Slashdot Mirror
Millions of Smart TVs Vulnerable To 'Red Button' Attack
An anonymous reader writes "Researchers from Columbia University's Network Security Lab discovered a flaw affecting millions of Smart TVs supporting the HbbTV standard. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to interact with any website on their behalf — Academic paper available online."
So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data. The client TV then automatically interprets the HTML from the transport stream metadata. Provided that the attack was successful, a bunch of TVs can for example be controlled to access a certain website through HTTP requests, causing a denial of service attack for that website.
I've been doing audits for a rather long while now. Few companies have sensors on their inside.
In other words, it will be easy to find out THAT something went on after the incident. Who did it, otoh, is an entirely different matter. You'd be surprised how easy it is to get into a lot of companies and move about unhindered with the right uniform and the "I belong here" attitude.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Heh. Well, I'm kinda proud of our security staff, they even sent a board member back (despite said board member ranting and raving about how he'll ensure the security person be fired) because he forgot his access card.
And yes, the board member actually demanded him to be fired. When I asked him if he really wants me to fire one of our guards on grounds of him doing his job and following the security protocol unlike a certain board member who expected and ordered the guard to break security protocol, suddenly he had to leave in a hurry... dunno why...
I LOVE working in a company where security trumps productivity.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
http://www.hides.com.tw/produc...
This is an USB dongle, you push TS stream into it. Bundled Opencaster software will build TS stream for you. Basically its a small Digital TV station capable of transmitting one mux.
* DVB-T version, will not work with ATSC TVs in US. Btw LOL US and your ATSC A/53 mpeg2 "hd"tv.
Who logs in to gdm? Not I, said the duck.
In this case, it's more like "Oh no, I've been inconvenienced as a direct result of someone else's negligent actions."
If the end result of TV manufacturers not releasing a more secure firmware for the affected models is your TV running malicious code that, say, simply bricks your TV, they should be liable for repair or replacement costs. If the result is that your TV ends up running code that hacks into your computer and steals your financial and personal details, they should likewise be liable for any resulting fraud and the cost of cleaning up that mess. In both cases, maybe a little something for the trouble, as well; it's best for society that we discourage purposeful negligence like this.
We're not talking about simply missing a TV show here; there are real and potentially damaging implications here.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Another effective mechanism, is to Decline the privacy policy. According to a recent Slashdot post, that disables pretty much every smart feature the TV has.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".