About 90% of Smart TVs Vulnerable To Remote Hacking Via Rogue TV Signals

An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

Daddy was Right

[turkeydance]

the TV is watching you

Re:Daddy was Right

[Tablizer]

the TV is watching you

"1984"

It's as if the IoT was a really bad idea

[WillAffleckUW]

And almost as if the actual people who created the Internet had told you it was a bad idea, but you ignored them.

Are you happy now?

Re:It's as if the IoT was a really bad idea

[irving47]

This is worse than that... Just because I bought a smart tv didn't mean I had to have it hooked to the internet via ethernet or wifi...

100% are vunerable to the shmucks that sold them

[gurps_npc]

When someone wants to put an always on microphone in your home, the proper response is "How much will you pay me for the privilege of spying on me?"

Any other response is just stupid.

Hypothetically speaking...

[Daetrin]

I am certainly not advocating that anyone do this, because it would be illegal! But in _theory_ could you use this hack to brick susceptible TVs or in some other way interfere with their normal functionality rather than secretly using it to spy on the owner or add it to a botnet?

And if you (in theory!) did that, would the manufacturer then have to "repair" the suddenly "malfunctioning" TV under the standard warranty since the issue wasn't due to anything the consumer did?

And if this happened (hypothetically!) to enough TVs, between the repair costs and the bad publicity wouldn't the TV manufacturers have to start taking security seriously instead of fobbing the risks of insecure devices off onto the commons as they currently do?

Re:Hypothetically speaking...

[vtcodger]

Good questions. Based on prior experience, the answers are:

1,. YES, you can use this vulnerability to brick a TV
2. YES, the manufacturer is legally liable
3. NO, the manufacturers will not have to take security seriously. There is no force in the known universe capable of forcing a typical IOT vendor to take security seriously.

Re:Hypothetically speaking...

[vlad30]

There is no force in the known universe capable of forcing a typical IOT vendor to take security seriously.

Except the bottom line companies will do anything to keep those numbers positive even start testing their products e.g. samsung

Re:100% are vunerable to the shmucks that sold the

[NoNonAlphaCharsHere]

Any other response is just stupid.

I don't think that's quite true. As alternatives, keelhauling and/or drawing and quartering spring to mind.

No mention of ATSC

[Fly+Swatter]

I'm not saying US sold tvs are safe, but this is 90 percent of european DVB-T/C based sets. So not really 90 percent of the 'smart tv' market. The summary also adds the advertisers' delightful 'potential' qualifier. So basically it's like the 'save up to 90 percent' type lie^^^^^h logic.

Re:No mention of ATSC

[DewDude]

Nope. This attack relies on some functions in the "Hybrid Broadcast Broadband TV" standard; which I don't think we're going to adopt. I don't see anything in ATSC 3.0 that seems like similar features. Not to mention I've not seen (or really looked) for ATSC transmission equipment; and the technology is new enough that decommissioned stuff isn't "out there" yet. When 3.0 goes live...there's a chance of seeing some of that stuff come out; but even then this type of attack wouldn't be possible. Plus the people who live in locations where the 8VSB signals perform very poorly would have an external signal source, being immune anyway.

Re:No mention of ATSC

[jabuzz]

Five seconds on google, first hit is a worldwide tuner chips from Silicon Labs for ATSC/QAM, DVB-T2/C2/T/C, ISDB-T/C, DTMB

http://www.silabs.com/products...

Even in the last days of analogue there was no such thing as an NTSC only tuner chip. They all did PAL as well. Anyway none of the chips on that web page do ATSC and or NTSC only.

Re:90% is high

[known_coward_69]

so this hack only works when the hacker spends a lot of his own money for no payback? how do i make money off this?

Vulnerable Devices?

[Chrontius]

Is there a list of what's compromised by this attack? Or perhaps, a list of things known to be unaffected?

Re: Vulnerable Devices?

[UnknowingFool]

Well if his claims are true, a shorter list would be TVs that aren't vulnerable. This attack is through the digital TV signal if I read it right which mean almost all TVs sold in the last 5 years. Older analog TVs should not be affected.

