A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.
The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks.
Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. Other attacks relied on social engineering, meaning attackers had to trick users into installing a malicious app on their TV.
Even the mighty CIA developed a hacking tool named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But despite its considerable human and financial resources, the CIA and its operators needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations.
Because of the many constraints that come with physical and social engineering attacks, Scheel didn't consider any of them as truly dangerous, and decided to create his own.
Source: BleepingComputer
(Score: 2) by mcgrew on Friday March 31 2017, @05:32PM
A TV without a wifi password or ethernet cable isn't easy to use in a botnet, either. I won't give my TV my wifi password, and make sure I shut off all my computers before watching Hulu or Netflix on it. I suppose the attacker could give it access to its own hotspot, but they'd have to be parked in my driveway to do it.
mcgrewbooks.com mcgrew.info nooze.org