Smart TV Hack Embeds Attack Code into Broadcast Signal—No Access Required

Megalith · Apr 2, 2017

Can hackers take control of your set without being anywhere near it? They sure can, as demonstrated by an attack that only requires a transmitter. Able to work against many televisions at once, the exploit, which can survive reboots and factory resets, allows for complete control of a device.

A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them. The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs.

Zion Halcyon · Apr 2, 2017

Nothing new - WikiLeaks already revealed the CIA does this. I think from now on, when I hear "hackers", I'll just mentally replace it with "CIA".

Yaka · Apr 2, 2017

heh, tbh i hope this gives the makers of tv sets a firm kick up the back sides, maybe in the futue when some sites review tvs they can also report if hacks like this works on the tvs

Uvaman2 · Apr 2, 2017

Zion Halcyon said:
Nothing new - WikiLeaks already revealed the CIA does this. I think from now on, when I hear "hackers", I'll just mentally replace it with "CIA".

Yeah to me its more like ' yeah back door discovered'

GaryJohnson · Apr 2, 2017

Fortunately we don't really use DVB-T in the US.

https://en.wikipedia.org/wiki/DVB-T#/media/File:Digital_broadcast_standards.svg

Quartz-1 · Apr 2, 2017

GaryJohnson said:
Fortunately we don't really use DVB-T in the US.

Unfortunately, the US is not the whole world.

blackacidevil · Apr 2, 2017

Quartz-1 said:
Fortunately, the US is not the whole world.

Fixed that for you.

lostin3d · Apr 2, 2017

I find it amusing when family and friends ask me if I've heard of the latest CC skimmers at gas stations or scam phone calls for identity thefts or fake links.

I tell them that if that scares them then after they've read even half the security exploits I have for electronic devices they'd want to walk to the fuse box, turn off the mains, then start pulling batteries out of everything.

What wasn't so funny was watching a PBS special on hacking a couple of years ago. They had a story about a nuclear power plant and explained some hacking attempts targeting them from the internet wasn't to hack the primary computers but was so old and basic that no one recognized it. Someone older recognized it as the code used for the switches on the control rods. Fortunately those switches were not connected to anything w/ internet according to the special. The switches were some ancient design that nobody had considered to have a vulnerability.

Ultima99 · Apr 2, 2017

Survives hard resets? Yikes. Get me some clean flashable firmware, stat!

Logan321 · Apr 3, 2017

Seriously, who uses terrestrial TV signals anymore?

tikiman2012 · Apr 3, 2017

Logan321 said:
Seriously, who uses terrestrial TV signals anymore?

Quite a few of us.

Nenu · Apr 3, 2017

Terrestrial TV is the most common form of TV in the UK.
Although, something not mentioned in the article.

The attack would need to be carried out at the same frequency as a channel the TV was already tuned to.
If the TV isnt tuned to the channel the attack is on, the TV will not receive its data.
It cant blanket attack all TVs in range, only those tuned to that channel and that receive a strong enough signal to override the normal channel.

Jagger100 · Apr 3, 2017

Logan321 said:
Seriously, who uses terrestrial TV signals anymore?

I will be using it to help offset the loss of Cable when I cancel it. My bill is 66% TV / 33% Internet. I barely watch TV anymore. The Path is clear and overdue. An antenna will give me local news.

Master_shake_ · Apr 3, 2017

wait, people still plug a coax cable in to their televisions?

digital cable and encryption took care of that for me... fuck you cable cartel.

Jagger100 · Apr 3, 2017

Master_shake_ said:
wait, people still plug a coax cable in to their televisions?

digital cable and encryption took care of that for me... fuck you cable cartel.

Myself, I'll be using an Antenna to Ethernet tuner with DVR'ing added later when I upgrade my tuner.

lostin3d · Apr 3, 2017

jpm100 said:
I will be using it to help offset the loss of Cable when I cancel it. My bill is 66% TV / 33% Internet. I barely watch TV anymore. The Path is clear and overdue. An antenna will give me local news.

A lot of us are in the same boat. Stream services continue to grow as well. My bill ratio is nearly exactly the same and I'm getting closer each day to cutting it altogether.

PaulP · Apr 3, 2017

When will they learn? Developing embedded systems that receive digital data from outside sources is not for amateurs.

heatlesssun · Apr 3, 2017

PaulP said:
When will they learn? Developing embedded systems that receive digital data from outside sources is not for amateurs.

It's code security 101, validating data before using the data. My guess is that there's nothing here that's checking on the validity of the TV signal.

dook43 · Apr 3, 2017

Just bought a used Non-Smart LG from 2015. Don't need a web browser in my TV.

lostin3d · Apr 4, 2017

Anyone making antenna firewalls? Could be a market, just sayin'

Smart TV Hack Embeds Attack Code into Broadcast Signal—No Access Required

24-bit/48kHz

2[H]4U

Gawd

2[H]4U

[H]ard|Gawd

Supreme [H]ardness

Gawd

[H]ard|Gawd

Supreme [H]ardness

[H]ard|Gawd

[H]ard|Gawd

[H]ardened

Supreme [H]ardness

Fully [H]

Supreme [H]ardness

[H]ard|Gawd

Gawd

Extremely [H]

2[H]4U

[H]ard|Gawd