Slashdot Mirror

← Back to Stories (view on slashdot.org)

European HbbTV Smart TV Holes Make Sets Hackable

Posted by Unknown on from the all-the-better-to-spy-on-you dept.

mask.of.sanity writes "Vulnerabilities in Hybrid Broadcast Broadband TV television sets have been found that allow viewers' home networks to be hacked, the programs they watched spied on, and even for TV sets to be turned into Bitcoin miners. The laboratory attacks took take advantage of the rich web features enabled in smart TVs running on the HbbTV network, a system loaded with online streaming content and apps which is used by more than 20 million viewers in Europe."

39 comments

  1. And of course........ by allaunjsilverfox2 · · Score: 4, Funny

    There STILL isn't anything worth watching on tv. :p

    --
    Restore the madness of youth's lechery
    1. Re:And of course........ by robthebloke · · Score: 2

      No, nothing since teletext shut down.

    2. Re:And of course........ by Sockatume · · Score: 1

      Moc-moc-a-moc.

      --
      No kidding!!! What do you say at this point?
    3. Re:And of course........ by mcgrew · · Score: 1

      Well, there's MythBusters and the Big BangTheory.

      Don't woosh me, bro.

      --
      Free Martian Whores!
  2. recent outbreak of scrutonium by Anonymous Coward · · Score: -1, Offtopic

    http://www.bloomberg.com/news/2013-06-05/almost-half-of-americans-say-obama-untruthful-about-irs.html

    "WASHINGTON DC - Engaged a relentless battle against time and fatigue, a select group of message scientists assembled by the White House's Center for Narrative Control say they will take "all steps necessary" to contain a recent outbreak of scrutonium, a deadly poll-eating supervirus that attacks the immuno-hope system, leaving victims vulnerable to material facts.

    "Failure is simply not an option," said an exhausted Mission Chief David Axelrod. "If left unchecked, this virus may actually force us to move back to Chicago."

    The recent re-infection of scrutonium into the body politic has been a harrowing turn of fortune for Axlerod and his scientific team. In November 2008, they had declared scrutonium "all but extinct," although they kept small amounts of the strain for use in laboratory experiments with Republican tax returns. It was thought to be in containment as recently as five weeks ago, with scientists citing poll results showing resistance to doses of unemployment previously considered fatal.

    All that changed on September 12 after an unexpected outbreak in Benghazi, Libya. Although it caught Axlerod and his team by surprise, they were temporarily able to keep it under control with a regimen of YouTube blame therapy and gaffe-meme injections. But the new Benghazi strain proved stubbornly resistant, and has continued to slowly spread.

    Amid their battle to contain the Benghazi strain, a second - and even more deadly - outbreak appeared in Denver on October 3. Nicknamed "the Doomsday Strain", the Denver scrutonium virus has thusfar been impervious to any attempt at containment.

    "We're dealing with the ultimate buzzkiller here," said Senior Narrative Engineer Stephanie Cutter. "This one directly attacks voters' ability to hallucinate happy thoughts, or even ignore the obvious - no matter how many squirrels we innoculate them with."

    Despite all-out efforts to contain the virus, by Friday daily internal gauge readings at CNC headquarters indicated a public opinion disaster was in the making. In order to buy time, Axlerod called on reserves from the 101st Media Narrative Squadron.

    "With a virus this aggressive, you need boots on the ground to help fight any new outbreak and sterilize the area with distractions," said CNC jounalistic affairs liaison David Plouffe. "Luckily, the 101st is highly trained, unquestioningly loyal, and completely immune to all known post-2008 strains of scrutonium."

    "That Mitt Romney sure seemed awful testy, didn't he?" said hazmat-suit clad Lt. Ben Smith of the 101st's Politico Company, sweeping the rubble of Denver for trace readings of scrutonium.

    While Smith and others work around the clock to quarantine the virus, Axlerod and his team remain deep beneath the White House in a specially constructed containment laboratory, racing to find a cure before it has a chance to wipe out Washington as we know it. Although all their experiments have thusfar proven unsuccessful, Axlerod refuses to concede.

