Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Security Flaws Discovered In Internet HDTVs

Posted by Soulskill on from the toasters-soon-to-be-at-risk dept.

wiredmikey writes "Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it's likely that similar security flaws exist in other Internet TVs. The security researchers were able to demonstrate how an attacker could intercept transmissions from the television to the network using common 'rogue DNS,' 'rogue DHCP server,' or TCP session hijacking techniques. Mocana was able to demonstrate that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device's Internet functionality."

5 of 128 comments (clear)

  1. Outer Limits Intro ..... by Anonymous Coward · · Score: 5, Funny

    "We control the horizontal."
    "We control the vertical...."

  2. Re:Heh by DWMorse · · Score: 5, Funny

    To the first hacker that figures out how to Rick Roll an entire family watching a gripping TV series finale: One Internet Dollar!

    --
    There's a spot in User Info for World of Warcraft account names? Really?
  3. Re:Heh by FatdogHaiku · · Score: 5, Informative

    http://xkcd.com/351/

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  4. Re:But How Connected is the TV Anyways? by LordLimecat · · Score: 5, Informative

    1) Set up ssh and dynamic dns on compromised TV, or perhaps a cron job to do a reverse SSH tunnel every so often (to bypass firewall). Now you know where this connection is, at all times, and have full control, at any time.
    2) Set up BIND DNS, set to forward to whatever malicious DNS server you want.
    3) Either set up a phony DHCP server, and/or do some arp poisoning so that all traffic to the internet is routed thru the TV.
    4) Control the entire household's internet connection -- rewriting HTTP pages, sending whatever DNS responses you want (Google? SURE, its this IP here in china!), capturing passwords (redirecting HTTPS to HTTP so that cert errors dont occur, or inserting non HTTPS javascript to capture the password), etc.

    ANY smart device on a home network has the potential to wreak massive havok on that network.

  5. Re:But How Connected is the TV Anyways? by multisync · · Score: 5, Insightful

    it contains, a hard drive, and the ability to serve as a DVR. Someone hacks into it, and can now use it to store what ever they want, even use it as part of the botnet

    I would be more concerned with entertainment companies "hacking in to it" to remove programs you might be storing. The Kindle experience has shown us that devices that can be remotely accessed by the vendor can not be trusted.

    I'll stick with dumb devices that simply do what I tell them.

    --
    I don't care why you're posting AC