If you own a SmartTV, you might not be the only one controlling it

Smart TV owners, be careful with your data! A study by Yossi Oren and Angelos Keromytis, two researchers based at Columbia University’s Network Security Laboratory, warns of the of the ease with which they can be hacked. According to the report, one only has to intercept the DTT signal transmitted by the supplier using an antenna to infiltrate the network onto which the targeted TV set is connected. This vulnerability allows the hacker to collect the sounds, images and data sent by the operator, broadcast his own signal and thus crack the Smart TV. The attacker will then not only be able to access the customer data shared with the supplier, but also take control of the TV set. From there, the attacker can hijack both the microphone and camera, infiltrate hard disks and USB sticks that may be plugged into the set, or install a ransomware that will block your TV until the requested ransom is paid.

This maneuver also allows attackers to bypass the protection of your local firewall, use the built-in web browser and download malicious code to infiltrate other devices on the network. The study reveals that a modest investment of 450 dollars will get hackers a cheap antenna that is capable of providing access to up to 20 000 Smart TVs. The antivirus vendor Trend Micro has also unveiled/unmasked techniques similar to those that are ordinarily found on computers, which encourage users to download and run corrupted software or applications. This was for instance the case of an Android application that infected TVs’ victims whilst pretending to provide access to international channels. Once installed by the target, the hacker gains access to the victim’s Internet browsing history, as well as personal data, contact information and passwords. By taking control of the websites and personal accounts connected to the TV, it can also usurp the identity of the latter by broadcasting messages or statuses on social networks for example.

The researchers condemn the negligence of Smart TV manufacturers in this regard, by demonstrating that such security flaws are due in particular to the new industry standard for television and Internet broadcasting. The Hybrid Broadcast Broadband TV (HbbTV), created in 2011, has been adopted by 90% of Smart TV providers on the market, according to a study conducted by the research firm GFK. It is favored by suppliers because it allows advertisers and broadcasters to target ads more precisely and add interactive content to their programs. When asked about the matter, the HbbTV consortium found that the flaw was not critical enough to review the standard applied to Smart TV manufacturers; which continues to expose the millions of Smart TVs available on the market to serious vulnerabilities. Despite the recognized weaknesses of the product, there is also no antivirus or protection system dedicated to prevent the attacks. It is therefore recommended that users disconnect the TV from their local network, and only download applications from the Smart TV’s brand official websites. Yet, some manufacturers have taken steps to secure the system despite HbbTV’s unresponsiveness: Samsung for example, recently presented a TV equipped with alternative system “Tizen”, which includes a functionality for protected personal data backup and malware detection. In light of the continued growth of the IoT market – approximately 32 million smart devices are projected to be in circulation in 2020 according to a report published by EMC and IDC – it has become crucial to prioritize safety.