    "If I've learned anything in this job, it's that hope is a strategy," he said, wiping flopsweat from his combover.

    "For instance, maybe Joe Biden will find a cure Wednesday night," he added.

  3. Smart TVs not a smart idea by ArcadeMan · · Score: 4, Insightful

    One more reason to buy a dumb computer monitor and use it as a TV.

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Smart TVs not a smart idea by gstoddart · · Score: 4, Insightful

      Agreed. I have no interest in having my TV connect to the internet .. or my fridge, or my toaster, or my toilet.

      Everyone is in a big rush to say "ZOMG, it's on the intarwebs and has Facebook and Netflix", but I frequently find myself thinking "wow, what a massive security hole waiting to happen".

      Vendors just want to get their product to market, and they rarely take the time to actually think about (or properly implement) security.

      --
      Lost at C:>. Found at C.
    2. Re:Smart TVs not a smart idea by wonkey_monkey · · Score: 1

      Or just don't connect it to the network and save yourself the trouble of having to buy a separate STB and speakers. And getting up to turn it on.

      --
      systemd is Roko's Basilisk.
    3. Re:Smart TVs not a smart idea by gstoddart · · Score: 2

      But then you'd still have to pay the extra for a smart TV that you're going to use as a dumb screen

      Why would I spend more on a TV for features I don't want and don't plan to use?

      --
      Lost at C:>. Found at C.
    4. Re:Smart TVs not a smart idea by bbn · · Score: 2

      Agreed. I have no interest in having my TV connect to the internet .. or my fridge, or my toaster, or my toilet.

      The internet is the _only_ connection my TV has. I skipped buying cable and terrestrial is not an option here.

      It just happens that my TV can actually show a lot of TV content with just Internet. The national TV is available as streaming. And I got Netflix and HBO Nordic. I am never going to buy cable again.

      Comparing the TV to the fridge, toaster and toilet is so misguided. The TV has a very real reason to be on the internet: The internet is the pipe to entertainment that I am viewing on the TV. It is the coax port on the TV that is going to be obsolete in the future. Already people like me are not using it anymore.

    5. Re:Smart TVs not a smart idea by Medievalist · · Score: 0

      Why would I spend more on a TV for features I don't want and don't plan to use?

      Because if you don't, the terrorists win. Why do you hate America?

    6. Re:Smart TVs not a smart idea by ArcadeMan · · Score: 2

      My computer monitor is also connected to the Internet, but via a small AppleTV box. What happens when your manufacturer decides it won't update your TV about a critical security hole?

      The TV itself doesn't have to be connected to anything except a small box. Replacing the small box will be less costly for your wallet and less costly for the environment than replacing the whole TV.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    7. Re:Smart TVs not a smart idea by Anonymous Coward · · Score: 1

      What happens when Apple decides it won't update AppleTV anymore?

      What a dumb argument.

    8. Re:Smart TVs not a smart idea by ArcadeMan · · Score: 2

      And you're a dumb reader.

      "Replacing the small box will be less costly for your wallet and less costly for the environment than replacing the whole TV."

      --
      Get free satoshi (Bitcoin) and Dogecoins
    9. Re:Smart TVs not a smart idea by wonkey_monkey · · Score: 1

      Why would I spend more on a TV for features I don't want and don't plan to use?

      There is still such a thing as a non-smart TV. Eventually the smart ones will get cheap enough that they'll stop making non-smart, but you still (probably) won't be forced to use the smart features.

      --
      systemd is Roko's Basilisk.
    10. Re:Smart TVs not a smart idea by gstoddart · · Score: 1

      There is still such a thing as a non-smart TV.

      No shit, but since it was you who suggested we could all just buy smart TVs and not hook them up to the network, telling me now that I could buy a non-smart TV seems kinda pointless.

      --
      Lost at C:>. Found at C.
    11. Re:Smart TVs not a smart idea by gstoddart · · Score: 2

      What happens when Apple decides it won't update AppleTV anymore?

      The exact same thing that happened when Apple decided not to update the original iPad ... they pissed off their early adopters, and life went on.

