Spoiler Alert: Your TV Will Be Hacked

← Back to Stories (view on slashdot.org)

Spoiler Alert: Your TV Will Be Hacked

Posted by Soulskill on Tuesday April 17, 2012 @09:10PM from the let's-hope-so dept.

snydeq writes "With rising popularity of Internet-enabled TVs, the usual array of attacks and exploits will soon be coming to a screen near you. 'Will Internet TVs will be hacked as successfully as previous generations of digital devices? Of course they will. Nothing in a computer built into a TV makes it less attackable than a PC. ... Can we make Internet TVs more secure than regular computers? Yes. Will we? Probably not. We never do the right things proactively. Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection.'"

44 of 211 comments (clear)

Min score:

Reason:

Sort:

Heh by jeesis · 2012-04-17 21:14 · Score: 5, Funny

No longer will I need a universal remote to screw with the neighbors television.
1. Re:Heh by AmiMoJo · 2012-04-17 23:38 · Score: 5, Interesting
  
  I recently got a Panasonic smart TV. There is an Android app that lets you control it from your phone/tablet, and you can push photos and video directly from the device onto the TV screen. It works over wifi and there isn't any kind of authentication or code. In other words if your neighbours have insecure wifi and a Panasonic TV you and display whatever you like on their screen.
  I'm sure many other smart TV platforms are similarly insecure, in that they assume your wifi network is a secure environment.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:Heh by Eraesr · 2012-04-18 00:39 · Score: 2
  
  My Samsung can do the same (although I don't need a separate app for it, my HTC Sensation has support for Wifi media player devices out-of-the-box) but on the TV I do need to explicitly grant the device access to my TV.
3. Re:Heh by mcgrew · 2012-04-18 01:45 · Score: 4, Interesting
  
  My ten year old analog TV does that -- I have a computer plugged into it. The only difference is the computer isn't inside the TV. I can bluetooth pictures from my phone, wifi files to it from my notebook, and I use a wireless mouse as a remote control and the internet for "cable".
  But nobody's hacked it yet. In fact, in 30 years of computing I've only been hit three times (my house has been broken into more often), none with any permanent damage. The first was the Michelangelo virus I got by putting one of my own floppies (five inch variety) in a computer at work, and learned that being smart is no defense against viruses -- the woman who infected the work computer held a PhD, but she was pretty clueless about computers.
  The second time was a targeted attack by a bunch of young people I'd made fun of on my web site (I made fun of everyone, I was the Don Rickles of the Quake world). All they did was replace a picture of a bunch of down's syndrome kids with a basketball team. I wonder of those guys are now lulzsec? It was over 15 years ago.
  The third time was when Sony rooted my box with their goddamned XCP trojan. That one really fucked up my computer BAD, took quite a while to repair the damage Sony's vandalism had done.
  So judging from my own (admittedly limited) experience with being cracked, I worry far more about some big international corporation that has no fear of law enforcement than I am some Russian cyberburglar or teenage cybervandal.
  And hey, this is only tengentally on topic but can we take our verbage back that was stolen and twisted by the muggles? Don't call them "hackers" unless they wrote the malware. Call them cybervandals or cyberburglars instead. Lets (at least among ourselves) reserve the word "hacker" for someone who writes quick and dirty one time use code and folks who modify hardware. I mean, come on, I've been both a hardware hacker and a code hacker, but I've never broken into someone's computer without their begging me to (working of a bios password on an old laptop now, have to take the whole damned thing apart to do it).
  
  --
  Free Martian Whores!
4. Re:Heh by cyber-vandal · 2012-04-18 02:00 · Score: 4, Funny
  
  You insensitive clod!
5. Re:Heh by mcgrew · 2012-04-18 04:06 · Score: 2
  
  She wasn't the brightest bulb on the tree, but she knew her stuff. There's another guy with a PhD who's dumb as a box of rocks, but everyone else I ever knew with one was very intelligent.
  I found out how to tell the smart ones from the dumb ones -- the dumb ones always add the "PhD" to correspondence and want everyone to call them "doctor". I knew the smart ones for years before I knew they had the degree.
  
