About 90% of Smart TVs Vulnerable To Remote Hacking Via Rogue TV Signals (bleepingcomputer.com) 76
An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.
Daddy was Right (Score:4, Insightful)
Re: (Score:1)
"1984"
"Editors" (Score:3, Informative)
FTFS:
...which makes his work even more impressive.
Slashdot, would you people please hire someone competent to write/edit English summaries?
Thank you.
Re: (Score:3)
Re: "Editors" (Score:2)
and aren't most tvs not connected to an over the air antenna anyway? Lots of people on cable, satellite, or Netflix
Re: (Score:2)
It's as if the IoT was a really bad idea (Score:2, Insightful)
And almost as if the actual people who created the Internet had told you it was a bad idea, but you ignored them.
Are you happy now?
Re: (Score:2)
This is worse than that... Just because I bought a smart tv didn't mean I had to have it hooked to the internet via ethernet or wifi...
100% are vunerable to the shmucks that sold them (Score:5, Insightful)
When someone wants to put an always on microphone in your home, the proper response is "How much will you pay me for the privilege of spying on me?"
Any other response is just stupid.
Re: (Score:2)
I don't think that's quite true. As alternatives, keelhauling and/or drawing and quartering spring to mind.
Re: (Score:3)
Only members of the Inner Party can turn their telescreens off.
Re: (Score:2)
so this hack only works when the hacker spends a lot of his own money for no payback? how do i make money off this?
Re: (Score:2)
We don't subscribe to cable TV, so ours is connected to the antenna.
But it's not connected to the Internet. That seemed like a terrible idea.
Author is high (Score:3)
That doesn't mean that 90% of tvs are carrying 0 day vulnerabilities, but
Re: (Score:3)
It's built inside of the TV. Just like Mobile Phones have their Antenna on the inside now.
Hypothetically speaking... (Score:5, Interesting)
And if you (in theory!) did that, would the manufacturer then have to "repair" the suddenly "malfunctioning" TV under the standard warranty since the issue wasn't due to anything the consumer did?
And if this happened (hypothetically!) to enough TVs, between the repair costs and the bad publicity wouldn't the TV manufacturers have to start taking security seriously instead of fobbing the risks of insecure devices off onto the commons as they currently do?
Re: (Score:2)
Good questions. Based on prior experience, the answers are:
1,. YES, you can use this vulnerability to brick a TV
2. YES, the manufacturer is legally liable
3. NO, the manufacturers will not have to take security seriously. There is no force in the known universe capable of forcing a typical IOT vendor to take security seriously.
Re: (Score:2)
There is no force in the known universe capable of forcing a typical IOT vendor to take security seriously.
Except the bottom line companies will do anything to keep those numbers positive even start testing their products e.g. samsung
No mention of ATSC (Score:2)
I'm not saying US sold tvs are safe, but this is 90 percent of european DVB-T/C based sets. So not really 90 percent of the 'smart tv' market. The summary also adds the advertisers' delightful 'potential' qualifier. So basically it's like the 'save up to 90 percent' type lie^^^^^h logic.
US TVs protected (Score:4, Funny)
I'm not saying US sold tvs are safe
US TVs are protected by US TV stations which are so appallingly bad the only way to use TVs there is via Netflix or an equivalent service.
Re:No mention of ATSC (Score:5, Informative)
Re: (Score:2)
Five seconds on google, first hit is a worldwide tuner chips from Silicon Labs for ATSC/QAM, DVB-T2/C2/T/C, ISDB-T/C, DTMB
http://www.silabs.com/products... [silabs.com]
Even in the last days of analogue there was no such thing as an NTSC only tuner chip. They all did PAL as well. Anyway none of the chips on that web page do ATSC and or NTSC only.
Vulnerable Devices? (Score:2)
Re: Vulnerable Devices? (Score:3)
Re: (Score:3)
A list of TV's that are known not to be vulnerable, or a list of TVs whose vulnerability is not yet known? The first list is pretty easy. The Smart TVs that are definitely not vulnerable to hacking:
Re: (Score:2)
Well that makes those TVs perfectly safe around here, because it's been at least 10 years since I've met someone who used the tuner function of their TV. If you're lucky, you'll pick up 3 stations over the air, and if you're using cable of any form you're using their box fed in to your HDMI or Component connections.
Paging George Orwell (Score:1)
We have built your Telescreen! You failed, however, to predict that people would willingly PAY for them.
Re: (Score:2)
Except, the idiots willingly attend their two minute hate, er, I mean, trump rallies.
Translation (Score:2, Insightful)
Translation: About 90% of smart TVs can be reclaimed by their owners. There's a way to get root and remove the vendor-installed malware.
