Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Thursday March 30 2017, @08:49PM   Printer-friendly
from the not-even-couch-potatoes-are-safe dept.

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.

The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks.

Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. Other attacks relied on social engineering, meaning attackers had to trick users into installing a malicious app on their TV.

Even the mighty CIA developed a hacking tool named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But despite its considerable human and financial resources, the CIA and its operators needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations.

Because of the many constraints that come with physical and social engineering attacks, Scheel didn't consider any of them as truly dangerous, and decided to create his own.

Source: BleepingComputer


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Thursday March 30 2017, @09:01PM (11 children)

    by Anonymous Coward on Thursday March 30 2017, @09:01PM (#486745)

    I long for the days when systems of any sort were not integrated messes of somebody else's poor design, but rather cobbled together through independent, discrete, replaceable components. THAT is how computing should be.

    Now, you've got to stuff your life into some corporate bean-counter's Vogonic view of reality.

    I hate you all. ALL OF YOU!!!!111

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 4, Interesting) by bob_super on Thursday March 30 2017, @09:06PM (9 children)

    by bob_super (1357) on Thursday March 30 2017, @09:06PM (#486747)

    They also had a real on/off switch, which was impossible to bypass remotely.
    We can't have those anymore, because people can't wait 1 minute for the system to boot the excessively complex software stack...

    I plug a lot of my stuff in extension cords with power switches, to reduce "off not off" power drain. That makes my toys pretty poor participants into botnets.

    • (Score: 4, Informative) by LoRdTAW on Thursday March 30 2017, @09:39PM (6 children)

      by LoRdTAW (3755) on Thursday March 30 2017, @09:39PM (#486757) Journal

      Many have the option to disable the standby mode. My dumb Sony TV takes about 15 seconds to boot and my old dumb Westinghouse takes about 10 with standby turned off. Though, they still have a slight parasitic power draw at idle of a few watts. This is because the power supply is still on and supplying the circuitry for listening for the buttons/remote (I'm sure you knew that, just pointing it out for others).

      Using my little kill-a-watt the older Westinghouse burned an inconceivable 16 watts at idle and my Sony less than 10 (I forget exactly). I would be paying a little over $2/month just to let my TV turn on in two seconds instead of 10. Completely absurd. At idle it still sucks down about two watts which like you, I tame with a power strip. Now a home with three or fours TV's, various appliances with clocks and electronics always ticking, phones chargers, I can see people throwing away $20 + per month on electric.

      • (Score: 2) by maxwell demon on Thursday March 30 2017, @09:53PM (4 children)

        by maxwell demon (1608) on Thursday March 30 2017, @09:53PM (#486766) Journal

        A true off switch has no circuitry that needs to be powered. That "listening to remote" mode formerly was called "standby" (and I continue to call it that, no matter how hard the industry tries to convince me that it is"off"). A true off switch physically cuts the power, and can only be operated mechanically.

        --
        The Tao of math: The numbers you can count are not the real numbers.
        • (Score: 2) by Scruffy Beard 2 on Thursday March 30 2017, @10:01PM (3 children)

          by Scruffy Beard 2 (6030) on Thursday March 30 2017, @10:01PM (#486771)

          The old TVs also had tube heaters to let the tube come up faster. Without them, you are waiting like 10 minutes for full brightness (or maybe that is just for failing second-hand TVs).

          • (Score: 2) by maxwell demon on Thursday March 30 2017, @10:12PM (2 children)

            by maxwell demon (1608) on Thursday March 30 2017, @10:12PM (#486775) Journal

            Well, I've had experience with an old B/W TV with tubes from the early 70s (which for a while I used for my computer so I wouldn't block the family colour TV). While it took its time to switch on, it certainly wasn't anywhere near ten minutes (I plugged it in only for use, so there's no way it could have pre-heated the tubes).

            --
            The Tao of math: The numbers you can count are not the real numbers.
            • (Score: 2) by urza9814 on Friday March 31 2017, @06:20PM (1 child)

              by urza9814 (3954) on Friday March 31 2017, @06:20PM (#487215) Journal
              Well, I've had experience with an old B/W TV with tubes from the early 70s (which for a while I used for my computer so I wouldn't block the family colour TV). While it took its time to switch on, it certainly wasn't anywhere near ten minutes (I plugged it in only for use, so there's no way it could have pre-heated the tubes).