  --
  Free Martian Whores!
Non-functional requirements by thsths · 2012-04-17 21:36 · Score: 4, Insightful

These are often forgotten by engineers. Usually they are formulated as thing you do not want your TV to do:
- not damage your furniture
- not start a fire
- not weight a ton
- not hack your network
You would think these are simple and logical expectations. The problem is, they are hardly good marketing, so they may not receive the necessary priority. But they can be very bad marketing if a story hits...
1. Re:Non-functional requirements by Jeff+DeMaagd · 2012-04-17 23:40 · Score: 5, Insightful
  
  Why blame the engineers for that? The engineers that I know are trying to make things the best they can be, but they're prevented by short-sighted penny pinchers that make constricting demands.
Barney by DarkXale · 2012-04-17 21:36 · Score: 2, Funny

One day, our TVs shall be hacked, and they shall show nothing but that damned purple Dinosaur.
1. Re:Barney by geekmux · 2012-04-17 21:53 · Score: 2
  
  One day, our TVs shall be hacked, and they shall show nothing but that damned purple Dinosaur.
  The new goatse...only much more offensive.
Re:Shopping channels by ArsenneLupin · 2012-04-17 21:48 · Score: 2

As long as the h4ckZ0rs only switch my channel from NatGeo to CNN I do not really care much,
Na, they'll switch your channel from Disney Channel to Playboy instead, and then you will care...
Why not yet ? by nonos · 2012-04-17 21:49 · Score: 5, Interesting

I'm wondering why my tv hasn't been hacked with air waves : one morning, I switched it on and it told me a firmware update had been uploaded over the air during the night.
What can stop hackers to send rogue fw updates over the air ?
Also, is it possible to exploit mpeg2 video decoder bugs to takecontrol of tv ?
Any info of previously discovered hacks of this kind ?
1. Re:Why not yet ? by profplump · 2012-04-17 23:31 · Score: 2
  
  Appliances with heavy compute loads typically have dedicated hardware (or at least an FPGA) to do their primary task -- your TV almost certainly does demuxing, MPEG decoding, and AC3 decoding outside the main CPU. So even assuming a poorly written software the hardware design does quite a bit to protect you from inline attacks.
  You'd probably have better luck attacking something like the closed-caption system, or the virtual channel number or the like. That stuff is low-bandwidth enough that it may happen on the main CPU.
2. Re:Why not yet ? by AmiMoJo · 2012-04-17 23:35 · Score: 2
  
  What can stop hackers to send rogue fw updates over the air ?
  They are required to be cryptographically signed in most places. Of course if the master key leaks you are screwed.
  
  Also, is it possible to exploit mpeg2 video decoder bugs to takecontrol of tv ?
  Probably not because it is decoded by a dedicated DSP that is separate from the CPU, and is not capable of executing code in the same way.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Shopping channels by ArsenneLupin · 2012-04-17 21:51 · Score: 2

"Here goes your facebook ID, oops so bad, you had a bank account interconnected to it...."

That would be Paypal ID, not facebook, and it's not as if nobody had told you so already one million times
Never gonna give you up. by Anonymous Coward · 2012-04-17 21:57 · Score: 5, Funny

Bonus points for the first ones to rickroll on every channel at once.
And... go
Dumb displays by mehrotra.akash · 2012-04-17 21:57 · Score: 5, Insightful

I prefer my TV's to be dumb displays
They should be limited to take video in, modify resolution/contrast/etc as per settings and display it on the screen, and provide a control interface
IF I want to play media on it, I will use a device for that
Modularity is better
1. Re:Dumb displays by Chrisq · 2012-04-17 23:00 · Score: 4, Funny
  
  I prefer my TV's to be dumb displays
  ... Like your women?
2. Re:Dumb displays by cbope · 2012-04-17 23:47 · Score: 4, Insightful
  
