Feeds

Hacker warning over internet-connected HDTVs

Something's wrong with one of them, but we won't tell you which or whose

Website security in corporate America

Internet-connected HDTVs could be used by hackers to infiltrate home networks, according to a firm that markets device security software for smartphones, VoIP devices and TVs.

Mocana's not-exactly-disinterested warning follows tests by the firm on a range of inter-connected TVs, during which a security flaw was discovered in the kit of an unspecified manufacturer. The security firm is withholding details of the firm involved or the security weakness, at least until a fix is released.

In a press release, issued on Wednesday, Mocana explains that the security vulnerability presents a way to hack into consumers’ home network and potentially (our emphasis) intercept and redirect internet traffic to and from the HDTV to mount phishing scams, gain access to backend services from third-party organisations (such as video streaming) or monitor and report on consumers’ private internet usage habits.1

Mocana said its researchers were able to use hacking techniques familiar to the world of PC skullduggery (such as “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques) to inject JavaScript onto a vulnerable device "allowing attackers script integrity before running code".

Security problems involving embedded devices have been in the news quite a bit over recent months, with attacks against industrial control systems from the Stuxnet worm. Problems from malware on ATMs have also also sporadically appeared.

Either sabotaging an industrial plant – perhaps one involved in uranium enrichment – or powering an ATM to swipe card details before cashing out accounts are clear hacker objectives that would be difficult to pull off by simply hacking into Windows PCs and planting malware.

However, the same can't be said of hacking into an internet-connected TV to run a phishing scam, for example. Mocana said its research shows how hackers might be able to extend the functionality of an internet-connected TV without the manufacturer’s permission, something hobbyist hackers might be interested in, but not exactly a clear route towards getting free cable or satellite TV access, a far more plausible attack scenario especially since security researchers have already demoed attacks on hotel TV systems.

Overall, however, we can't help but conclude that Mocana is talking up a threat in the hope of later selling into it, thereby helping it to establish a new line of business. The supposed threat of hackers turning off internet-connected fridges, thereby causing your milk to go sour, has been around for more than 10 years (example here). Hacking TVs is a new spin on a similar theme and for that, at least, Mocana is to be congratulated.

More details on Mocana's (redacted) research on the vulnerabilities of one unnamed internet-connected TV can be found here (pdf). ®

Bootnote

1Frankly we think Mocana missed a few tricks here by not talking about Poltergeist-style attacks from other dimensions against hi-tech TVs. It might at least talk about zombie clients for hacker-controlled PCs, called Sadako, perhaps.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.