Latest Discovery: Nearly 90% of Smart TVs are Prone to Remote Hijacking

According to the report of Swati Khandelwal (Technical Writer, Security Blogger and IT Analyst of The Hacker News . It’s now possible to hijack a smart television by using nasty broadcast signals, obtain root access on the infected gadget, and use it for a wide range of dreadful actions, for example, carrying out DDoS (distributed denial-of-service) attacks and monitoring the victims’ activities.

The security vulnerability, discovered by Rafael Scheel, one of the employees at Oneconsult , is one-of-its-kind and very dangerous—unlike the earlier smart television attacks.

The new hack takes place remotely

Before this discovery, the success of smart TV attacks—for example, the “Weeping Angel” hack (which is CIA’s brainchild)—depended on the ability of the criminals to physically access an appliance and implant damaging codes. Other threats depended on social engineering approaches, implying they had to beguile unsuspecting users into installing rogue applications. The earlier exploits enhanced the possibilities of hackers being traced and apprehended, and also limited the number of gadgets that could be hijacked.

In contrast, Scheel’s method doesn’t oblige criminals to physically gain entry into the targeted appliance, and can be simultaneously carried out against a large number of smart TV users.

How Scheel’s exploit works

Scheel uncovered how the exploit works at the European Broadcasting Union (EBU) Media Cyber Security Seminar, which took place in February 2017. According to him, nearly 90% of smart television sets recently manufactured lack adequate protection from these types of attacks.

Scheel utilized an inexpensive transmitter to embed injurious codes into a disastrous DVB-T (Digital Video Broadcasting-Terrestrial) signals (DVB-T is in-built into most television sets with Internet access capabilities). He said that any person can purchase a DVB-T transmitter (an ordinary apparatus costs between $50 and $150), and begin sending out injurious DVB-T signals.  If any devices pick up these dangerous signals, it can enable a hacker to obtain root access on the appliance, and utilize them for realizing various nasty objectives.

Scheel utilized common privilege escalation methods in the smart TV’s browser to implement the damage-causing code, distantly establish an Internet connection to the device, and fruitfully gain full domination of the television set. Worse still, once successful, rebooting the device repeatedly or performing factory resetting, cannot eradicate the infection—providing attackers with the ability to maximize on their exploitation.

Implications of Scheel’s discovery

Scheel revealed a key weakness in the technology of manufacturing television sets in the globe. More so, it underscores the weaknesses inherent in most Internet-connected equipment.

In recent years, we’ve seen a rapid growth of “Internet of Things” (IoT) devices. Similarly, criminals have increasingly targeted them for a wide range of dangerous intentions. Therefore, this calls for adoption of better proactive measures to prevent these attacks.

Read the full article here.

Comments are closed.