Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Thursday March 30 2017, @08:49PM   Printer-friendly
from the not-even-couch-potatoes-are-safe dept.

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.

The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks.

Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. Other attacks relied on social engineering, meaning attackers had to trick users into installing a malicious app on their TV.

Even the mighty CIA developed a hacking tool named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But despite its considerable human and financial resources, the CIA and its operators needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations.

Because of the many constraints that come with physical and social engineering attacks, Scheel didn't consider any of them as truly dangerous, and decided to create his own.

Source: BleepingComputer


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday March 30 2017, @09:43PM (16 children)

    by Anonymous Coward on Thursday March 30 2017, @09:43PM (#486760)

    If you don't use its networking capabilities, why connect it to a network at all?

  • (Score: 2) by NotSanguine on Thursday March 30 2017, @10:14PM (15 children)

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Thursday March 30 2017, @10:14PM (#486778) Homepage Journal

    Why I (or anyone else) do anything, is a great question. One that's intrigued humanity since before the dawn of recorded history.

    For example, I have no idea why you bothered to post that drivel at all. Your "question" didn't really add to the discussion, nor did it elucidate anything.

    Perhaps you'll share with us? You may help to answer an ages-old question, friend. Do you even know?

    Beyond that, where did I say I connected it to a network? I said I blocked its access to the Internet.

    Granted, there are a variety of ways to do so. The best is not to connect it to a network at all. Although it is fun to run port scans and various exploits against any new toy.

    Actually, when i first got it, I did connect it to my network. Since I'd never used one of those fancy talking picture boxes before, I even tested some of the network functionalitly, as I'm interested in all kinds of newfangled gizmos.

    Then I monitored the traffic coming out of it to see what sort of crap was emanating from it. And there was a bunch of crap emanating from it, too.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    • (Score: 2) by takyon on Thursday March 30 2017, @10:23PM (14 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday March 30 2017, @10:23PM (#486782) Journal

      I said I blocked its access to the Internet.

      At least, that's what your TV, router, ISP, CIA, and NSA would have you believe.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by NotSanguine on Thursday March 30 2017, @10:32PM (13 children)

        by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Thursday March 30 2017, @10:32PM (#486786) Homepage Journal

        I said I blocked its access to the Internet.

        At least, that's what your TV, router, ISP, CIA, and NSA would have you believe.

        No route, no traffic. RFC 791 [ietf.org] is my friend.

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr
        • (Score: 2) by maxwell demon on Thursday March 30 2017, @10:35PM (11 children)

          by maxwell demon (1608) on Thursday March 30 2017, @10:35PM (#486787) Journal

          Which raises the question how you know there's no route.

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 2) by NotSanguine on Thursday March 30 2017, @10:47PM (10 children)

            by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Thursday March 30 2017, @10:47PM (#486792) Homepage Journal

            Given that I built this network myself, including the routers and firewalls and a variety of monitoring tools, along with 25 years of professional experience building and securing networks, I have a pretty good idea as to what traffic can and cannot do.

            If you're really that interested in how my network is configured, feel free to hack it. Or at least try to do so. Good luck with that.

            --
            No, no, you're not thinking; you're just being logical. --Niels Bohr
            • (Score: 2) by maxwell demon on Thursday March 30 2017, @11:04PM (9 children)

              by maxwell demon (1608) on Thursday March 30 2017, @11:04PM (#486800) Journal

              Who says that the route goes through your network?

              --
              The Tao of math: The numbers you can count are not the real numbers.
              • (Score: 2) by NotSanguine on Thursday March 30 2017, @11:25PM (8 children)

                by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Thursday March 30 2017, @11:25PM (#486809) Homepage Journal

                And so tell me, oh wise one. Is the disabled wireless on the smart tv hacking my neighbors' wifi now?

                Or is it invisible gnomes sneaking in to my house and connecting invisible cat 5 cables?

                Or perhaps the MIB are busting down the door and then zapping me with their forget-what-just-happened rays?

                Since you clearly have no idea what you're blathering on about, please do continue. If I didn't despise popcorn, I'd make some.

                --
                No, no, you're not thinking; you're just being logical. --Niels Bohr
                • (Score: 2) by takyon on Thursday March 30 2017, @11:26PM (1 child)

                  by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday March 30 2017, @11:26PM (#486812) Journal

                  Your smart TV - it has cell service! All you have to do is give it electricity and you're already compromised!

