Slashdot Mirror
Millions of Smart TVs Vulnerable To 'Red Button' Attack
An anonymous reader writes "Researchers from Columbia University's Network Security Lab discovered a flaw affecting millions of Smart TVs supporting the HbbTV standard. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to interact with any website on their behalf — Academic paper available online."
Yes, I RTFA. And the responsible consortium knows about the bug and doesn't consider it "important" enough to warrant a change because it's "not cost efficient" to execute an attack.
It is.
If all it takes is to weave a signal into the program, there are SO many places where this can take place that it's literally trivial to execute. Aside of the idea they present themselves, i.e. a 1MW transmitter used to infect a rather small area, how about using the broadcast itself? Yes, that means that you have to gain access to the show when or before it is aired, but considering just how many people are concerned with the creation of TV programming, having an "inside man" is fairly trivial. From production to cutting to storage to preparation to the actual broadcast, a show goes through many, many hands, every single thereof having the chance to inject the signal without anyone noticing before it's too late.
Now add that the more recent history taught us that governments are certainly not above abusing such a flaw and tell me again that there is "no need for concern".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I disagree. That's like claiming you can hack someone's ethernet switch by writing a special html page because the traffic will simply pass through. This red button attack works differently. If I understand correctly the interactive stuff (tv guide, pause, record) is provided by the cable company. They may use an underlying feed from the broadcaster but that's it.
Joe Sixpack suffers a loss as a result of such an attack, who compensates him ? He has never heard of the possibility, but ignorance cannot be claimed by neither the smart TV manufacturers nor the TV broadcaster nor the local standards regulator. All of the latter will claim that it was some 'malicious 3rd party', but they knew about it and took no action to mitigate the threat. It is no longer an excuse to complain that ''it is software and very complicated''.
Who will compensate Joe Sixpack ?
Yes, that means that you have to gain access to the show when or before it is aired, but considering just how many people are concerned with the creation of TV programming, having an "inside man" is fairly trivial. From production to cutting to storage to preparation to the actual broadcast, a show goes through many, many hands, every single thereof having the chance to inject the signal without anyone noticing before it's too late.
So what? There's various ways you can tamper broadcast equipment and program signal as an inside man. Then you simply get fired from the company and you get to pay big fines for the damage you caused.
"Researchers from Dickweed University's Network Security Lab discovered a flaw affecting nearly every TV on the planet. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to turn on or off, or switch channels. The attack works by equipping a drone with a powerful universal remote, sending commands to all TVs in a broad range." It's even scarier like this!
So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data. The client TV then automatically interprets the HTML from the transport stream metadata. Provided that the attack was successful, a bunch of TVs can for example be controlled to access a certain website through HTTP requests, causing a denial of service attack for that website.
It requires a fair amount of RF and broadcast equipment know-how to set up your own mini TV station with a DVB stream with HTML properly injected in the TS metadata. And then you have to make sure that the receivers actually pick up your channel. Possible, but far from trivial. I suspect no one bothers exploiting this one.
Since this is SLashdot, I didn't bother reading the article - so, I am sure there is an obvious answer.
How does someone with a LOW BUDGET even have 10's of thousands of smart tv's in range of an RF signal?
I've been in the cable head-end for a city (a few hundred thousand nodes). All it'd take to do this is walk into the room and swap a commercial with one with the attack embedded. Thousands of people probably could get in there. At the right time, you could dress up as an electrician, and walk in.
And if you are an inside man, how would they catch you? Take a commercial, embed the attack. Then claim it must have been the editors for the commercial, who embedded it before it got to you. How would they prove anything? Would anyone smart enough to figure anything out even be looking at the case?
Learn to love Alaska
The people involved with the production of a tv show wouldn't have access to the data being exploited, the attack would have to be closer to the OTA broadcast or cable operator. Changing the files containing the code would be fairly obvious so you'd still need to use some hardware for a MITM attack inside the broadcast or cable facility.
TVs have no business being on the internet, much less downloading stuff from Facebook. A TV is for watching television. How did we do it up to now, without the internet? Gee...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
What would actually stop someone from connecting to the cable on the pole, blasting the transmission through it every 200 minutes or something and then pretending like nothing happened?
I mean almost no one would ever know it is happening as most cable boxes and TV buffer a small amount and the packet transmission would not need to be very long. Internet provided over the cable would likely just retransmit whatever got lost as it actually had error correction built in.
"not cost efficient"
Well... We are talking about their costs. Not the cost for the consumer. So in their minds, they're right. Obviously new buyers of the TV sets would be better off knowing this before they hand over cash - hence the news story is important.
