Hack embeds attack code into broadcast signal, with no access required.
It might be time to ask your crazy uncle for some spare tinfoil, and the instructions to make yourself a hat. New information from security researchers has found the smart TVs are the latest connected devices to potentially fall prey to hackers. How is this any different from other vulnerable IoT gadgets? In this case, your television doesn’t even have to be connected to the internet.
A Swiss security company has developed a way to break into televisions through their DVB-T signal, or Digital Video Broadcasting – Terrestrial signal. Since many TVs rely on DVB-T signals to get the content we consume, this company has found that anyone with the right device can attack your television through this method, then access the root menu. They can activate your device’s camera or microphone, dig around until they get to other devices on your network, and more.
News outlets have been quick to get the full details of how these kinds of attacks could potentially be carried out, as well as to highlight the good news for most consumers. Ars Tecnica examined how hackers could transmit malicious code over the airwaves by transmitting it through a DVB-T signal, giving them access to countless televisions without ever having to lay eyes on them. This physical access limitation has been an obstacle to TV hacking in the past, even as recently as a handful of years ago, but the method that Rafael Scheel developed for Oneconsult removes that barrier.
Fortunately, Engadget has pointed out that the coincidences required for this to actually make a dent for victims are almost too much. The TV owner would have to live in a country that uses DVB-T signals for broadcasts, and has a hybrid broadcast broadband TV format (HbbTV), AND has the television connected to the internet (the attack doesn’t originate over the internet, but connecting to the owner’s other IoT devices would require it). They pointed out that “gaming consoles and media hubs” connected to the TV for streaming and gaming purposes also wouldn’t be affected by this type of attack.
But don’t let that news cause you to let your guard down. It’s a case of another day, another attack against unsecured IoT devices, something that the industry is going to have to take seriously.