      However, given the cost of an Apple TV versus a large HDTV screen, replacing the Apple TV is still the easier route.

      --
      Lost at C:>. Found at C.
    12. Re:Smart TVs not a smart idea by lgw · · Score: 1

      High-end TVs are all smart now. I find that annoying, as I'm looking for one right now. You can't seem to get a top-quality 60" plasma display that doesn't include a bunch of "smart TV" features bundled with it. I will likely end up buying one, and not hooking it to the network, even though the whole situation is quite silly.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    13. Re:Smart TVs not a smart idea by Anonymous Coward · · Score: 0

      What's to stop him getting an add-on box when the TV software is no longer updated and stops working? Implying that his only option would be to replace the TV is just stupid.

    14. Re:Smart TVs not a smart idea by ArcadeMan · · Score: 1

      His TV would still be a target because of all the "smart" inside it.

      --
      Get free satoshi (Bitcoin) and Dogecoins
  4. GOV'T MOTORS BAILOUT: $10 BILLION LOSS by Anonymous Coward · · Score: -1

    http://www.detroitnews.com/article/20130605/AUTO0103/306050039/Treasury-UAW-health-care-trust-will-sell-50-million-shares-GM-stock?odyssey=tab|topnews|text|FRONTPAGE

    " The Treasury sold nearly 20 percent of its remaining shares in General Motors Co. in the first three months of the year, the Detroit automaker disclosed Thursday.

    The Treasury, which initially held 60.8 percent of GM as part of the U.S. $49.5 billion bailout, now owns just 16.4 percent, or 241.7 million shares. In December, the Treasury sold GM 200 million shares of its stake for $5.5 billion to reduce its stake to 300 million shares.

    In total, Treasury has recouped $30.6 billion. At current trading prices, Treasury would lose around $10 billion on its GM bailout."

    The treasury is of course all taxpaying citizens, that is Obama just stole all this money and gave it to the unions which as we know don't do squat for the country save for sucking Obamas cock.

    That's the fact, deal with it.

  5. Awesome 7P by Anonymous Coward · · Score: -1

    More graNdiose

  6. Bitcoin mining? Is anyone still trying that? by jeffmeden · · Score: 2

    Bitcoin mining is so difficult at this point (due to so much interest, and dedicated hardware designs being applied to it) that it is nearly impossible to do on "harvested" hardware like these smartTV devices. Even getting a few thousand into a mining botnet is not likely to yield any significant return compared to say, using it as a for-hire DDOS botnet, or a spam botnet.

    1. Re:Bitcoin mining? Is anyone still trying that? by Trepidity · · Score: 1

      The analyst seems to admit that it probably wouldn't be feasible, in the same breath that he raises the possibility:

      He said JavaScript Bitcoin miners like Bitcoin Plus could be also run on the TVs, though its effectiveness may be questionable.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    2. Re:Bitcoin mining? Is anyone still trying that? by loufoque · · Score: 4, Interesting

      What is difficult is to mine bitcoins worth more than the costs of running the machine.
      But these hackers obviously do NOT pay the electricity bills of their victims.

    3. Re:Bitcoin mining? Is anyone still trying that? by jeffmeden · · Score: 1

      The analyst seems to admit that it probably wouldn't be feasible, in the same breath that he raises the possibility:

      He said JavaScript Bitcoin miners like Bitcoin Plus could be also run on the TVs, though its effectiveness may be questionable.

      The difficulty is so high that even if you got all 20 million of those, with no optimized hashing you would be looking at a botnet that is sill less powerful than what $1000 can get you off the shelf, and the value as a 20 million node DDoS botnet has to be a lot more than that.

    4. Re:Bitcoin mining? Is anyone still trying that? by Anonymous Coward · · Score: 0

      The analyst seems to admit that it probably wouldn't be feasible, in the same breath that he raises the possibility:

      He said JavaScript Bitcoin miners like Bitcoin Plus could be also run on the TVs, though its effectiveness may be questionable.