There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. For the next hour, sit quietly and we will control all that you see and hear. We repeat: there is nothing wrong with your television set. You are about to participate in a great adventure. You are about to experience the awe and mystery which reaches from the inner mind to... The Outer Limits.
The Forbes article mentions a 1W and a 25W amplifier. Quick check confirms the paper also says this (not 1MW !).
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Looks like I just escaped disaster by not owning a TV at all. Torrents, baby, torrents and streaming.
I honestly don't understand why people would buy a "smart" TV instead of a monitor, surround sound speakers, and plug it in to a laptop or computer. How many people really use OTA broadcasts nowadays?
I do not fail; I succeed at finding out what does not work.
You can't embed the attack to a commercial or a TV show. The attack is stored in the transport stream, which is a higher abstraction level.
Maybe I got the article wrong but if you can hijack the feed than whats to stop you from inserting a 25th frame and zombie the population?
And if broadcasting companies can use smart tv sets to monitor what the people are watching then such an attack can screw up the actual data and inflate channel commercial prices. At least locally.
Depends. sometimes the commercial content is stored as a TS itself and muxed in (replaced the PID's of the normal stream). They do this for foreign channels where the ads need to be replaced with local equivalents. Depending on the mux setting it would be possible to put the smart tv content in the replacement TS.
At that point, you could probably perform various other attacks too. You are given access to important equipment and the company trusts you not to pull any funny shit. After that it all boils down whether you simply want to work ethically and do your job properly.
I prefer my Roku 2/3 to the smart features on my TVs but it is difficult to buy a nicer TV these days without the "Smart" features included. It would be nice is if you could disable the "Smart" part of these TVs. I don't think I have seen that as an option but I guess you could just disable the networking.
Keep the Classic Slashdot.
If a 1W transmitter could cover a neighborhood, a megawatt transmitter could cover a city.
Of course, the OP probably screwed up doubly, and meant mW. Getting and using a megawatt transmitter is hardly "trivial."
"National Security is the chief cause of national insecurity." - Celine's First Law
I've been doing audits for a rather long while now. Few companies have sensors on their inside.
In other words, it will be easy to find out THAT something went on after the incident. Who did it, otoh, is an entirely different matter. You'd be surprised how easy it is to get into a lot of companies and move about unhindered with the right uniform and the "I belong here" attitude.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
News at 11. Or is it...? (organ music) Dunnn Dunnn DUNNNNNN!!!
The article winds up with "Another fix would be to prompt users to press a button confirming their okay before an app launches on their TV, as well as regular reminders that apps are loading or running whenever they switch channels." Well, I don't look forward to having to click my remote to approve apps from my couch, but it's not exactly an emergency. Seems appropriate to wait for Miller Beer or Dr. Evil to actually execute the attempt first, before worrying much about the potential for television broadcast content impurities.
Gently reply
"All it'd take to do this is walk into the room and swap a commercial with one with the attack embedded."
I managed the Cable TV systems for commercial insertion for 10 years, so tell me again how easy it is to swap a TV commercial? Because all the AD insertion servers are password protected and also in locked racks that you have to get through first. Are you an uber haxor? where hacking a server is a 30 second trivial thing and then you know the Ad insertion software suite (Seachange By the way for all you Uber Hax0rs) so well that you carry the client insertion apps with you on your laptop? Oh and what file format did you encode that TV commercial? Because you need the right format for the system setup, no it's not the same nation wide.
In fact it's easier for you to pick a far less protected network location, Like a sales office, Get hired on the cleaning crew and attack the network from there to try and gain access to the encode and upload station at the main ad insertion office. If you are lucky, that one was set up by IT retards and is on both the corporate network and the ad insertion network (ad insertion network is a protected and isolated network)
A far more plausable route is social engineering while wearing a suit and having a lot of money. Contact a sales person for AD insertion, buy Air time and supply them with a Pre Encoded TV commercial that is already set up for their systems file and encoding settings. A file that hopefully they will just drop in the system and not run through any video re-encoding software that will destroy or strip your evil info. faking urgency and throwing a lot of cash at the sales person increases the chances of just a straight file copy, but that is against SOP and has a high possibility of failing. But then Places like Comcast pay nearly minimum wage for the poor guys that do video conversion and upload, so if done late in the day the chance that they will just copy and call it done is high.
Just swap a TV commercial..... That's Hilarious, this is not 1993 when you had racks full of video tapes for the TV commercials.
Do not look at laser with remaining good eye.
The fact that you will only affect the 6 houses that is connected to that pole. the COAX is only from that Optical termination to the houses, and you can not magically make the equipment at the headend change it's programming from transmit video only to receive the data return and then resend it out the video transmit.
And even if it was old COAX only, you cant magically make RF amplifiers rebroadcast backwards.