              Probably a matter of build quality and cheap components. Ten minutes actually sounded a bit conservative to me, as I've seen more than one late 90s Sony CRT where you could almost watch (well, *hear*) a full 30 minute program before the picture reached full brightness! Although I definitely used some far older sets that didn't have that issue too. Probably because you could get a lifetime warranty on a TV in the 70s, but by the late 90s they were practically disposable...

              • (Score: 1) by toddestan on Saturday April 01 2017, @04:59AM

                by toddestan (4982) on Saturday April 01 2017, @04:59AM (#487483)

                A modern CRT in good working order should be at full brightness in 15-30 seconds or so. Older TVs (those that have tubes besides the CRT itself) could take a couple of minutes which is why some of them had the "tube warmer" to reduce the power-on time to a few seconds, with the cost of the constant energy draw by the tube warmer. Though my guess is the tube warmers also reduced some of the thermal stress on the components which may have lengthened the life of the TV, which back then was a significant investment, so perhaps the cost isn't as bad as it might seem at first glance.

                I remember those Sony TV's like you describe. I forgot the exact details as it's been a while, but you could restore them to working order by soldering in some new resistors on the circuit board attached to the neck on the CRT. It was more of a band-aid as the issue was a was a bit more complicated than that and the TV would eventually get wonky again, but the fix could potentially last a while and some of the TV's I fixed that way were still doing fine all the way up to when their owners decided to replace them with a LCD.

      • (Score: 2) by mcgrew on Friday March 31 2017, @05:57PM

        by mcgrew (701) <publish@mcgrewbooks.com> on Friday March 31 2017, @05:57PM (#487198) Homepage Journal

        I'm old enough to remember when every TV took a full minute to come on, because it took that long for the "picture tube" (as well as the other tubes) to warm up. So I'm in no hurry.

        --
        mcgrewbooks.com mcgrew.info nooze.org
    • (Score: 2) by fido_dogstoyevsky on Thursday March 30 2017, @10:29PM

      by fido_dogstoyevsky (131) <axehandleNO@SPAMgmail.com> on Thursday March 30 2017, @10:29PM (#486784)

      ...people can't wait 1 minute for the system to boot the excessively complex software stack...

      I don't know... turn on TV, turn on DVD player, go make a cup of coffee and sit down - TV booted up, prefilm dross that you paid for on the DVD finished, watch movie (unless you've got a customised DVD without the crap - in which case you still need to make the coffee).

      Or vote with your wallet, and refuse to buy a "smart" TV (and an encumbered DVD) - even if it means going without.

      --
      It's NOT a conspiracy... it's a plot.
    • (Score: 2) by mcgrew on Friday March 31 2017, @05:32PM

      by mcgrew (701) <publish@mcgrewbooks.com> on Friday March 31 2017, @05:32PM (#487186) Homepage Journal

      A TV without a wifi password or ethernet cable isn't easy to use in a botnet, either. I won't give my TV my wifi password, and make sure I shut off all my computers before watching Hulu or Netflix on it. I suppose the attacker could give it access to its own hotspot, but they'd have to be parked in my driveway to do it.

      --
      mcgrewbooks.com mcgrew.info nooze.org
  • (Score: 2, Interesting) by marknmel on Thursday March 30 2017, @10:39PM

    by marknmel (1243) on Thursday March 30 2017, @10:39PM (#486790) Homepage

    Cobbled together? I think not. This is a system of an intentional design with plans to be abused by the manufacturer and by foreign government actors.

    I had the opportunity to purchase smart TV'a when I replaced the tubes a few years ago. My friends thought I was foolish for buying "last year's models". I figured I would make my dumb TV's smart by adding my own Ethernet connected box, sans microphone and camera.

    Clearly these shenanigans were foreseen.

    --
    There is nothing that can't be solved with one more layer of indirection.