Categories: HackingSecurity

How to get into your house through SmartTV

It’s time of analysis for the past year and forecasts on what will be the main cyber threats for next year, F-Secure Labs proposed the following Top 7 Predictions for 2013:

  1. The end of the Internet as we know it?
  2. Leaks will reveal more government-sponsored espionage tools
  3. Commoditization of mobile malware will increase
  4. Another malware outbreak will hit the Mac world
  5. Smart TVs will become a hacker target
  6. Mobile spy software will go mainstream
  7. Free tablets will be offered to prime content customers

Reading the list one item appears to be very singular, the possibility that smart TV in our home will be subject of massive cyber attacks next year. We are speaking about smart TV, but as I highlighted yesterday in my article on “intelligent components” that surround us, the problematic is extended to every object that we daily use that is exposed on internet. Massive introduction of technology in our live has dramatically increased our surface of attack, we are all potential targets and what is really scaring is that majority of users totally ignore it. A huge quantity of objects manage our data and personal information, SmartTVs are even more sophisticated devices that interact with humans detecting their presence and that are interconnected with a wide range of technology appliances. SmartTV manage onboard cameras, they are interfaced with our media centers, they dialogue with our console games … they are part of our domestic network, this means that exploiting them it is possible to have access to our “private universe”.

The concept of “smart objects” is relatively new and it is proposed to user unprepared on the real risks related to their improper use, the constellation of appliances is born without considering as fundamental the security requirements in the design phase.

Why an attacker could be interested to hack our domestic appliance?

The domestic devices such as our smart TV have got network connectivity and are equipped with a meaningful computational capability, they could be attacked for several purposes:

  • Cyberespionage – Object such as SmartTV are open gates to our domestic network where are available a huge quantity of personal data.
  • To recruit new bot to compose powerful botnets to conduct cyber attacks against strategic targets. Let’s think to the possibility to use any device to conduct a DDoS attack or a phishing attack (…soon on these screens … 😉 )
  • Cybercrime – hackers could be interested to user’s data related to payments (e.g. banking credentials) … and this data could be available on gaming console or in clear text on the hard drive of a media center connected to the TV. Principal monetization schema could include the use of ransomware or the spread of malicious agent for Bitcoin mining.

The above examples are just a small introduction to a wide-ranging phenomenon to be taken into account, users have to be instructed on how to manage domestic devices, how to adopt best configuration to avoid a cyber attack, let’s think to the necessity for example to change factory sectoring, well known to the hackers and simply exploitable for an hack, at first use.

But the forecast proposed are a smart reading of today’s reality, firmware installed on SmartTV are already vulnerable to cyber attacks and the excellent researchers of ReVuln Ltd., Donato Ferrante and Luigi Auriemma, have demonstrated it. ReVuln Ltd. is a dynamic company specialized in software and hardware assessment including vulnerability research for offensive and defensive security. I personally have great admiration for the work of these professionals that I hope to meet them soon.

The security experts posted a video that demonstrates how it is possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV.

Luigi Auriemma said,

“We have tested different Samsung televisions of the latest generations running the latest version of their firmware. Unfortunately we can’t disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability.”.

Good … and safe vision

Pierluigi Paganini

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

6 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

17 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.