                  --
                  [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
                  • (Score: 2) by kaszz on Thursday March 30 2017, @11:31PM

                    by kaszz (4211) on Thursday March 30 2017, @11:31PM (#486815) Journal

                    Better cover the TV in insect net of metal. Or one has to open it..

                • (Score: 3, Informative) by maxwell demon on Friday March 31 2017, @06:07AM (3 children)

                  by maxwell demon (1608) on Friday March 31 2017, @06:07AM (#486953) Journal

                  So how is your phone keeping connection when you're not at home (and possibly even if you are)? Does it hack into WiFis you pass by? Are invisible gnomes connecting cables to it? Do MiB constantly follow you?

                  No, it has a small integrated antenna that keeps contact to the closest cell tower. Unless you've opened your TV and thoroughly checked, or actively searched for emissions of your TV for prolonged time, or you put our TV in a Faraday cage, or you're in one of those rare spots where absolutely no cell service is available, you cannot be sure that there's no connection.

                  Not to mention that if you'd be targeted directly, there may be other ways to use the normal TV hardware to generate signals that can be received from a receiver placed near your house. As this article shows, all they need is to send you specially prepared TV signals.

                  And no, it is not that likely that you personally are a target (at least as far as I can tell; I don't know you, so maybe you're actually a prime target for some reason). But the probability is high that someone somewhere is targeted in exactly that way. It's as with the lottery: For each individual the probability of winning is extremely small. Yet in most weeks someone wins the lottery.

                  --
                  The Tao of math: The numbers you can count are not the real numbers.
                  • (Score: 2) by NotSanguine on Friday March 31 2017, @12:05PM (2 children)

                    And no, it is not that likely that you personally are a target (at least as far as I can tell; I don't know you, so maybe you're actually a prime target for some reason). But the probability is high that someone somewhere is targeted in exactly that way. It's as with the lottery: For each individual the probability of winning is extremely small. Yet in most weeks someone wins the lottery.

                    You're generalizing from my specific use case. However, I was being quite specific.

                    I don't care about anyone else being targeted, unless they're paying me to secure their environments. Which I've done many times. Perhaps I could help you? Although, given your bad attitude, I would likely triple my hourly rate and mark up expenses at least 500% just for you. Let me know if you'd like to engage my services, friend.

                    And by the way, there are a variety of tools which allow one to quite easily identify both Wifi and cellular signals. Which I use with some regularity. How often do you do so?

                    --
                    No, no, you're not thinking; you're just being logical. --Niels Bohr
                    • (Score: 3, Interesting) by Hyperturtle on Friday March 31 2017, @04:51PM (1 child)

                      by Hyperturtle (2824) on Friday March 31 2017, @04:51PM (#487168)

                      I think he is being difficult to prove a point to others, not to irritate you

                      The point is, many people think they need only turn a feature off; much of the thread covered how the tvs and appliances nowadays are in a standby and not off mode, despite marketing calling standby modes a mode when the appliance is off.

                      He appears to be saying that to the common person, be certain it is doing as you expressed intent for it to do (not rat you out) because it may do what the marketing says on the tin it will do (no config no talking!) but that may not be what you (the general consumer) actually intended.

                      A good example is that android OSes, such as those on smart tvs, will still talk to 8.8.8.8 and 8.8.4.4 to report dns queries even if a specifically chosen alternate DNS is provided via static IP or dhcp assignment. It will go to your chosen DNS server IP -- but also report to google anyway even if it isn't intending to get a query response from those IPs--it's intending to report the query.

                      Not having a gateway will prevent that, or having a route further upstream to black hole it, or an access list, etc. But a non-adminstrative controllable connection will defeat IoT fencing.

                      And, to his point, a device like a cell phone has no such precaution available since administrative control of he network protocol on the ISP side is not easily managed by the consumer, nor filtered by the expert. It's like trying to block a cable modem from looking at what you let through your firewall to it--once it is vendor managed, it is no longer consumer configurable except for appearances if even that much is permissible.

                      Anyway, the last time I posted about this, a few people laughed at my tl;dr and that it wasn't feasible for this to happen; now there is an article on the front page. At least the discussion now is the right way to do it rather than denounce it as a liberal plot to deny capitalists their rightful income because of some paranoid lunatic with nothing better to do than fear advertising.

                      • (Score: 2) by NotSanguine on Friday March 31 2017, @06:08PM

                        Your points are both valid and insightful, turtle. Thank you.