Do not look at laser with remaining good eye.
Dont even need the right uniform. I do this all the time in just street clothes. Hell even past security checkpoints it's easy "I left my badge in the car" works great.
Do not look at laser with remaining good eye.
When you make cheap, shitty, under-engineered, non-compatible systems that can't be commodotized because everyone is banking on their propriety system taking off and cornering the market... that you'll end up with a cheap, shitty, under-engineered system with major security flaws?
Yet another reason why Smart TVs are worse than useless.
The TS most likely re-written on final broadcast. If it is going out OTA, then the transmitter will repack the data as ATSC, regroom the MPEG2 content, and rewrite the PAT at the tower (usually with a custom PID for each video stream, a PID for DATA, etc, to make it consistent at the viewer's side). So changes are low there.
Since most CATV providers require a STB, very few TVs are using the ClearQAM streams directly (usually encrypted streams that require an handshaked box). Those very few that are using a CableCARD or equivalent are probably in such a minority you might not even want to bother. Oh, and the streams are re-packed when they are encrypted so garbage data is probably removed at that point.
Oh, and good luck "just walking into a CATV headend and replacing commercials." Every CATV headend that I've seen (including the one I run), don't store the commercials there, let alone have any way to change them. Those are usually controlled up-stream in some no-name office remotely then muxed or pulled in by the groomers or stat-muxers (depending on how they are setup).
Heh. Well, I'm kinda proud of our security staff, they even sent a board member back (despite said board member ranting and raving about how he'll ensure the security person be fired) because he forgot his access card.
And yes, the board member actually demanded him to be fired. When I asked him if he really wants me to fire one of our guards on grounds of him doing his job and following the security protocol unlike a certain board member who expected and ordered the guard to break security protocol, suddenly he had to leave in a hurry... dunno why...
I LOVE working in a company where security trumps productivity.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
http://www.hides.com.tw/produc...
This is an USB dongle, you push TS stream into it. Bundled Opencaster software will build TS stream for you. Basically its a small Digital TV station capable of transmitting one mux.
* DVB-T version, will not work with ATSC TVs in US. Btw LOL US and your ATSC A/53 mpeg2 "hd"tv.
Who logs in to gdm? Not I, said the duck.
Executable content from an uncontrolled source. Sheesh! Why do the folks who design/build entertainment electronics have such a limited understanding of the digital world? Going back to the invention of the Compact Disc as a music medium, the industry consistently demonstrates an inability to think broadly about the opportunities and consequences of the digital world.
People with home networks (i.e., lots of folks) and a TV that permits executable content that was received from an uncontrolled RF source to run on a CPU that has access to the TV's in-home Local Area Network connection will be so screwed it isn't funny.
If all TV's end up with this capability, we'll have to firewall off our TVs from the rest of our home networks. The last thing I need when I get home from work worrying about the unholy intersection of jackass hackers and jackass software vendors is my TV going rogue and hacking into the rest of my carefully secured digital castle through the television.
Is the US government asleep at the switch? Here is the opportunity to nip in the bud a huge threat to national security (ever see how many TVs there are all over all federal buildings these days?). If they can't understand basic Information Systems security enough to understand that executable content MUST be either be from a controlled/trusted source OR MUST be securely isolated from trusted network connections, then we need a new set of policy folks.
One way to stop this idiocy would be to convince the masses that this threat is too great to ignore. If no one buys the TV sets (which are essentially Trojan Horse wormholes), the manufacturers will certainly take notice. If we get the entertainment electronics journalists on board ringing the danger bell, that might put enough of a dent in sales to get their attention.
Thanks for the comments. I hope I can clarify some of the things people said here.
Re popularity of OTA vs. cable: Cable is more popular in the US, but that's just the US. Digital Terrestrial is much more common in other places - for example it's the most popular delivery method in Europe by far (page 39) . In the US immigrants use it a lot more than US-born.
To whomever suggested attacks via the remote control's IR port: that sounds a lot of fun to try, but the IR receiver's much less sensitive than the RF jack, it has a much lower data rate, and it needs line of sight.
About the power calculations: 1 Watt (0 dBm) can cover an area of 1.4 square Kilometers, under reasonable assumptions. The math is in the paper.
One last thing: A big shout-out to Martin Herfurt, whose work on HbbTV security was our starting point.
I'd say everyone who is like me and refuses to "pay for TV". Really, have you ever actually watched what they pay for? Commercials with commercials embedded in them, that is what people who think you "pay for TV" pay for.
Time is what keeps everything from happening all at once.
I just bought a new house and have been thinking about how I'm going to setup my network when I finally get a HDTV to go with the new house. Even before this article I was thinking the TV should be on its own vlan. Now I'm certain.