Re: Vulnerable Devices?

[zippthorne]

A list of TV's that are known not to be vulnerable, or a list of TVs whose vulnerability is not yet known? The first list is pretty easy. The Smart TVs that are definitely not vulnerable to hacking:

Re: Vulnerable Devices?

[green1]

Well that makes those TVs perfectly safe around here, because it's been at least 10 years since I've met someone who used the tuner function of their TV. If you're lucky, you'll pick up 3 stations over the air, and if you're using cable of any form you're using their box fed in to your HDMI or Component connections.

Re:100% are vunerable to the shmucks that sold the

[PPH]

Only members of the Inner Party can turn their telescreens off.

Paging George Orwell

[sehlat]

We have built your Telescreen! You failed, however, to predict that people would willingly PAY for them.

Re:Paging George Orwell

[kimvette]

Except, the idiots willingly attend their two minute hate, er, I mean, trump rallies.

US TVs protected

[Roger+W+Moore]

I'm not saying US sold tvs are safe

US TVs are protected by US TV stations which are so appallingly bad the only way to use TVs there is via Netflix or an equivalent service.

Translation

Translation: About 90% of smart TVs can be reclaimed by their owners. There's a way to get root and remove the vendor-installed malware.

Thats what i was thinking

[MrLint]

I wonder if this can be leveraged to somehow update the OS in my now abanndonware TV

Re:90% is high

[TWX]

We don't subscribe to cable TV, so ours is connected to the antenna.

But it's not connected to the Internet. That seemed like a terrible idea.

Glad I dont own a smart TV

[jonwil]

Every time I see some new report about smart TVs being hacked or spying on people or otherwise having problems, it makes me glad that my TV is a nice dumb 32" Samsung LCD.

"Editors"

[fyngyrz]

FTFS:

...which makes his work even more impressing.

...which makes his work even more impressive.

Slashdot, would you people please hire someone competent to write/edit English summaries?

Thank you.

Re:"Editors"

[msauve]

I also find it surprising that this attack on DVB-T based TVs makes "about 90% of Smart TVs Vulnerable." Do China (which uses DTMB), the US, Canada (which use ATSC), Japan and South America (ISDB) and others who don't use DVB but represent over 25% of the world's population, only have 10% of the world's smart TVs?

Re: "Editors"

[fred6666]

and aren't most tvs not connected to an over the air antenna anyway? Lots of people on cable, satellite, or Netflix

Re: "Editors"

[msauve]

BeauHD is the new timothy.

Why Buy a TV Anymore?

[BoRegardless]

Come on now. We can drive large screens & run entirely off of an Internet connection.

We know computers can be hacked, but they can also be turned off & various tools can tell us if suspicious data is going out of our computer and stop it.

Seems like we need to simplify our data devices.

Re:Why Buy a TV Anymore?

[AHuxley]

The CIA likes the idea.
A smart TV that did not need network access to place the code.
Re "suspicious data is going out of our computer"
A person would have to enter the room, access and alter the smart TV, wait for a recoding, a person to collect the data later. No need for the data collected to be networked out later. No network code litter to alter the smart TV, no code litter left in the smart tv later, no changes to any network.
The idea been no network had to be entered to alter the smart TV. No code litter on any network, no need for very strange listening devices in the room.
What new methods could offer is the room change issue. Alter all rooms smart TV's? Just the guests expected to have interesting conversations?
The ability to quickly alter a smart TV in a room that was an unexpected meeting place?
Too late for a human to enter and alter the smart TV, any network code litter might expose the entry attempt, but a new way exists to alter all smart TV's if needed.
The part the CIA liked was the "they can also be turned off " did not work. The smart TV seemed like it was powered off but it was an always on live mic.
CIA Chief: We’ll Spy on You Through Your Dishwasher (03.15.12)
https://www.wired.com/2012/03/...

Re:Why Buy a TV Anymore?

