Internet of Things

Do You Trust Your Smart TV?

Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy?

In our latest video, we demonstrate an attack scenario that can occur within any organization – hacking a smart TV. The video shows an insider plugging a USB Rubber Ducky into a smart TV in a company meeting room. Within less than a minute, a payload is executed to set up a Wi-Fi network for data exfiltration (called kitty3) and instructs the TV to connect to it. The payload then uploads a utility that captures the screen before the insider removes the rogue device.

Later that day, a company meeting takes place in that same meeting room, and the smart TV displays a presentation containing confidential data. The screen capture utility screen records the whole presentation and saves the recording as a file on the TV. Through the pre-established Wi-Fi network (kitty3), the attacker remotely connects to the TV and views and downloads the saved screen recording. Now, the bad actor has full access to all the data.

“Someone” Like You

In this scenario, the type of attack on the smart TV was a hardware-based attack. These attacks require physical access as someone must physically insert the rogue device, and in this case, that “someone” was an insider; more specifically, an outsourced worker. According to the 2020 Insider Threat Report, contractors, service providers, and temporary workers pose the greatest risk to 50% of organizations. As an outsourced worker, the cleaner has insider access yet less loyalty to the organization than a direct employee. Such characteristics mean outsourced staff are ideal targets for attackers. The cleaner’s insider access takes care of the physical access challenge, while detachment to the organization makes the individual more susceptible to social engineering. There is an abundance of social engineering techniques, of which many are sinister, such as blackmail. In this case, however, the social engineering technique was bribery in the form of a financial payout.

The Faceless Man

Other than a global healthcare crisis, COVID-19 brought new opportunities to bad actors. Before the pandemic, wearing a surgical mask would raise suspicion unless you were a surgeon or healthcare worker. However, as wearing a mask is now not only second nature, but in most countries, mandatory, attackers are using this to their advantage to hide their identity and gain physical access to secure locations. The use of masks to assist in criminal activity is of such value that face masks sell on the black market at premiums of up to 1,500%. So, while this attack demonstrated manipulating an insider, as long as face masks are a norm, that “insider” could have been anyone.

Rubber Ducky, You’re the One

The USB Rubber Ducky is a Rogue Device that spoofs a legitimate HID. Gaps in device visibility mean the Rogue Device is not detected, but rather the legitimate device it is impersonating is. As a result, the Rogue Device raises no security alarms and, in seconds, covertly hacks the smart TV to provide the attacker with remote access to the company’s sensitive information, even after removing the attack tool. So, while you may not see them, they see you; all it takes is a duck, a Wi-Fi connection, and a smart TV that is smarter than you think.

About the author: Jessica Amado, Head of Cyber Research at Sepio Systems

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Smart TV)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

20 mins ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

7 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

19 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

23 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.