  The more functionality that becomes "built-in", the quicker that "display device" will become obsolete. Is it any wonder why the manufacturers are pushing smart TV's so hard?
  First, there was TV!
  Then widescreen!
  Then HD Ready!
  Then Full HD!
  Then LED!
  Then 3D!
  Now Smart TV!
  The rate of obsolescence has really increased in the past 15 years or so with TV's. That's why I waited for Full HD to drop into my price range, and I bought a good, high-end LCD of a decent size with HDMI inputs. I can plug anything into it. I do not miss LED, 3D or smart TV. I can play back blu-ray at full quality, which is enough. I have an HTPC connected to it for browsing and media playback.
  I prefer to keep my displays dumb and put the smarts elsewhere. That is unless you want to buy a new TV every few years... (I certainly have better things to spend my money on)
3. Re:Dumb displays by ColdWetDog · 2012-04-18 00:13 · Score: 2
  
  I prefer to keep my displays dumb and put the smarts elsewhere.
  The problem is that, for much of the viewing audience, there is no 'elsewhere'.
  
  --
  Faster! Faster! Faster would be better!
4. Re:Dumb displays by V!NCENT · 2012-04-18 01:41 · Score: 2
  
  Meh... I want a server somewhere in my house, a TV sized screen in the living room, a tablet screen and a desktop screen.
  All data Plan9 from Bell Labs style on the server (removeable harddrive slots with clone functionality for backup storing purposes when they get full and content goes on newer, larger and faster harddrive).
  Apps in the form of GTK3/Qt HTMLv5 style, steamed over the home network/VPN and all local apps via Java/GNU Smalltalk (platform abstracted code, platform abstracted packages, OpenGL bindings plus touch and interface improved API's.
  All local input and output devices with Bluetooth (cut the wires) with enhanced security, except for the printer.
  That way the TV is a TV, console, cinema and home portal for ubiquitous household devices. The smartphone terminal is a remote, compas, phone, whatever. The tablet is for everything else replacing the last non-digital stuff (maps, boardgames, whatever) and the desktop is for development and other production stuff.
  All should have EyeFinity/retena resolution and the desktop and TV should come with a logic module that you can replace with a new one (better SoC, newer networking/device interfaces, etc).
  Done. Fuck remote cloud computing!
  
  --
  Here be signatures
Re:Shopping channels by neyla · 2012-04-17 22:13 · Score: 2

Why would you care about that ?
I must have been hacked by ozduo · 2012-04-17 22:15 · Score: 2

Because all I'm getting are repeats

--
I got to the chocolate box before you, that's why the hard ones have teeth marks.
I have a challenge to all hackers out there by AuMatar · 2012-04-17 22:18 · Score: 5, Funny

The ultimate TV hack, one that will make you the most infamous hacker in the US. Make it so that during the last quarter of the superbowl, the entire country gets rickrolled and are unable to return to the game. If it's a close game, wait til the very end (last year doing it on Brady's last drive would be perfect).

--
I still have more fans than freaks. WTF is wrong with you people?
1. Re:I have a challenge to all hackers out there by Cornwallis · 2012-04-18 00:05 · Score: 5, Funny
  
  Playing "Heidi" might be more appropriate.
More concerned by the TV companies than hackers by travellerjohn · 2012-04-17 22:26 · Score: 5, Insightful

An internet enabled TV is going to be irresistible to TV companies. Perfectly legally they will get together with the manufacturers to personalise you TV experience. Given half a chance they will monitor your viewing, suggest programs, personalise adverts, maybe even personalise the news. Not so bad you might think: I never have to see Sarah Palin on the TV again. More likely, if they think you are an independent voter in a swing state, it is back to back political adverts for you for the next six months. Don't be surprised if your remote dont seem to work half way through a PAC spot. Remember If You're Not Paying for It; You're the Product
1. Re:More concerned by the TV companies than hackers by Craefter · 2012-04-18 00:48 · Score: 2
  
  I was thinking along the same lines. In the near future you will probably be labled a thief if you don't sit out the commercials and zap to other channels. The content delivery program will also offer you a rebate if the camera on top of the TV detects that you are intently watching the commercial breaks..... and smiling.
Think! by flyneye · 2012-04-17 22:36 · Score: 4, Interesting

Think once,
Think twice,
Think don't watch television. It was never beneficial. It soaks up valuable internet/gaming time. Pay t.v. is never worth the cost.
Just another screen to clean.It encourages relatives/loafers to hang around your place eating your food for longer than normal.
Whatever is on will just piss you off / bore you. It's just re-runs anyway. Just take it to Salvation Army and get a donation receipt for tax purposes.