[green1]

43" 4K TV $379.99 (by the way, 43" was actually the smallest TV I could find at the major electronics retailer)
43" 4K Monitor $999.99 (same store, 2 aisles over)
Both of these are the cheapest I could find, average for the 43" TVs was about $430, Most of the 4K monitors were much smaller but even the 30" ones were $999.99 - $1749.99

yeah... no wonder people buy TVs instead of monitors!

Re:Why Buy a TV Anymore?

[green1]

Of course there's nothing saying that you need to connect it to the internet (or in this case to broadcast TV signals)

Author is high

[TiggertheMad]

While the article is a little short of details (Did I miss a link to the whitepaper?), the 90% seems like misleading sensationalism. TFA mentioned that the attack is carried out via HbbTV signals and I think the intent was that 90% of TVs sold in recent history support this method of data transmission, hence the '90% vulnerable' claim. Of course, the author is probably aware that inflated and hysterical claims generate more traffic.

That doesn't mean that 90% of tvs are carrying 0 day vulnerabilities, but given the state of IoT security, I wouldn't be surprised if they all had some forms of bugs that could be exploited. I would think that this problem could be mitigated by simply disabling HbbTV capabilities and plugging into coax. I am not a TV technician, if you are, please jump all over this post and call me stupid for suggestion such a silly idea.

Smart *something* is vulnerable, rain is wet...

[XSportSeeker]

The CIA and the TV manufacturers are already watching you fap, why not open the priviledge to others?

My smart TV was obsolete within months

[HighPerformanceCoder]

My smart TV was connected to the internet only during the first months of its operation. The manufacturer did not update any of the apps, and the ones supplied were not interesting. So I have now left the TV unplugged.

So I bought a Chromecast, and plugged it into a spare HDMI socket. So for an extra $50, I had a true smart TV, one that works on WiFi leaving my ethernet cables I pulled through the walls obsolete. Now it looks like I dodged a bullet with respect to this security vulnerability.

Chromecast is not the only option - there's a variety of similar products around. And if one gets dropped by it manufacturer and has a security vulnerability, its simple and cheap to replace with a competing product. No need to lay out big bucks buying another "smart" TV.

Re:My smart TV was obsolete within months

[110010001000]

Pretty cool. Except now Google is spying on you and selling all your information. You only paid an extra $50 to get all that.

Re:My smart TV was obsolete within months

[Cramer]

I keep mine disconnected because the idiots at Visio give you zero control over system updates. There's no way to check for an update. There's no way to say no to an update. You'll be watching TV and *poof* the TV reboots and takes for bloody ever to return to action.

My guess is this is done on purpose.

[Nyder]

My guess is this is done on purpose. It would of been a nice backdoor for some spy agency. I mean, who would think of using Digital Air TV to gain access to a tv? Well, besides the person who found it and shared it with the rest of us.

Old news and counter measure are on their way

[ElRabbit]

This "super hack" was already demonstrated two years ago ... Look like someone is looking for fame here. DVB already finished and is on the way of publishing some specifications to mitigate this risk by signing all signalization tables and make this kind of "drive-by" attack via cheap devices impossible. Just have to convince TV maker to implement it now ...

I'm good, thanks.

[nospam007]

10%er here. My Samsung TV isn't connected to cable nor DVB-T nor the internet, just to my uTorrent machine.

Re:90% is high

[Mike+Frett]

It's built inside of the TV. Just like Mobile Phones have their Antenna on the inside now.

Mitigations

[The-Ixian]

I am thinking that there may be nothing I can do to prevent the "smart" television's tuner from accepting a broadcast signal, but what about these ideas for mitigation:

1. Uninstall web browser app if possible
2. Whitelist Netflix or whatever streaming services and block all other web traffic to television
3. Keep television unplugged from ethernet, don't configure wifi and just use an external streaming device

LG EULA

[hAckz0r]

I bought a LG TV a number of years ago and during a firmware upgrade I was presented with a EULA. Being curious as to why I needed to click-yes for anything I read through the "agreement" which was quickly rejected hands down. The wanted me to agree that they could watch and listen to us in the room and provide aggregated information back to companies collecting/compiling the ratings for shows. The TV has the ability to load programs for games and additional internet content which can not be used unless you buy into the anti-privacy police state utopia where anyone can tap into your life and find out what you are saying about the politics of the day.

