European HbbTV Smart TV Holes Make Sets Hackable

← Back to Stories (view on slashdot.org)

European HbbTV Smart TV Holes Make Sets Hackable

Posted by Unknown on Wednesday June 5, 2013 @01:36AM from the all-the-better-to-spy-on-you dept.

mask.of.sanity writes "Vulnerabilities in Hybrid Broadcast Broadband TV television sets have been found that allow viewers' home networks to be hacked, the programs they watched spied on, and even for TV sets to be turned into Bitcoin miners. The laboratory attacks took take advantage of the rich web features enabled in smart TVs running on the HbbTV network, a system loaded with online streaming content and apps which is used by more than 20 million viewers in Europe."

39 comments

Min score:

Reason:

Sort:

And of course........ by allaunjsilverfox2 · 2013-06-05 01:39 · Score: 4, Funny

There STILL isn't anything worth watching on tv. :p

--
Restore the madness of youth's lechery
1. Re:And of course........ by robthebloke · 2013-06-05 02:21 · Score: 2
  
  No, nothing since teletext shut down.
2. Re:And of course........ by Sockatume · 2013-06-05 03:52 · Score: 1
  
  Moc-moc-a-moc.
  
  --
  No kidding!!! What do you say at this point?
3. Re:And of course........ by mcgrew · 2013-06-05 04:39 · Score: 1
  
  Well, there's MythBusters and the Big BangTheory.
  Don't woosh me, bro.
  
  --
  Free Martian Whores!
Smart TVs not a smart idea by ArcadeMan · 2013-06-05 01:47 · Score: 4, Insightful

One more reason to buy a dumb computer monitor and use it as a TV.

--
Get free satoshi (Bitcoin) and Dogecoins
1. Re:Smart TVs not a smart idea by gstoddart · 2013-06-05 02:07 · Score: 4, Insightful
  
  Agreed. I have no interest in having my TV connect to the internet .. or my fridge, or my toaster, or my toilet.
  Everyone is in a big rush to say "ZOMG, it's on the intarwebs and has Facebook and Netflix", but I frequently find myself thinking "wow, what a massive security hole waiting to happen".
  Vendors just want to get their product to market, and they rarely take the time to actually think about (or properly implement) security.
  
  --
  Lost at C:>. Found at C.
2. Re:Smart TVs not a smart idea by wonkey_monkey · 2013-06-05 02:27 · Score: 1
  
  Or just don't connect it to the network and save yourself the trouble of having to buy a separate STB and speakers. And getting up to turn it on.
  
  --
  systemd is Roko's Basilisk.
3. Re:Smart TVs not a smart idea by gstoddart · 2013-06-05 02:30 · Score: 2
  
  But then you'd still have to pay the extra for a smart TV that you're going to use as a dumb screen
  Why would I spend more on a TV for features I don't want and don't plan to use?
  
  --
  Lost at C:>. Found at C.
4. Re:Smart TVs not a smart idea by bbn · 2013-06-05 02:51 · Score: 2
  
  Agreed. I have no interest in having my TV connect to the internet .. or my fridge, or my toaster, or my toilet.
  The internet is the _only_ connection my TV has. I skipped buying cable and terrestrial is not an option here.
  It just happens that my TV can actually show a lot of TV content with just Internet. The national TV is available as streaming. And I got Netflix and HBO Nordic. I am never going to buy cable again.
  Comparing the TV to the fridge, toaster and toilet is so misguided. The TV has a very real reason to be on the internet: The internet is the pipe to entertainment that I am viewing on the TV. It is the coax port on the TV that is going to be obsolete in the future. Already people like me are not using it anymore.
5. Re:Smart TVs not a smart idea by Medievalist · 2013-06-05 03:02 · Score: 0
  
  Why would I spend more on a TV for features I don't want and don't plan to use?
  Because if you don't, the terrorists win. Why do you hate America?
6. Re:Smart TVs not a smart idea by ArcadeMan · 2013-06-05 03:04 · Score: 2
  
  My computer monitor is also connected to the Internet, but via a small AppleTV box. What happens when your manufacturer decides it won't update your TV about a critical security hole?
  The TV itself doesn't have to be connected to anything except a small box. Replacing the small box will be less costly for your wallet and less costly for the environment than replacing the whole TV.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
7. Re:Smart TVs not a smart idea by Anonymous Coward · 2013-06-05 03:09 · Score: 1
  
