Here’s an unsettling prospect—hackers may be able to take complete control of a large number of sets at once without having physical access to any of them.
Recently, an employee of a Swiss security consulting company demonstrated via a proof-of-concept the ability to use a low-cost transmitter to embed malicious commands into a rogue TV signal, which is then broadcast to nearby devices. It exploited known security flaws in the Web browsers running in the background of these Samsung SmartTVs and to gain highly privileged root access to the TVs, and could be revised to work on a much larger grouping of TVs.
If a hacker were to gain control over a TV of an end user, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. By setting up his transmitter in a highly populated area, the bad guy is able to infect a large number of sets, and the infection was able to survive both device reboots and factory resets. A recording of the talk is available below:
The hacks underscore the risks of many home devices, such as refrigerators and TVS, that are given network access these days without having the types of security in place that you’d place on your computers. Making things worse, most devices run old versions of Linux and open source browsers that contain critical vulnerabilities. While patches are generally available on the Internet for the individual components, manufacturers are slow to give customers a way to install them, if at all.
So, who’s watching who?