.
Honestly, if Trump wants to know what I am saying about his performance he doesn't need to go talk to the Koreans (LG), he can just call me direct. I'm sure he has my number by now, due to the TV still sitting in my living room. I suspect the Government doesn't care about any EULA with the Koreans, and since my TV contacts LG periodically (over seas network connection) for updates, theoretically I'm already on the Government radar despite saying "no" to that EULA. Black tape over the lens, and epoxy in the microphone is all they will see and hear now days. If they want me to turn their "entertainment channel" again they will just need to ask nicely. Maybe I'll trade for one of those Russian channels they've got.

Re:LG EULA

[Blaskowicz]

They asked, I guess.
What if a household member or a random friend "accepts" the EULA, are you hosed forever? Can you take the consent back? (What if the TV was pre-owned?)
Seen that happen with youtube sometimes asking you to "consent" to vague stuff, people will click through it even though they're not using their own computer, desktop session or internet.
You can avoid or remove that consent window and still access videos, I don't know if anything different happens then.

Your TV might be at the danger of "attack by acquaintance clicking on an EULA to get rid of it". Could even happen in a business or other setting where any random person who gets to hold the remote might click on it, be it an employee, contractor, customer, passers by.
A conference room might have a cheap 65" TV or smaller they're using to cast documents to.

Re:LG EULA

[hAckz0r]

What if a household member or a random friend "accepts" the EULA, are you hosed forever? Can you take the consent back? (What if the TV was pre-owned?)

There is no telling if they even pay attention to whether you clicked through the EULA or not. The thing is, in order for their surveillance "feature" to work the TV needs access to the Internet. They need to stream the video and audio back to the mother ship for any voice-to-text or image recognition to figure out what you are doing during those commercials, etc. So the traffic would be quite evident on your network. Checking for software updates only takes a split second so the difference is many orders of magnitude.

Economically the processing of this data can not be inside the TV proper because the set would cost more than the competitors, and they would win, so off-loading the processing would be necessary. This might be low fidelity audio and slow page frame video snapshots for simply detecting motion. In the case of the LG an adversary would only have to get you to install an App (aka Android type app) for someone else to divert that traffic flow to their own processors.

Good luck with that. I have three routers, firewalls, and network monitoring to make sure nothing gets in/out I don't know about. I even have a DMZ for my voip. My TV is fed a single HDMI connector from a recording DVR which has full service to the network, but constrained to where even it can connect.

Could even happen in a business or other setting where any random person who gets to hold the remote might click on it, be it an employee, contractor, customer, passers by. A conference room might have a cheap 65" TV or smaller they're using to cast documents to.

Again, this depends on the internet access you provide to the device. Having onboard WiFi could be a very bad thing for a company, but most conference room monitors I know don't get direct access, but instead are controlled by a computer to display media/presentations. Its only as safe as the IT department is smart, so this gives a whole new meaning to having a Smart-TV?

Unplug the Ethernet cable

[jbrizz]

If the TV isn't connected to the Internet then it doesn't matter because there's no way to get the private data off the TV. Another reason to disconnect your smart TV.

Re:Unplug the Ethernet cable

[Blaskowicz]

You could be using a TV offline with the "old fashioned" broadcasts and USB media (drives and HDDs). This is pretty common, even on supposedly dumb TV - a dumb TV with H264 playback and recording etc. is a computer as well, see the original Raspberry Pi A for how their main chip might look like in terms of abilities.
You might even use a 50-year-old TV if you wish, with a small receiver for the latest DVB-T or similar, that also has a USB port for file playback.

Any of these might be hosed by broadcasts and write viruses to USB media.