                        You seem to be reading between the lines quite a bit as far as maxwell_daemon's comments. Perhaps further than is warranted.

                        As I pointed out, even cellular signals can be easily detected, even if they are not so easily blocked.

                        I suppose it's possible that some smart tv manufacturers are surreptitiously including cellular transceivers into their products on the off chance that someone will block access via their own networks. That seems rather unlikely, however, since most people will just plug their device in and, through ignorance (willful or otherwise), let the device transmit whatever it wants over their internet connection.

                        Given that few have the knowledge, skills and presence of mind to even consider how their data may be exfiltrated, I'm not so concerned about large-scale secret back channels being integrated into smart tvs. At least not yet.

                        Perhaps I'm not sufficiently paranoid. Then again, I haven't detected any cellular transmissions emanating from my smart tv.

                        --
                        No, no, you're not thinking; you're just being logical. --Niels Bohr
                • (Score: 2) by urza9814 on Friday March 31 2017, @07:20PM (1 child)

                  by urza9814 (3954) on Friday March 31 2017, @07:20PM (#487260) Journal
                  And so tell me, oh wise one. Is the disabled wireless on the smart tv hacking my neighbors' wifi now?

                  Or is it invisible gnomes sneaking in to my house and connecting invisible cat 5 cables?

                  Or perhaps the MIB are busting down the door and then zapping me with their forget-what-just-happened rays?

                  Since you clearly have no idea what you're blathering on about, please do continue. If I didn't despise popcorn, I'd make some.

                  So how exactly do you get a signal to that nice new TV of yours? Obviously it's not ethernet or wifi as you've said...is there cable or satellite service connected? Because as shown in TFA, that can be used to get the data through your network.

                  Maybe you're using HDMI? Well, they can use that to hack into your network:
                  http://www.ehacking.net/2016/07/exploring-vulnerabilities-in-hdmi.html [ehacking.net]

                  So maybe you use DVI? I've found rumors of possible exploits through HDCP code. Can't find any proof at the moment, but there's a data channel there so an attacker with sufficient resources could make it work.
                  https://security.stackexchange.com/questions/19007/vga-hdmi-based-attack [stackexchange.com]

                  Perhaps go all the way back to VGA? There's no known exploits that I can find, but there IS still an I2C bus that can certainly be used to transmit and receive arbitrary data, so it's possible in theory:
                  http://hackaday.com/2014/06/18/i2c-from-your-vga-port/ [hackaday.com]

                  Maybe your PC isn't listening to any of those channels...or maybe that's what the binary blob firmware is telling you at least. If you're truly paranoid, you'd better connect that TV via RCA jacks only...

                  • (Score: 2) by NotSanguine on Friday March 31 2017, @08:01PM

                    Yes, there are security risks associated with just about every technology.

                    Given the petabytes of extremely sensitive data I store in my home, I put a faraday cage around my town.

                    What's more, my property is patrolled by M1 tanks and riddled with anti-personnel mines [wikipedia.org].

                    Just in case, my air-gapped toaster has an extra air gap.

                    In an attempt to dispel any negative impact to victims of Poe's law, the above is snark.

                    Nobody except me cares what data I have. A determined hacker with a big enough beef against me (what that might be, I have no idea) could gain physical access to my home and do all kinds of nasty things. Given the actual physical barriers to that, it would be difficult, however.

                    State level actors (again, why they might target me I have no idea) have numerous other means to gain information about me, and don't really need to bug my house.

                    Script kiddies are pretty well handled already, IMHO.

                    And if any of the above really wants to gain access to my data, social engineering would be the best bet for success.

                    As for the TV, I don't want Vizio collecting data about my viewing habits, so I keep them from obtaining any information -- the steps I took to do so have pretty much immunized me from the hack discussed in TFA.

                    And if you're so concerned about it, go live completely off the grid. Don't forget to encrypt any letters you might send, and never, ever talk on a telephone! They're listening! What's more, those batteries you bought may be emitting low-level EM radiation to exfiltrate your precious data. So it's best not to use electricity at all. Let's be careful out there!

                    In the meantime, I'll go on with my life.

                    --
                    No, no, you're not thinking; you're just being logical. --Niels Bohr
        • (Score: 2) by kaszz on Thursday March 30 2017, @11:29PM

          by kaszz (4211) on Thursday March 30 2017, @11:29PM (#486814) Journal

          There's always the neighbor WiFi, RF energy modulation backchannel, IR sensor, microphone modem over ultrasonic etc.