  What happens when Apple decides it won't update AppleTV anymore?
  What a dumb argument.
8. Re:Smart TVs not a smart idea by ArcadeMan · 2013-06-05 03:10 · Score: 2
  
  And you're a dumb reader.
  "Replacing the small box will be less costly for your wallet and less costly for the environment than replacing the whole TV."
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
9. Re:Smart TVs not a smart idea by wonkey_monkey · 2013-06-05 04:12 · Score: 1
  
  Why would I spend more on a TV for features I don't want and don't plan to use?
  There is still such a thing as a non-smart TV. Eventually the smart ones will get cheap enough that they'll stop making non-smart, but you still (probably) won't be forced to use the smart features.
  
  --
  systemd is Roko's Basilisk.
10. Re:Smart TVs not a smart idea by gstoddart · 2013-06-05 04:29 · Score: 1
  
  There is still such a thing as a non-smart TV.
  No shit, but since it was you who suggested we could all just buy smart TVs and not hook them up to the network, telling me now that I could buy a non-smart TV seems kinda pointless.
  
  --
  Lost at C:>. Found at C.
11. Re:Smart TVs not a smart idea by gstoddart · 2013-06-05 05:18 · Score: 2
  
  What happens when Apple decides it won't update AppleTV anymore?
  The exact same thing that happened when Apple decided not to update the original iPad ... they pissed off their early adopters, and life went on.
  However, given the cost of an Apple TV versus a large HDTV screen, replacing the Apple TV is still the easier route.
  
  --
  Lost at C:>. Found at C.
12. Re:Smart TVs not a smart idea by lgw · 2013-06-05 06:52 · Score: 1
  
  High-end TVs are all smart now. I find that annoying, as I'm looking for one right now. You can't seem to get a top-quality 60" plasma display that doesn't include a bunch of "smart TV" features bundled with it. I will likely end up buying one, and not hooking it to the network, even though the whole situation is quite silly.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
13. Re:Smart TVs not a smart idea by Anonymous Coward · 2013-06-05 10:21 · Score: 0
  
  What's to stop him getting an add-on box when the TV software is no longer updated and stops working? Implying that his only option would be to replace the TV is just stupid.
14. Re:Smart TVs not a smart idea by ArcadeMan · 2013-06-05 13:16 · Score: 1
  
  His TV would still be a target because of all the "smart" inside it.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
Bitcoin mining? Is anyone still trying that? by jeffmeden · 2013-06-05 01:56 · Score: 2

Bitcoin mining is so difficult at this point (due to so much interest, and dedicated hardware designs being applied to it) that it is nearly impossible to do on "harvested" hardware like these smartTV devices. Even getting a few thousand into a mining botnet is not likely to yield any significant return compared to say, using it as a for-hire DDOS botnet, or a spam botnet.
1. Re:Bitcoin mining? Is anyone still trying that? by Trepidity · 2013-06-05 02:16 · Score: 1
  
  The analyst seems to admit that it probably wouldn't be feasible, in the same breath that he raises the possibility:
  
  He said JavaScript Bitcoin miners like Bitcoin Plus could be also run on the TVs, though its effectiveness may be questionable.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
2. Re:Bitcoin mining? Is anyone still trying that? by loufoque · 2013-06-05 02:21 · Score: 4, Interesting
  
  What is difficult is to mine bitcoins worth more than the costs of running the machine.
  But these hackers obviously do NOT pay the electricity bills of their victims.
3. Re:Bitcoin mining? Is anyone still trying that? by jeffmeden · 2013-06-05 02:42 · Score: 1
  
  The analyst seems to admit that it probably wouldn't be feasible, in the same breath that he raises the possibility:
  
  He said JavaScript Bitcoin miners like Bitcoin Plus could be also run on the TVs, though its effectiveness may be questionable.
  The difficulty is so high that even if you got all 20 million of those, with no optimized hashing you would be looking at a botnet that is sill less powerful than what $1000 can get you off the shelf, and the value as a 20 million node DDoS botnet has to be a lot more than that.
4. Re:Bitcoin mining? Is anyone still trying that? by Anonymous Coward · 2013-06-05 09:22 · Score: 0
  
  The analyst seems to admit that it probably wouldn't be feasible, in the same breath that he raises the possibility:
  
