Slashdot Mirror

← Back to Stories (view on slashdot.org)

About 90% of Smart TVs Vulnerable To Remote Hacking Via Rogue TV Signals (bleepingcomputer.com)

Posted by BeauHD on from the remote-control dept.

An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

2 of 76 comments (clear)

  1. "Editors" by fyngyrz · · Score: 2, Informative

    FTFS:

    ...which makes his work even more impressing.

    ...which makes his work even more impressive.

    Slashdot, would you people please hire someone competent to write/edit English summaries?

    Thank you.

    --
    I've fallen off your lawn, and I can't get up.
  2. Re:No mention of ATSC by DewDude · · Score: 4, Informative

    Nope. This attack relies on some functions in the "Hybrid Broadcast Broadband TV" standard; which I don't think we're going to adopt. I don't see anything in ATSC 3.0 that seems like similar features. Not to mention I've not seen (or really looked) for ATSC transmission equipment; and the technology is new enough that decommissioned stuff isn't "out there" yet. When 3.0 goes live...there's a chance of seeing some of that stuff come out; but even then this type of attack wouldn't be possible. Plus the people who live in locations where the 8VSB signals perform very poorly would have an external signal source, being immune anyway.