Not to Silent Smart TVs
The number of connected devices has increased substantially in residences over the last five years. This makes people’s lives more convenient. This has the ability to connect to the toasters, coffeemakers, refrigerators, and other appliances. There is however one appliance that is much more utilized from the time perspective. In the residential IoT environment, this is the connected TV. This is easily acquired and implemented in the home. People are drawn to this much like a moth to a flame. The increase in usage with the connected TV will continue until the implementation comes to a plateau. Until then, this will grow exponentially (Khandelwal, 2017).
Issue
As noted the implementation is growing. This is due to many factors, including the user not only watching TV, but also accessing the internet for searches, along with watching content only available on the internet, such as Netflix. Although this is a fantastic function for the user, the problem is insecurity. There is a vast number of insecure devices. These have been regularly compromised, or the data being logged and forwarded to the manufacturer servers. As for the compromised aspect, this has been evidenced by the many attacks focused on the connected television and subsequent other attacks using these as part of the bot army. Mirai is notable as one of the largest DDoS attacks, which happen to use insecure IoT devices. These smart TVs have created a new niche in the attacker’s repertoire.
Attack
The target for this has been smart TVs. This distinct attack does not require any form of physical access. The proof of concept (PoC) vulnerability was noted by Rafael Scheel (Khandelwal, 2017). This attack is successful with malicious commands being placed in Digital Video Broadcasting-Terrestrial (DVB-T) signal (Khandelwal, 2017). These injections are well-known. The DVB-T is the transmission standard and is not obscure. To accomplish the attack, the person requires a transmitter, which does not cost that much. These signals are then able to be received by other devices proximate to the TV. With another simple piece of equipment, the attacker is then able to increase this to a radius of greater than 100 meters (Stark, 2017). This attack allows the person to gain root access and use the device for their deeds.
The IoT is convenient for users, but there are downsides we should heed.. As time passes, these attacks will become greater in number and consequence so we need to keep that in mind and be alert.
References
Khandelwal, S. (2017, March 31). Over 85% of smart tvs can be hacked using broadcasting signals. Retrieved from http://thehackernews.com/2017/03/hacking-smart-tvs.html
Stark, J. (2017, March 23). It’s so easy to hack a smart tv. Retrieved from http://www.computerworld.ch/news/security/artikel/so-einfach-hackt-man-einen-smart-tv-72030/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.