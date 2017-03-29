About 90% of Smart TVs Vulnerable To Remote Hacking Via Rogue TV Signals (bleepingcomputer.com) 25
An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.
"1984"
It's as if the IoT was a really bad idea (Score:2)
And almost as if the actual people who created the Internet had told you it was a bad idea, but you ignored them.
Are you happy now?
This is worse than that... Just because I bought a smart tv didn't mean I had to have it hooked to the internet via ethernet or wifi...
100% are vunerable to the shmucks that sold them (Score:3)
When someone wants to put an always on microphone in your home, the proper response is "How much will you pay me for the privilege of spying on me?"
Any other response is just stupid.
I don't think that's quite true. As alternatives, keelhauling and/or drawing and quartering spring to mind.
Only members of the Inner Party can turn their telescreens off.
so this hack only works when the hacker spends a lot of his own money for no payback? how do i make money off this?
We don't subscribe to cable TV, so ours is connected to the antenna.
But it's not connected to the Internet. That seemed like a terrible idea.
And if you (in theory!) did that, would the manufacturer then have to "repair" the suddenly "malfunctioning" TV under the standard warranty since the issue wasn't due to anything the consumer did?
I'm not saying US sold tvs are safe, but this is 90 percent of european DVB-T/C based sets. So not really 90 percent of the 'smart tv' market. The summary also adds the advertisers' delightful 'potential' qualifier. So basically it's like the 'save up to 90 percent' type lie^^^^^h logic.
I'm not saying US sold tvs are safe
US TVs are protected by US TV stations which are so appallingly bad the only way to use TVs there is via Netflix or an equivalent service.
A list of TV's that are known not to be vulnerable, or a list of TVs whose vulnerability is not yet known? The first list is pretty easy. The Smart TVs that are definitely not vulnerable to hacking:
We have built your Telescreen! You failed, however, to predict that people would willingly PAY for them.
I wonder if this can be leveraged to somehow update the OS in my now abanndonware TV