gabe@gabegold.com
Date: Mon, 12 Aug 2019 17:58:31 -0400
For all the focus on locking down laptops and smartphones, the biggest
screen in millions of living rooms remains largely unsecured
<https://www.wired.com/2017/03/worried-cia-hacked-samsung-tv-heres-tell/>,
even after years of warnings
<https://www.wired.com/2017/02/smart-tv-spying-vizio-settlement/>. Smart TVs
today can fall prey to any number of hacker tricks -- including one
still-viable radio attack, stylishly demonstrated by a hovering drone.
At the Defcon hacker conference Sunday, independent security researcher
Pedro Cabrera showed off, in a series of hacking proof of concept attacks,
how modern TVs -- and particularly smart TVs that use the Internet-connected
HbbTV standard implemented in his native Spain, across Europe, and much of
the rest of the world -- remain vulnerable to hackers. Those techniques can
force TVs to show whatever video a hacker chooses, display phishing messages
that ask for the viewer's passwords, inject keyloggers that capture the
user's remote button presses, and run cryptomining software. All of those
attacks stem from the general lack of authentication in TV networks'
communications, even as they're increasingly integrated with Internet
services that can allow a hacker to interact with them in far more dangerous
ways than in a simpler era of one-way broadcasting.
"The lack of security means we can broadcast with our own equipment anything we want, and any smart TV will accept it," Cabrera says. "The transmission hasn't been at all authenticated. So this fake transmission, this channel injection, will be a successful attack."
At the Defcon hacking conference in Las Vegas, a security researcher showed how easy it is to compromise a smart TV with a DJI quadcopter. See for yourself. Harald Sund/Getty Images
https://www.wired.com/story/smart-tv-drone-hack/