  He said JavaScript Bitcoin miners like Bitcoin Plus could be also run on the TVs, though its effectiveness may be questionable.
  The difficulty is so high that even if you got all 20 million of those, with no optimized hashing you would be looking at a botnet that is sill less powerful than what $1000 can get you off the shelf, and the value as a 20 million node DDoS botnet has to be a lot more than that.
  It might be inefficient, but that's not the same as nobody would do it. It's 20 million devices with no anti virus, firewall etc. Maybe they could earn more on targeting computers, but who said they have to pick just one?
  Besides expect the unexpected. I know somebody crashed a server by getting it to fill the HD (this was years ago) apparently for the sole reason of crashing the server. Crashing a random TV or making it display porn would be no different.
5. Re:Bitcoin mining? Is anyone still trying that? by Anonymous Coward · 2013-06-05 09:32 · Score: 0
  
  Bitcoin Plus is really a lame way to mine bitcoins. Yes, you can generate 0.00000251 BTC an hour on that platform, but that will only net you 0.0216864 per year, which is less than $3.00 at today's exchange rate. Why would anyone think that's worth the effort?
What attacks? by Anonymous Coward · 2013-06-05 02:26 · Score: 1

This seems to be blown out of all proportion.

These attacks made assailants essentially entertainment providers. They included digital video broadcasting (DVB) and digital storage media command and control injection in which attackers specified a URL to inject content into streaming carousels within the TV.
In other words, an "attacker" who controls the broadcast TV signal can make your TV show a webpage they control. Yawn. The whole point of HbbTV is that the broadcaster can show a webpage on your TV; there are the usual web browser security features to make that safe. Now if they'd found a security hole in the browser, that would be a real attack, but all they seem to have done is pretended to be a broadcaster.
It's hard to control the broadcast TV signal, too. You either need to hack the head-end equipment or go out in a van with your own TV transmitter. The head-end equipment is reasonably well protected, just like any other high-value server. If you try going out in a van with your own TV transmitter, then the authorities (OFCOM in UK) will come after you with direction-finding gear and you'll be arrested. Even if you set up the transmitter and leave, so you're not arrested, the TV transmission gear costs a few thousand pounds so losing that every time will probably make attacks unprofitable, and they will eventually track you down.
1. Re:What attacks? by Anonymous Coward · 2013-06-05 04:27 · Score: 0
  
  Comprehension fail.
  These are TVs connected to the Internet. There is no broadcast signal. There is no need for a TV transmitter. The signal comes from the Internet and has the exact same vulnerability that any connection to the Internet has.
2. Re:What attacks? by manu0601 · 2013-06-05 14:55 · Score: 1
  
  I understand the attack could be done by a compromised machine sitting on the same private network. Or the local DNS could have been hacked and direct the TV box to a rogue server.
  I see other attacks possible outside of local LAN: DNS or BGP hijack, or compromised IPTV server, but they seem much less likely
wow...buzzword bonanza by Connie_Lingus · 2013-06-05 02:48 · Score: 1

unoptimized bitcoin miners...in a tv set...like THIS is the security threat we all need to be on the lookout for. really?
but..oh yeah...there will be 20 million of them....with lazers!

--
never bring a twinkie to a food fight.
The original source of this story by Anonymous Coward · 2013-06-05 03:13 · Score: 0

This is the original article, the Australian is covering. Just FYI
http://mherfurt.wordpress.com/2013/06/01/security-concerns-with-hbbtv/
Hackers... not necessarily by mherfurt · 2013-06-05 04:26 · Score: 1

Also the broadcast station could offer compromised content themselfes. Not very unlikely when you see what some of these folks already do. You could find the original article on mherfurt(dot)wordpress(dot)com Cheers!
Advertising Jargon 101 by Anonymous Coward · 2013-06-05 04:59 · Score: 0

Unlimited* = Limited
Smart* = Terminally Dumb
Coming soon by ThatsNotPudding · 2013-06-05 05:25 · Score: 1

McAffe for TV!

[shudder]
1. Re:Coming soon by emho24 · 2013-06-05 06:22 · Score: 1
  
  It's coming, have no doubt.
  
  --
  You must gather your party before venturing forth.
2. Re:Coming soon by antdude · 2013-06-06 01:40 · Score: 1
  
  Is that a fake clone of McAfee with malwares? :P
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
As we expected! by antdude · 2013-06-06 01:19 · Score: 1

I will stick with my old fashion 19.5" Sharp CRT TV from 1996 that still works and not always used. :P
Wait, when will smart TVs get security softwares like other devices? :P

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).