Want control of your local school board or city council?
Cheapest possible way.
We know name recognition sways lots of voters -- no matter how they happened to see the name, once they're staring at a ballot, oh, that one is one I've heard.
http://www.latimes.com/nation/...
for the flamers that say you need expensive equipment, there are always the heroes that can make it happen with low budget
http://bellard.org/dvbt/
so now we just need a power amplifier, and its not a 1MW PA. A 100W will do
"When an HbbTV application is downloaded from the Internet via URL, the origin of the web content is clearly defined by the URL, appropriately isolating HbbTV applications to their own domain and preventing them from interfering with Internet at large. However, when the content is embedded in the broadcast data stream it is not linked to any web server and, as such, has no implicitly defined origin.
The HbbTV specification suggests that in this case the broadcast stream should explicitly define its own web origin by setting the simple_application_boundary_descriptor property in the AIT to any desired domain name. The security implications of this design decision are staggering. Allowing the broadcast provider control over the purported origin of the embedded web content effectively lets a malicious broadcaster inject any script of his choice into any website of his choice."
if your TV plays Netflix and Vudu, what is the point of upgrading?
For one thing, Netflix may choose to end compatibility with older devices that don't support the new digital restrictions management capabilities on which its licensors insist. For another, a TV that supports only WEP won't work anymore if you upgrade your house's wireless network to better WPA family protocols.
someone hack the cable / sat box I want free HBO!!!
I honestly don't understand why people would buy a "smart" TV instead of a monitor, surround sound speakers, and plug it in to a laptop or computer.
Because not having a huge noisy tower next to the TV is more spouse-acceptable than having one. Because people don't have to keep it updated with Windows updates and antivirus updates. Because a computer's out-of-the-box interface is designed to be navigated from a desk with a mouse and keyboard rather than from a recliner with a traditional TV remote control. Because people have trouble plugging in a cable box and a BD player, let alone a computer. Because some people have tried to build a home theater PC and had a poor experience. And finally, because of tradition. Other people have weighed in on this.
One MEGAwatt? A transmitter like that will trample on *everything* nearby. I hope you meant one mW, or milliwatt...
AC
I knew the Easy Button could do a lot of things but this is just incredible
"no it's not the same nation wide."
So tell us again how you are sure OPs comment is about the same system you used?
Tell us how, if they are already not paying these guys much more than minimum wage, they would spend extra money buying an entirely new digital system instead of retrofitting existing hardware to use digital sources?
As for the security of the servers, your very attitude about it makes it that much more likely. The systems "isolated", why bother with strong non-dictionary passwords.
Showing animated Goatse during prime time would be awesome :D
Where I work the response to "I left my badge in the car" is "go back out to the parking lot and get it". To "I left my badge at home", if you've been there long enough you can go around back to the door that has fingerprint scanner access ("long enough" because we don't record fingerprints anymore). If that's not an option, Security will be happy to call your manager so he can come down and vouch for you, then issue you a visitor badge.
Sure, someone determined could storm the place (it's not a military facility or anything like that) but that's hardly a subtle "nobody will ever know" approach.
(And yes, I work for a company that retransmits TV signals ... although I don't have access to the feed.)
Tell me again why we even need 'smart TVs' in the first place?
I'd rather spend the money on a basic TV with better picture quality and get the 'smart' part from what I connect to it (DVR in my case).
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Where are these tens of thousands of TVs in range of one RF transmitter? Isn't this like opening a garage door with a universal scanner? You might open one or two, but tens of thousands? Is this why Google is building satellite drones?
So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data.
No. They are actually overriding the DVB broadcast signal from the broadcaster and inserting malicious packets into the stream.
Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard.
All of the references to the "red button" on the remote are a distraction that can be confusing. The red button on your remote is simply a way that you can invoke or interact with the hybrid content in the broadcast stream. It has nothing to do with the actual attack and the embedded content doesn't need to be actual interactive content.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Don't bother. Just read into his post:
all the AD insertion servers are password protected and also in locked racks that you have to get through first. Are you an uber haxor?
Like passwords are hard to get around, like they matter at all when someone has physical access, and like terrible three-dollar cam locks can stop someone with even a casual interest in security penetration. He is a buffoon that knows nothing of security and is not in a position to give meaningful advice on that subject.
But then Places like Comcast pay nearly minimum wage for the poor guys that do video conversion and upload, so if done late in the day the chance that they will just copy and call it done is high.
Sounds like that's the place to attack then - hand the minimum wage guy a USB stick and a bag of money.
Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television.
