Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Security Flaws Discovered In Internet HDTVs

Posted by Soulskill on from the toasters-soon-to-be-at-risk dept.

wiredmikey writes "Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it's likely that similar security flaws exist in other Internet TVs. The security researchers were able to demonstrate how an attacker could intercept transmissions from the television to the network using common 'rogue DNS,' 'rogue DHCP server,' or TCP session hijacking techniques. Mocana was able to demonstrate that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device's Internet functionality."

12 of 128 comments (clear)

  1. Re:Heh by xystren · · Score: 4, Funny

    Now I got an excuse... No Honey, I wasn't watching porn, the TV just switched and it won't let me change the channel!

  2. Outer Limits Intro ..... by Anonymous Coward · · Score: 5, Funny

    "We control the horizontal."
    "We control the vertical...."

    1. Re:Outer Limits Intro ..... by tomhudson · · Score: 4, Interesting

      Those controls disappeared decades ago.

      FTFA:

      This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer’s permission.

      Screw the users. Looks like almost everyone has accepted the "you bought it but you don't control it" mentality.

      Who do we blame? Steve Jobs. Verizon? Microsoft? The Supreme Court? Everyone for not making more noise?

  3. Re:Heh by DWMorse · · Score: 5, Funny

    To the first hacker that figures out how to Rick Roll an entire family watching a gripping TV series finale: One Internet Dollar!

    --
    There's a spot in User Info for World of Warcraft account names? Really?
  4. Re:But How Connected is the TV Anyways? by theNetImp · · Score: 4, Interesting

    I live in Japan. We just bought a new Sony Bravia TV, and unlike the ones in the states, it contains, a hard drive, and the ability to serve as a DVR. Someone hacks into it, and can now use it to store what ever they want, even use it as part of the botnet. Think it's not a security risk now? There is a reason my Television is not connected to the internet, even though it could be connected to it.

  5. Linux by tsa · · Score: 4, Interesting

    Don't most of the newer TVs run Linux? My father's LG does. So it's entirely possible that the first real viruses for Linux will run on TVs rather than normal computers.

    --

    -- Cheers!

  6. Inevitable by nitehawk214 · · Score: 4, Insightful

    Q: What happens when you combine a TV with a computer?

    A: You get a computer.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  7. Rogue DHCP server? by WD · · Score: 4, Funny

    Well that's just great! You're telling me it's not safe to lug my HDTV into Starbucks anymore?

  8. Re:Heh by FatdogHaiku · · Score: 5, Informative

    http://xkcd.com/351/

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  9. Re:But How Connected is the TV Anyways? by LordLimecat · · Score: 5, Informative

    1) Set up ssh and dynamic dns on compromised TV, or perhaps a cron job to do a reverse SSH tunnel every so often (to bypass firewall). Now you know where this connection is, at all times, and have full control, at any time.
    2) Set up BIND DNS, set to forward to whatever malicious DNS server you want.
    3) Either set up a phony DHCP server, and/or do some arp poisoning so that all traffic to the internet is routed thru the TV.
    4) Control the entire household's internet connection -- rewriting HTTP pages, sending whatever DNS responses you want (Google? SURE, its this IP here in china!), capturing passwords (redirecting HTTPS to HTTP so that cert errors dont occur, or inserting non HTTPS javascript to capture the password), etc.

    ANY smart device on a home network has the potential to wreak massive havok on that network.

  10. Re:But How Connected is the TV Anyways? by multisync · · Score: 5, Insightful

    it contains, a hard drive, and the ability to serve as a DVR. Someone hacks into it, and can now use it to store what ever they want, even use it as part of the botnet

    I would be more concerned with entertainment companies "hacking in to it" to remove programs you might be storing. The Kindle experience has shown us that devices that can be remotely accessed by the vendor can not be trusted.

    I'll stick with dumb devices that simply do what I tell them.

    --
    I don't care why you're posting AC
  11. Re:But How Connected is the TV Anyways? by internewt · · Score: 4, Insightful

    Having my TV join a botnet still doesn't sound like that much of a crisis.

    Right up until it is used as a proxy to download child porn, and all of a sudden you are having to explain why your IP has accessed CP to law enforcement, family, friends, the media.....

    Yeah, I know CP is one of those bogey men used to persuade people to see danger from unlikely events, but an accusation of CP can be enough to ruin lives. If you can avoid it, it's probably for the best.

    Also, if your TV is in a botnet then it might be inside your firewall, if you use a straight forward NAT router. The TV could be used to attack other computers on your LAN which may contain more important data.

    --
    Car analogies break down.