SoylentNews is people
SoylentNews
from the not-even-couch-potatoes-are-safe dept.
A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.
The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks.
Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. Other attacks relied on social engineering, meaning attackers had to trick users into installing a malicious app on their TV.
Even the mighty CIA developed a hacking tool named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But despite its considerable human and financial resources, the CIA and its operators needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations.
Because of the many constraints that come with physical and social engineering attacks, Scheel didn't consider any of them as truly dangerous, and decided to create his own.
Source: BleepingComputer
(Score: 2) by KilroySmith on Thursday March 30 2017, @09:43PM (5 children)
I bought a TV this winter which was unfortunately a "Smart" TV. Not trusting it, I never connected it to the internet or gave it my WiFi password, thinking this would keep it offline.
With this hack, the TV can be hacked anyway, and has nothing to do all day other than sit there and hack at my WiFi password to try to get Internet access.
If I were a high-value target, my TV could setup an adhoc WiFi connection to any WiFi device it could hear, or set itself up as a WAP. Now the attacker only has to be within a half-mile or so, with a high-gain antenna, to use the TV as a spy device.
I hate technology. Bummer of a career choice I made.
(Score: 2) by Unixnut on Thursday March 30 2017, @11:16PM (2 children)
> Now the attacker only has to be within a half-mile or so, with a high-gain antenna, to use the TV as a spy device.
Half mile at worst. Back when the homebrew "Community wifi" networks were all the rage (always on internet was slow, and very rare), we could get reliable 11mbit/s links across 4km using home built biquad antennas. If we used re-purposed old satellite dishes we could do a good 10km.
If we only used a single biquad, and we had to go through your walls to get to the TV, it might limit us to 1-1.5km. With fancier setups we could probably do better.
I believe the record stood at 120km done by a university team, but they used off the shelf signal amplifiers as well.
So yes, an issue, not to mention that if they compromised multiple TVs within that half a mile, they could essentially build a mesh network, and have multi-hops to get to your TV. In fact in urban areas you could build an entire mesh of compromised smart TVs, and then just siphon of what you want from where.
(Score: 2) by kaszz on Thursday March 30 2017, @11:26PM (1 child)
Once the TV is had it may perhaps contact the dishwasher for extra water filling on the floor and defrost the fridge.
(Score: 1, Funny) by Anonymous Coward on Friday March 31 2017, @12:57AM
Display a video feed from the microwave?
(Score: 2, Interesting) by anotherblackhat on Thursday March 30 2017, @11:26PM (1 child)
The hack as stated requires that the "smart" tv have access to the internet (it needs to download the crack)
But I bet it'd be easy enough to supply a wifi access point at the same time as you transmit the hack.
You could even mirror the local wifi node/name but using the easy to WEP encryption.
(Score: 2) by KilroySmith on Friday March 31 2017, @02:40AM
Good point - I'd forgotten that the OTA was just a website link.