And for anyone wondering just why the hell anyone would want this, TFA clarifies:
Broadcasters and advertisers have been eager to use the HbbTV to target ads more precisely and add interactive content, polls, shopping and apps, to home viewers.
So let me get this right... "Punch the Monkey", coming to a TV near you? Flashing and bouncing "Take the "Which Ninja Turtle are you most like?" poll for a chance to win $1000!!!"? Malicious "Your TV isn't secure! Click here to upgrade!" ads that install some bullshit TV "app" that does only god-knows-what? Remote scripting running on a device designed without any security in mind, and which will probably never be updated during its 8+ year lifetime?
How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
http://www.fmuser.org/low-powe...
I quote "I have a USA customer use 5W fm transmitter with GP antenna in his hometown ,and he test it with a car, it cover 10km(6.21mile)."
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
I love how incredibly low IQ people like you actually think you have a clue.
It's cute, let me guess your mommy always told you that you were special.
Do not look at laser with remaining good eye.
Your place is a minority, a very well trained minority that is doing things right.
Very cool that some places are doing security right. Problem is do you run background checks for all contractors coming in? Because your security will have to let outside contractors in the door without security passes eventually.
Do not look at laser with remaining good eye.
When you say mW I presume you mean MW, mW is milliwatt.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Whoosh. No. When I said mW, I meant exactly what I said - milliwatt.
The OP mentioned a MW (megawatt) transmitter, which is hardly trivial.
"National Security is the chief cause of national insecurity." - Celine's First Law
So the attack is "easy" all one needs to do is re-program a DVB modulator (they grow on trees, right? For all the geeks here, I bet there are only a hansdull that have even seen a DVB-T modulator), and insert it into a stream that a TV is on, and that TV must be connected to the Internet (the article put the connected Smart TVs at 30%). So, taking over a city of 10,000,000 people would get a few hundred thousand TVs, and ad insertion was one of the worst case scenarios.
And the drive-by version blasting out the code will only work if someone is on and tuned to the station you are hijacking at that moment in time?
Yeah, I think I'm with the makers. The damage, if hijacked, is small. And the possibilities of hijacking are small.
Learn to love Alaska
The problem isn't that someone can inject a fraudulent signal that does bad things. The problem is that THE OFFICIAL BROADCAST SIGNAL can include code that does bad things.
Just because code is part of a TV broadcast doesn't mean you should trust it. Just because code is part of a TV broadcast doesn't mean it should be able to hijack your stored internet credentials and automatically log into your account on any website, and take actions on those websites as if they were you, modify the content you see on those other sites, shouldn't be able to log into your web accounts as you, scan and phone-home a copy of all of your personal information accessible on that account. It shouldn't be able to spy on your activity and report it back. It shouldn't be able to scan and attack other devices on your home network.
Fucking asshats. They design a system with forty-two layers of DRM-enforcement security, but any signal that's part of the broadcast is given automatic authority to do anything it wants, given overriding authority against the TV owner's privacy and security.
What ever happened to products designed around the wants and needs and interests of the buyer, so that people will want to buy your product rather than your competitor's? These pieces of shit are obviously designed to serve and protect broadcasters, regardless of the owner's interests.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I can use a cheap, low powered transmitter to get his TV to download child porn, get out the pop corn and wait for Internal Affairs to raid his house?
The CATV head-end I've been in had local commercials, and local override. So you could insert just about anything, in designated spots. That's how you get those bad local commercials. If nobody buys those spots, they run low-paying national commercials. Or national commercials that don't apply in that area (some national chains don't have universal coverage, so they want 80% coverage with their commercials, and it's up to the local areas to sell over their last 20%).
But, as you say, the coding for this couldn't be inserted in a show or commercial, but would require a compromised encoder inserted in the stream.
Learn to love Alaska
I managed the Cable TV systems for commercial insertion for 10 years, so tell me again how easy it is to swap a TV commercial?
I've worked CATV too, and the commercials were stored on tapes, at least on the systems I worked on back when I did it. It was as easy to swap a TV commercial as ejecting a tape from a VCR and replacing it with a properly queued version.
Just swap a TV commercial..... That's Hilarious, this is not 1993 when you had racks full of video tapes for the TV commercials.
Nope. They still had racks of tapes for smaller markets in the last 5 years. Many are hand-me-downs from the 1993 systems you refer to.
But does any of that matter. The attack requires coding that's above the level accessible inside the stream.
Learn to love Alaska
How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.
You really can't as far as I can tell.
I bought a TV for my mother last Christmas. It was impossible to find one that didn't have some kind of "smart" capability. She had no interest in any of the "smart" functionality (no netflix and doesn't browse youtube.. which was pretty much the only 2 useful things it could do), so I just never set it up for network access and disabled as much as I could.