--
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
1. Re:Think! by Anonymous Coward · 2012-04-18 00:08 · Score: 4, Funny
  
  Oh hey, it's you:
  http://www.theonion.com/articles/area-man-constantly-mentioning-he-doesnt-own-a-tel,429/
  Get off your high horse. There are plenty of good, informative shows for intelligent people to watch. And despite the popular meme, there actally are shows that are pretty well done. Not everything on TV is lowest-common-denominator crap.
2. Re:Think! by KGIII · 2012-04-18 00:52 · Score: 2
  
  Yip. I watch pretty much nothing but documentaries. Of course, because cable companies are retarded (or smart actually), I have to pay a lot more than I should for the privilege. I had to upgrade to the digital package with a bunch of silly channels that I've never watched just to get BBC America, The Military Channel, Planet Green, The Science Channel, and History International (H2 now).
  
  --
  "So long and thanks for all the fish."
3. Re:Think! by camperdave · 2012-04-18 01:54 · Score: 2
  
  Get off your high horse. There are plenty of good, informative shows for intelligent people to watch. And despite the popular meme, there actally are shows that are pretty well done.
  Speaking of which, when is the next season of Breaking Bad supposed to start? Not that it really needs it. Walter White saying "I won" was enough of a closer for me.
  
  --
  When our name is on the back of your car, we're behind you all the way!
4. Re:Think! by mcgrew · 2012-04-18 02:53 · Score: 2
  
  You can get most, if not all, of those on the internet. I cut cable years ago, now it's antenna, internet, DVDs and hard drives. I've had my computer connected to my TV for the last ten years. Seems folks are finally catching up to me.
  
  --
  Free Martian Whores!
5. Re:Think! by geekoid · 2012-04-18 05:30 · Score: 2
  
  " It was never beneficial."
  Those conversations I started about astronomy after watching Cosmos wasn't beneficial?
  The humor of Monty Python wasn't beneficial?
  The conversation I had with my 11 year old daughter about the Speed of light after watching Niel deGrasse Tyson wasn't beneficial?
  It's the content, not the medium that matters.
  And what benefit does gaming provide?
  If you have a loafer problem, get better friends.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Re:Can't hack what you don't have by DNS-and-BIND · 2012-04-17 22:47 · Score: 4, Funny

Area resident Jonathan Green does not own a television, a fact he repeatedly points out to friends, family, and coworkersâ"as well as to his mailman, neighborhood convenience-store clerks, and the man who cleans the hallways in his apartment building..
I gotta ask, do you have the same beard as the guy in the article?

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Amazing by ledow · 2012-04-17 22:52 · Score: 2

I wonder how they intend to hack my TV when it's not plugged into either Ethernet or wireless networks. Because even if I did have an "Internet TV", it wouldn't be plugged in.
If it was, it would be behind my firewall/router. If they were relying on me to visit a malicious website to "infect" my TV, they'd be sadly disappointed - I can't imagine that many people use their TV like that given that every year or so the requirements change. If you can see a modern Internet site (e.g. Flash, Silverlight, etc.), then chances are that your software is pretty up-to-date and no worse than a PC that was similarly updated.
Of those that don't handle interactive content directly, it's either not a risk (it's pretty hard to crash AND compromise an embedded browser with just a badly formed HTML page or similar), or it goes through some sort of remote proxy (e.g. Opera Mini) that will probably be working to stamp out the problem for you.
Above all that, beyond playing tricks and crashing my browser, I'd be interested to know what incentive they would have to do that? I don't plug credit card numbers into my TV. I watch TV on it. If you're silly enough to plug in things like Facebook, Twitter, etc. passwords into your TV, then maybe they could cause a little havoc ("Guess what John watched last night on the Adult Channel?") but that's about it.
Or is this just a ruse to sell "Antivirus for your TV"?
These devices are pretty passive, unless you make them do something. You're pretty safe while your internal network is clean (and if it isn't, your TV is the least of your worries). To infect would require some kind of active participation (same as any well-managed PC) that, maybe, possibly, it wouldn't be able to handle safely. But, chances are, the havoc it could wreak would be nothing compared to that same user on their laptop.
Of course it's something to think about but I don't think such a big fuss should be made. Hell, people still haven't worked out that a smartphone is yet-another-computer that they have to manage properly, with bad consequences if they don't (run up enormous bills, etc.). But even they aren't that much of a problem. I've never had anyone come to me about fixing their smartphone because of things like this, but I get 2-3 a week about their laptops etc. I've certainly never had anyone ask about their TV unless it was a dumb TV or literally how to wire it to their Internet connection / Wii / whatever.
I think infinitely more dangerous than a TV would be:
- smartphones
- gaming consoles with internet access / wireless
- smart meters with internet access / wireless
- Skype phones
- Internet connected printers
- etc.
And a lot of those have been running around people's houses (some targetted at non-techy users) for years. Yes, it's almost certainly possible to "attack" my printer / TV / Skype phone. But it's almost certainly not worth the effort to a) discover what model I use, b) link that to an IP address, c) somehow enter my network and intercept communications to it, d) figure out how to do something clever on that device when actions that are much easier to do and hide mean you can compromise similar people anyway.
Worst case scenario is that your TV web browsing is an "insecure" as your laptop web browsing. But with much less potential impact.
1. Re:Amazing by SuricouRaven · 2012-04-17 23:26 · Score: 3, Informative
  
