Remember 1984 by George Orwell?
Turns out, all our fears were on point.
First there were Wikileaks documents describing ‘Weeping Angel‘— a workshop with MI5 where the CIA purportedly were able to turn a Samsung smart TV into an eavesdropping device. And now, a security analyst has demonstrated how embedded code can be broadcast into DVB-T over-the-air signals.
A security expert has demonstrated how hackers can attack smart TVs using over-the-air broadcast signals.
Using DVB-T signals, Oneconsult security researcher Rafael Scheel was able to attack and then gain control of smart TVs, bringing the lack of security on IoT devices sharply into focus.
Using the flaws that are inherently present on the web browsers of smart TVs, when they play online content, the intrusion gained root-level access to issue commands. All they needed to demo the hack was a powerful transmission that was able to get to compatible TVs. Scheel further showed that at least one attack would work without revealing any problems.
While DVB-T signals are no longer in use in the US, Freeview in the UK is transmitted using the vulnerable signals. The demo was carried out on two recent Samsung models and it was explained that the code could be altered to compromise other web-enabled TVs. For the codes to work seamlessly, the targeted TV needs to both be tuned into a DVB-T channel as well as have the TV connected to the internet.
Yossef Oren, co-author of research paper ‘From the Aether to the Ethernet –Attacking the Internet using Broadcast Digital Television’ told Ars Technica: ‘This research is significant because TVs are used by a fundamentally different demographic than computers. People who use TVs don’t know/care about security, they aren’t used to getting security prompts from their TVs, they don’t have the discipline of installing security updates, and so on.’
Scheel had a parting shot- he told Ars Technica that this type of a breach would allow hackers ‘attack further devices in the home network or to spy on the user with the TV’s camera and microphone.’
Here is a video of how the hack was executed.