You are very rude. Shame on you!
Snatch it back and hold it!
If/when I ever get a new TV, it'll be hooked up via HDMI to the XBMC video server I'll get around to setting up. No ethernet to the TV, that's just asking for trouble. But, of course, I'm an aging curmudgeon and I do things like that. :P
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
Of course you can! You're just looking in the wrong place. The TV's you want are labelled "Computer Monitor".
The Red button can be useful IFF there is no network connection at all (preventing most of the crap). For example, on DirecTV you can pull up sports scores, weather for your location, and such.
But over the air with a network connection? I agree with you, DO NOT WANT!
I notice they seem to have put plenty of effort into DRM in the spec to protect content providers, and none into security that would protect the owner of the TV.
And cable, and satellite.. dont forget those boxes we now have to rent again to get our video feed ( the real reason for moving to digital TV,, but that is a different subject ) are in effect a smart TV... THEY control what your set gets to display to you..
Now what i dont know, is: Do these 'receivers' have this technology yet? If not, its a matter of time.
---- Booth was a patriot ----
Another effective mechanism, is to Decline the privacy policy. According to a recent Slashdot post, that disables pretty much every smart feature the TV has.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
i think this statement misses a broader picture.
DDoS from 20,000 televisions from an http inject is hardly dangerous imb
how about get/post http://192.168.1.1/admin.cgi
zZz
zZz here again,
possibilities of hijacking are small??
tuned to the station you are hijacking at that moment in time???
pffft, go big or go home imb again
if you're targetting a city target a city - eg. every major channel in that city sequentially.
All we need is a molly-guard!
"Nationalism is an infantile sickness. It is the measles of the human race." -Albert Einstein
I work for a small TV station. They actually do pay minimum wage. They actually don't spend any money on buying new equipment - we've had precisely one new piece of (non-computer) equipment since I started there more than 5 years ago. Right now, we run most of our broadcast material from MPEGs on a second hand server. Our news stories are still run from tape, but one of our decks broke months ago.
Most of our computers are at least 10 years old, a couple of them are closer to 15 years old. They are barely capable of doing the tasks put to them, except for the newest (which is the only new computer we've got) and some second hand Macs.
Our security is completely pathetic. The front door is wide open from 9am until the last person leaves. It would be trivial to enter the place and modify our broadcast MPEGs.
We go into quite a bit of detail for contractors, company as well as the specific person that will come to us. And you don't get past the entrance without a security pass. Even with, as an "outsider" you will have your "personal assistant" with you. That's our wonderful euphemism for the shadow that will stay with you for your whole visit and watch every single move you make.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Lumpy is right though... the person he responded to is so full of shit that when he was a kid, neighborhood cats kept trying to bury him in the sand box.
Fantastic! It's a breath of fresh air to hear of a place that takes security seriously instead of just treating it as theater.
Do not look at laser with remaining good eye.
Meatspin is already animated...
Great, you hijack every TV in a city, what can you do with it? My smart TV has just enough processing power to play encoded streams, and no more. It won't mine bitcoins or such, and so far, every "attack" I've seen is wiped when the TV is turned off, so you'd get a tiny percentage of the TVs, and not much you can do with them. That's why nobody would do it.
Learn to love Alaska
How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.
You really can't as far as I can tell.
You still can, though it might depend on what size of TV you're looking for. I'm in the market for a new TV right now, and I've noticed that Costco carries "dumb" TVs up through the 40" range. There are both smart and dumb sets at 40", with the dumb sets being about $75 cheaper.
But yes, if you're looking for a large set you may have a hard time avoiding them at this point.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
TFA mentions NTSC. "t’s on the verge of mass adoption in the U.S. as it was recently added to NTSC standards used in North America." NTSC was the obsolete low-def video format that's no longer used. It's DEAD. HDTV is the ATSC standard. These *TSC acronyms are mutually exclusive. So right off the bat, the article is on shaky ground.
This "hack" seems like an uncommon scenario, as top-of-the-line "smart" TVs tend to be owned by relatively affluent and as such, the cash-stocked user is probably watching cable, satellite, or streaming signals which they can well afford to use.
The people most likely to use an antenna are also the ones least likely to have a smart TV. They might even still use one of those converter boxes.
Anyway, my TV is modern but stupid. I use a Roku and a satellite box. Never use the antenna directly -broadcast TV channels offer no content that interests me in any way whatsoever. So this is just one more reason to never watch that crap.
Sig for hire.
When are modern TVs ever truly "off", though? The screen may be off, but the rest of the internals are still working away...
For large dumb LED TVs, try Sears or Dell. I got a 60" Samsung for my parents last year for $800 on sale.