  "Above all that, beyond playing tricks and crashing my browser, I'd be interested to know what incentive they would have to do that?"
  
  Long-term botnet. Good for spamming, ad-fraud, DDoSing, that sort of thing.
Re:Shopping channels by ByOhTek · 2012-04-17 22:55 · Score: 4, Funny

I'd care. Huge improvement. Have you seen the shit they throw out on Disney? You can at least expect a tolerable plot from Playboy.

--
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Re:The revolution by dmacleod808 · 2012-04-17 23:49 · Score: 2

My crap is already in 3D...

--
There Can Be Only One...
Mine won't by Trogre · 2012-04-17 23:59 · Score: 2

Because I won't put it on the Internet. That's what I have an HTPC for. And I know how to secure that. It's looking likely I will still have an HTPC in 10 years time, and nothing except standalone computers and perhaps a smartphone connected to the Internet.
Short-sighted you say? No, I've merely learned my lessons.

--
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Improved security or more BS laws by OldHawk777 · 2012-04-18 00:09 · Score: 2

Improving security cost more and does more than a BS laws, but Bad Security (BS) laws only cost a few politicians and will exempt TV makers and Cable/Sat providers from all liability. Corporate-Welfare is best for the Plutocrat Republic, never good for US.
Hack2Secure

--
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Re:Shopping channels by philip.paradis · 2012-04-18 00:10 · Score: 2

You're not supposed to use Toys 'R Us as a place to meet new girlfriends, unless you're talking about the moms.

--
Write failed: Broken pipe
Re:I already hacked mine by garyok · 2012-04-18 00:24 · Score: 2

To upgrade the firmware enabling a Just Scan mode that the (lazy / incompetent / brain-damaged - take your pick) engineers at Samsung neglected to include in the default set of aspect ratios. It beggared belief that an aspect ratio that just displays the picture without adjustment wasn't included in the first place. Especially considering the damn thing has a VGA port and it was obviously meant to support input from a PC. A massive pain in the arse it was too - it needed a custom serial cable I had to put together myself from iffy specs I found online, with the (actually official) firmware update from another hobbyist site as Samsung didn't host it. Then there was the 30s or so sweating bullets as I thought I'd bricked my telly before the new firmware started running. I don't recommend it.
Hmm - never meant to post that as AC. I wondered why I was asked for a CAPTCHA...

--
One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
Re:Shopping channels by FaxeTheCat · 2012-04-18 00:41 · Score: 3, Funny

FFS their Jan/Feb 2012 issue was of Lindsey Lohan, photoshopped to hell and back.
And I thought photoshopping was used to to improve pictures...
Re:OpenBSD by jamstar7 · 2012-04-18 03:58 · Score: 2

That's 'Cylon-American', you insensitive clod!!! 'Toaster' is offensive to us!

--
Understanding the scope of the problem is the first step on the path to true panic.