Smart TVs can be Hacked just by using Broadcasting Signal

Smart TVs can be Hacked just by using Broadcasting Signal.

Image Source: 123rf

A Security Researcher warns about a new attack that uses rogue DVB-T (Digital Video Broadcasting — Terrestrial) to hack a wide range of Smart TVs. The Hackers are able to take complete control of a large number of sets at once without having any physical access to any of them.

Even the Hacking tool developed by CIA named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But this Tool by CIA needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations.

The proof-of-concept exploit for the attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, uses a low-cost transmitter for embedding malicious commands into a rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals. 

Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

Image Source: OneConsult

That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, and once compromised, attackers could remotely connect to the TV over the Internet using interfaces, allowing them to take complete control of the device.

Once compromised, the TV would be infected in a way that neither device reboots nor factory resets would help the victims get rid of the infection. The attack was able to gain highly privileged root access to the TVs and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying users.

Scheel provided a live hacking demonstration of the attack during a presentation at the European Broadcasting Union (EBU) Media Cyber Security Seminar, saying about 90 percent of the Smart TVs sold in the last years are potential victims of similar attacks.

At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV.

Below you can watch the video of his presentation, which also includes demonstrations for both DVB-T attacks and proposed mitigations :




"Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways," Rafael Scheel, the security consultant who publicly demonstrated the attack, told Ars. "Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV's camera and microphone."

Best feature of this  attack is that this Attack is Fully Untraceable, the reason behind this is the DVB-T, the transmission method for HbbTV commands, is a uni-directional signal, meaning data flows from the attacker to the victim only. This makes the attack traceable only if the attacker is caught transmitting the rogue HbbTV signal in real-time. According to Scheel, an attacker can activate his HbbTV transmitter for one minute, deliver the exploit, and then shut it off for good.

It's almost impossible to get rid of infected smart TVs, any backdoors added through this method are almost impossible to remove, as the attacker could sabotage any firmware update mechanism and remain on the device until users got rid of their smart TVs. Furthermore, Scheel says even factory reset operations didn't help for the devices he tested, and the backdoor he developed remained on the TVs.

The researcher says that such a backdoor could be used to run IoT DDoS botnets, use the smart TVs as relay points for attacks on enterprise networks, spy on users via the TV's microphone and camera, steal data stored on the TV, inject ads on the TV (sabotage competitors on the smart TV market), and many other actions.

Once again this hacks underlines the risks of so-called "Internet of Things" devices, the vast majority of which are given network access and computing functionalities without being adequately secured. TVs and other Internet-connected appliances almost universally lack application sandboxing and other exploit mitigations that are a standard part of computer and mobile operating systems. Even worse, most devices run old versions of Linux and open source browsers that contain critical vulnerabilities. While patches are generally available on the Internet for the individual components, manufacturers rarely give customers a way to install them on the devices in a timely way.

Since the IoT devices are rapidly growing and changing the way we use technology, it drastically expands the attack surface, and when viewed from the vantage point of information security, IoT can be frightening.

Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks.

So, is there anything to say about this Smart TVs Hacking, Tell us your views in the comment section below. And do share with others too.

Source: OneConsult