As far as I can tell with mine, it's as "off" as a computer in standby. That's as "off" as anything gets these days.
Learn to love Alaska
i think this statement misses a broader picture.
DDoS from 20,000 televisions from an http inject is hardly dangerous imb
how about get/post http://192.168.1.1/admin.cgi
zZz
They also don't bother to make it clear that this is about over-the-air BROADCAST TV. If you're not tuned to an OTA channel, for example anybody using a cable/satellite service, etc. then your "smart" TV isn't even checking the signal. The attackers will have to use comm gear which is capable of fully over-powering an existing OTA channel to the point where the data stream isn't rendered garbage, or targetting an unused channel and hoping that someone is sitting around randomally tuning to empty space.
And you have to also have your "smart" TV connected to an internet connection (WiFi or ethernet)
Sure, in some targeted examples you might be able to trick a few people's TV's into hitting their LAN, and feeding data out to a remote site. So I do agree it's something that needs addressed. But it's hardly the doomsday scenario many are playing it up to be. The story also includes prominent use of the current buzz-scare word "DRONE" OMG OBAMMA GUNNA DRONE US ALL to whip up some extra fear, but in almost any real-world scenario an attacker would just use a directional antenna from a nearby location where power sources are more available, and where it's easier to escape notice.
http://www.fmuser.org/low-powe...
I quote "I have a USA customer use 5W fm transmitter with GP antenna in his hometown ,and he test it with a car, it cover 10km(6.21mile)."
It needs to be powerful enough to completely "drown out" the existing broadcaster's signal, or else you end up with two digital signals mixed together which will result in pure garbage receive by the TV.
1. People are going to notice this. Not just consumers, but broadcasters, the FCC, airports, etc.
2. You're not going to strap that kind of rig to a fucking "drone", or get enough coverage from a "drone" even if you could.
3. It's going to be a lot easier and more realistic to infiltrate the actual local broadcaster, either by using a physical assault or by planting/bribing an employee.
4. It's still only going to affect the people whose smart TV's are currently tuned to THAT channel.
5. The only way this would be reliably effective while also having any chance of avoiding detection, is when used in a highly targeted scenario. In which case it's probably going to be cheaper, faster, and easier to just hack their fucking WiFi access point. And I would hazard a guess that the number of people who are actively watching an OTA TV program who also have WiFi aren't that high to start with.
Is it an issue? Yes, of course. Is it a huge issue? Not particularly.
If you're an extremely paranoid person, with a smart TV who watches over-the-air broadcast, then take steps to secure your internal network. If you're not that tech-savvy, then either don't buy a smart TV (preferred solution), or don't watch over-the-air TV.
I've worked CATV too, and the commercials were stored on tapes, at least on the systems I worked on back when I did it
Almost all providers take those tapes, and digitally encode them. Then the ad assets are loaded over the network to whatever regional/local insertion equipment is actually put them "on the wire".
But that would still only affect the cable set-top-boxes, not the TV.
And in reality it wouldn't affect the STB's either because the in-band signalling is inserted onto "the wire" in a different fashion. BUT even if we ignore reality and pretend like you could somehow get that hidden in-band signal all the way to the cable/sat box... that's as far as it would get.
The issue is that the digital OVER THE AIR broadcast format has the capability of doing in-band signalling- it's not "part of the picture". It doesn't get preserved as part of the video feed after the tuner decodes it. So it will only affect a smart-TV being fed by the OTA tuner, and only one which is currently tuned to that particular "station". (And which is in turn connected to a vulnerable network, but that's another discussion)
IT techs of whatever sort dont tend to be minimum wage, and the new hireds generally arent trusted with access to the sensitive stuff.
Not sure why people feel the need to post about how the system works when they have no clue.
Don't bother. Just read into his post:
all the AD insertion servers are password protected and also in locked racks that you have to get through first. Are you an uber haxor?
Like passwords are hard to get around, like they matter at all when someone has physical access, and like terrible three-dollar cam locks can stop someone with even a casual interest in security penetration. He is a buffoon that knows nothing of security and is not in a position to give meaningful advice on that subject.
If you think gaining access to a restricted server room, breaking into the correct rack, and doing anything to the server blade without a LOT of attention then I would submit that you have exactly zero knowledge of how such systems operate. Tampering with a live production system is a completely different universe from cracking some random user workstation.
And despite all your efforts, none of it would matter, because the idea of hiding the control signal in an ad is wrong to start with. It won't do anything at all, the in-band control isn't signalled as part of the video feed, it's inserted by a different piece of hardware entirely, which occurs after the ad reel is combined with the regular feed. And getting into THAT box is an even more difficult task, for reasons you most likely wouldn't understand and which are too complicated to bother getting into right now.