      The difficulty is so high that even if you got all 20 million of those, with no optimized hashing you would be looking at a botnet that is sill less powerful than what $1000 can get you off the shelf, and the value as a 20 million node DDoS botnet has to be a lot more than that.

      It might be inefficient, but that's not the same as nobody would do it. It's 20 million devices with no anti virus, firewall etc. Maybe they could earn more on targeting computers, but who said they have to pick just one?

      Besides expect the unexpected. I know somebody crashed a server by getting it to fill the HD (this was years ago) apparently for the sole reason of crashing the server. Crashing a random TV or making it display porn would be no different.

    5. Re:Bitcoin mining? Is anyone still trying that? by Anonymous Coward · · Score: 0

      Bitcoin Plus is really a lame way to mine bitcoins. Yes, you can generate 0.00000251 BTC an hour on that platform, but that will only net you 0.0216864 per year, which is less than $3.00 at today's exchange rate. Why would anyone think that's worth the effort?

  7. What attacks? by Anonymous Coward · · Score: 1

    This seems to be blown out of all proportion.

    These attacks made assailants essentially entertainment providers. They included digital video broadcasting (DVB) and digital storage media command and control injection in which attackers specified a URL to inject content into streaming carousels within the TV.

    In other words, an "attacker" who controls the broadcast TV signal can make your TV show a webpage they control. Yawn. The whole point of HbbTV is that the broadcaster can show a webpage on your TV; there are the usual web browser security features to make that safe. Now if they'd found a security hole in the browser, that would be a real attack, but all they seem to have done is pretended to be a broadcaster.

    It's hard to control the broadcast TV signal, too. You either need to hack the head-end equipment or go out in a van with your own TV transmitter. The head-end equipment is reasonably well protected, just like any other high-value server. If you try going out in a van with your own TV transmitter, then the authorities (OFCOM in UK) will come after you with direction-finding gear and you'll be arrested. Even if you set up the transmitter and leave, so you're not arrested, the TV transmission gear costs a few thousand pounds so losing that every time will probably make attacks unprofitable, and they will eventually track you down.

    1. Re:What attacks? by Anonymous Coward · · Score: 0

      Comprehension fail.

      These are TVs connected to the Internet. There is no broadcast signal. There is no need for a TV transmitter. The signal comes from the Internet and has the exact same vulnerability that any connection to the Internet has.

    2. Re:What attacks? by manu0601 · · Score: 1

      I understand the attack could be done by a compromised machine sitting on the same private network. Or the local DNS could have been hacked and direct the TV box to a rogue server.

      I see other attacks possible outside of local LAN: DNS or BGP hijack, or compromised IPTV server, but they seem much less likely

  8. wow...buzzword bonanza by Connie_Lingus · · Score: 1

    unoptimized bitcoin miners...in a tv set...like THIS is the security threat we all need to be on the lookout for. really?

    but..oh yeah...there will be 20 million of them....with lazers!

    --
    never bring a twinkie to a food fight.
  9. The original source of this story by Anonymous Coward · · Score: 0

    This is the original article, the Australian is covering. Just FYI
    http://mherfurt.wordpress.com/2013/06/01/security-concerns-with-hbbtv/

  10. Hackers... not necessarily by mherfurt · · Score: 1

    Also the broadcast station could offer compromised content themselfes. Not very unlikely when you see what some of these folks already do. You could find the original article on mherfurt(dot)wordpress(dot)com Cheers!

  11. Advertising Jargon 101 by Anonymous Coward · · Score: 0

    Unlimited* = Limited
    Smart* = Terminally Dumb

  12. Coming soon by ThatsNotPudding · · Score: 1

    McAffe for TV!


    [shudder]

    1. Re:Coming soon by emho24 · · Score: 1

      It's coming, have no doubt.

      --
      You must gather your party before venturing forth.
    2. Re:Coming soon by antdude · · Score: 1

      Is that a fake clone of McAfee with malwares? :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  13. As we expected! by antdude · · Score: 1

    I will stick with my old fashion 19.5" Sharp CRT TV from 1996 that still works and not always used. :P

    Wait, when will smart TVs get security softwares like other devices? :P

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).