Tuesday, April 11, 2017

What do you call a day with a new "Smart" TV hack?

Any day ending in "-day":
Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them.
And there's proof of concept code!
The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost transmitter for embedding malicious commands into a rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals.

Those rogue signals are then broadcast to nearby devices, allowing attackers to gain root access on the Smart TVs, and using those devices for nasty actions, such as launching DDoS attacks and spying on end users.

Scheel provided a live hacking demonstration of the attack during a presentation at the European Broadcasting Union (EBU) Media Cyber Security Seminar, saying about 90 percent of the Smart TVs sold in the last years are potential victims of similar attacks.
So you're 90% likely to be vulnerable if you bought one of these pigs.  But fear not, no doubt the vendor's security team will soon have a patch for you /sarc ...

So how do you protect yourself?  Don't connect it to the Internet:
Scheel's exploit relies on a transmitter based on DVB-T — a transmission standard that's built into TVs that are connected to the Internet.
And you really, really don't want this thing connected to the Internet:
Once compromised, the TV would be infected in a way that neither device reboots nor factory resets would help the victims get rid of the infection.
Angels and Ministers of Grace, defend us.

The thing to look for is "HbbTV".  Don't buy one that has this.

1 comment:

LindaG said...

Good to know, thank you.