BUT even if you somehow got all that magic to happen, it still wouldn't matter because it's the set-top-box which listens to the in-band signalling, and a) it doesn't HAVE network capabilities like the smart TV's and b) doesn't pass-through any signalling to the TV either.
In fact, all of that is a moot argument because this vulnerability is about the in-band signalling in the over-the-air TV signal, which is not "part of the video stream", it's only paid any attention by the TUNEr on the TV, which is only used for antenna signal input, and it's not "embedded" in the actual video feed at all.
And broadcast stations don't generally encode the signal (to DVB) until the last moment. So the content couldn't trigger the attack, but it'd have to be done at the transmitting station. I'm sure they have alarms on the buildings, but that wouldn't stop someone from breaking in, swapping the encoder for a compromised one, and running away to do it again later.
Learn to love Alaska
That's a fairly sane approach to the problem at hand. One thing you should make mandatory for such events, though: There must not be any negative consequences for you for forgetting your badge. Well, other than your manager maybe not really enjoying to be called out of a meeting to pick you up at the entrance, but I actually made sure it's part of the security protocol that there MUST NOT be any kind of "official" negative impact.
The reason is simple: If there was, the worker will try to avoid this. He will try to delay reporting a mistake for as long as he possibly can, hoping that he will find a solution that does not require him to report it at all. And the very LAST thing I need is someone losing his access card and NOT reporting it instantly because he hopes he forgot it at home or in his car, because he is afraid of a negative mark on his record.
OTOH, not reporting an incident immediately is grounds for very severe consequences, up to instant termination. The first question you will be asked when reporting something is "when did you notice it". And your answer better be "just before I reported it".
It took a surprising amount of effort to actually put that into action and make it a mandatory part of our security procedure. It seems managers like to punish people for making mistakes but don't care about them not reporting them.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
i.e. a 1MW transmitter used to infect a rather small area
Um, one megawatt could be used to hack a 'small area' like the entire United States. Perhaps you're thinking of a 1 mW (milliwatt) transmitter?
with all those acronyms and abbreviations, I have no idea WTF you're trying to tell me..
The TS most likely re-written on final broadcast. If it is going out OTA, then the transmitter will repack the data as ATSC, regroom the MPEG2 content, and rewrite the PAT at the tower (usually with a custom PID for each video stream, a PID for DATA, etc, to make it consistent at the viewer's side). So changes are low there.
Since most CATV providers require a STB, very few TVs are using the ClearQAM streams directly (usually encrypted streams that require an handshaked box). Those very few that are using a CableCARD or equivalent are probably in such a minority you might not even want to bother. Oh, and the streams are re-packed when they are encrypted so garbage data is probably removed at that point.
Oh, and good luck "just walking into a CATV headend and replacing commercials." Every CATV headend that I've seen (including the one I run), don't store the commercials there, let alone have any way to change them. Those are usually controlled up-stream in some no-name office remotely then muxed or pulled in by the groomers or stat-muxers (depending on how they are setup).
Good commentary but rather superficial and obvious.
So let me get this right... "Punch the Monkey", coming to a TV near you? Flashing and bouncing "Take the "Which Ninja Turtle are you most like?" poll for a chance to win $1000!!!"? Malicious "Your TV isn't secure! Click here to upgrade!" ads that install some bullshit TV "app" that does only god-knows-what? Remote scripting running on a device designed without any security in mind, and which will probably never be updated during its 8+ year lifetime?
Yea don't you love it when some asshole with a MBA in Marketing designs technology. This protocol would never get by the first sniff test with anyone with any knowledge of Information security.
Not long ago I when TV shopping (the magic smoke left my other one in an amazing flash of light and noise) the sales person was touting the new amazing "smart" TVs. I told her no and as basically looking for a big monitor. She tried to tell we all the things like go to my facebook account and talk with my friends. "But lady I don't use facebook" I could interact with the ads! "Lady I mute the friggin ads" I then explained "Mam I have a smart box that I built myself that I coutrol and monitor. I have the ability to apply security updates to the system and control who and what compinies have access to it. I just need something to display the output."
I've read that some of these sets will not work if the camera it taped over. Well here we are welcome to 1984. Owerwell was just 30 years off thats all.
Remember interactive ads are Doubleplus Good!
tl;dr -- It's not as big of a deal as the TFA makes it out to be. The vector of attack is incredibly small, very well protected and requires a very specifically trained person with very trusted access to do. And the result would be that all they get is a webpage to pop up on a TV, that is turned on, that is tuned to that channel, and has the viewer's attention. Oh, and is on OTA.
I'd imagine a larger metro like Chicago you might get a few dozen people at most to be in this category.