ingram's research shows smart TVs can be abused in much the same way that dodgy apps on Android software stores hijack smartphones and tablets.

In the NCC demo, the internal storage of a smart TV was used to hold 30 seconds of audio, but a far longer buffer could be set up.
And so it seems that Smart TVs have all of the security (ahem) capabilities of Android:
In 2013 Android grew to a very large number: 87%. This was its share of the global smartphone market. It also grew to an even larger one: 97%. This was Android’s share of global mobile malware.
So go ahead and pay an extra hundred bucks (or two) for a "Smart" TV whose security was designed by incompetents.  Actually, that likely does not describe the true situation: security wasn't an after thought, it wasn't thought of at all.

NCC are pretty sharp guys - I've dealt with them several times and have been impressed.

1 comment:

Lissa said...

Yeah, the concept of smart TV's freaks me out. I've also been advised to put a piece of tape (or something) over a webcam when it's not in use - your thoughts?

(cf the school scandal in which administrators turned on the school laptop cams and took pix of the students without anyone's permission)