A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.
The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks.
Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. Other attacks relied on social engineering, meaning attackers had to trick users into installing a malicious app on their TV.
Even the mighty CIA developed a hacking tool named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But despite its considerable human and financial resources, the CIA and its operators needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations.
Because of the many constraints that come with physical and social engineering attacks, Scheel didn't consider any of them as truly dangerous, and decided to create his own.
Source: BleepingComputer
(Score: 2, Interesting) by marknmel on Thursday March 30 2017, @10:39PM
Cobbled together? I think not. This is a system of an intentional design with plans to be abused by the manufacturer and by foreign government actors.
I had the opportunity to purchase smart TV'a when I replaced the tubes a few years ago. My friends thought I was foolish for buying "last year's models". I figured I would make my dumb TV's smart by adding my own Ethernet connected box, sans microphone and camera.
Clearly these shenanigans were foreseen.
There is nothing that can't be solved with one more layer of indirection.