Thats what i was thinking (Score:2)
I wonder if this can be leveraged to somehow update the OS in my now abanndonware TV
Glad I dont own a smart TV (Score:2)
Every time I see some new report about smart TVs being hacked or spying on people or otherwise having problems, it makes me glad that my TV is a nice dumb 32" Samsung LCD.
Why Buy a TV Anymore? (Score:2)
Come on now. We can drive large screens & run entirely off of an Internet connection.
We know computers can be hacked, but they can also be turned off & various tools can tell us if suspicious data is going out of our computer and stop it.
Seems like we need to simplify our data devices.
Re: (Score:2)
43" 4K TV $379.99 (by the way, 43" was actually the smallest TV I could find at the major electronics retailer)
43" 4K Monitor $999.99 (same store, 2 aisles over)
Both of these are the cheapest I could find, average for the 43" TVs was about $430, Most of the 4K monitors were much smaller but even the 30" ones were $999.99 - $1749.99
yeah... no wonder people buy TVs instead of monitors!
Re: (Score:2)
Of course there's nothing saying that you need to connect it to the internet (or in this case to broadcast TV signals)
Re: (Score:2)
A smart TV that did not need network access to place the code.
Re "suspicious data is going out of our computer"
A person would have to enter the room, access and alter the smart TV, wait for a recoding, a person to collect the data later. No need for the data collected to be networked out later. No network code litter to alter the smart TV, no code litter left in the smart tv later, no changes to any network.
The idea been no network had to be entered to alter the smart TV. No
Smart *something* is vulnerable, rain is wet... (Score:2)
The CIA and the TV manufacturers are already watching you fap, why not open the priviledge to others?
My smart TV was obsolete within months (Score:1)
So I bought a Chromecast, and plugged it into a spare HDMI socket. So for an extra $50, I had a true smart TV, one that works on WiFi leaving my ethernet cables I pulled through the walls obsolete. Now it looks like I dodged a bullet with respect to this security vulnerability.
Chromecast i
Re: (Score:2)
Re: (Score:1)
I keep mine disconnected because the idiots at Visio give you zero control over system updates. There's no way to check for an update. There's no way to say no to an update. You'll be watching TV and *poof* the TV reboots and takes for bloody ever to return to action.
My guess is this is done on purpose. (Score:2)
My guess is this is done on purpose. It would of been a nice backdoor for some spy agency. I mean, who would think of using Digital Air TV to gain access to a tv? Well, besides the person who found it and shared it with the rest of us.
Re: My guess is this is done on purpose. (Score:1)
Would have you fucking moron.
Old news and counter measure are on their way (Score:1)
I'm good, thanks. (Score:2)
10%er here. My Samsung TV isn't connected to cable nor DVB-T nor the internet, just to my uTorrent machine.
Mitigations (Score:2)
I am thinking that there may be nothing I can do to prevent the "smart" television's tuner from accepting a broadcast signal, but what about these ideas for mitigation:
1. Uninstall web browser app if possible
2. Whitelist Netflix or whatever streaming services and block all other web traffic to television
3. Keep television unplugged from ethernet, don't configure wifi and just use an external streaming device
LG EULA (Score:2)
Re: (Score:2)
They asked, I guess.
What if a household member or a random friend "accepts" the EULA, are you hosed forever? Can you take the consent back? (What if the TV was pre-owned?)
Seen that happen with youtube sometimes asking you to "consent" to vague stuff, people will click through it even though they're not using their own computer, desktop session or internet.
You can avoid or remove that consent window and still access videos, I don't know if anything different happens then.
Your TV might be at the danger of "at
Re: (Score:2)
What if a household member or a random friend "accepts" the EULA, are you hosed forever? Can you take the consent back? (What if the TV was pre-owned?)
There is no telling if they even pay attention to whether you clicked through the EULA or not. The thing is, in order for their surveillance "feature" to work the TV needs access to the Internet. They need to stream the video and audio back to the mother ship for any voice-to-text or image recognition to figure out what you are doing during those commercials, etc. So the traffic would be quite evident on your network. Checking for software updates only takes a split second so the difference is many orders o
Unplug the Ethernet cable (Score:1)
Re: (Score:2)
You could be using a TV offline with the "old fashioned" broadcasts and USB media (drives and HDDs). This is pretty common, even on supposedly dumb TV - a dumb TV with H264 playback and recording etc. is a computer as well, see the original Raspberry Pi A for how their main chip might look like in terms of abilities.
You might even use a 50-year-old TV if you wish, with a small receiver for the latest DVB-T or similar, that also has a USB port for file playback.
Any of these might be hosed by broadcasts and