Feeds

Hacker warning over internet-connected HDTVs

Something's wrong with one of them, but we won't tell you which or whose

Choosing a cloud hosting partner with confidence

Internet-connected HDTVs could be used by hackers to infiltrate home networks, according to a firm that markets device security software for smartphones, VoIP devices and TVs.

Mocana's not-exactly-disinterested warning follows tests by the firm on a range of inter-connected TVs, during which a security flaw was discovered in the kit of an unspecified manufacturer. The security firm is withholding details of the firm involved or the security weakness, at least until a fix is released.

In a press release, issued on Wednesday, Mocana explains that the security vulnerability presents a way to hack into consumers’ home network and potentially (our emphasis) intercept and redirect internet traffic to and from the HDTV to mount phishing scams, gain access to backend services from third-party organisations (such as video streaming) or monitor and report on consumers’ private internet usage habits.1

Mocana said its researchers were able to use hacking techniques familiar to the world of PC skullduggery (such as “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques) to inject JavaScript onto a vulnerable device "allowing attackers script integrity before running code".

Security problems involving embedded devices have been in the news quite a bit over recent months, with attacks against industrial control systems from the Stuxnet worm. Problems from malware on ATMs have also also sporadically appeared.

Either sabotaging an industrial plant – perhaps one involved in uranium enrichment – or powering an ATM to swipe card details before cashing out accounts are clear hacker objectives that would be difficult to pull off by simply hacking into Windows PCs and planting malware.

However, the same can't be said of hacking into an internet-connected TV to run a phishing scam, for example. Mocana said its research shows how hackers might be able to extend the functionality of an internet-connected TV without the manufacturer’s permission, something hobbyist hackers might be interested in, but not exactly a clear route towards getting free cable or satellite TV access, a far more plausible attack scenario especially since security researchers have already demoed attacks on hotel TV systems.

Overall, however, we can't help but conclude that Mocana is talking up a threat in the hope of later selling into it, thereby helping it to establish a new line of business. The supposed threat of hackers turning off internet-connected fridges, thereby causing your milk to go sour, has been around for more than 10 years (example here). Hacking TVs is a new spin on a similar theme and for that, at least, Mocana is to be congratulated.

More details on Mocana's (redacted) research on the vulnerabilities of one unnamed internet-connected TV can be found here (pdf). ®

Bootnote

1Frankly we think Mocana missed a few tricks here by not talking about Poltergeist-style attacks from other dimensions against hi-tech TVs. It might at least talk about zombie clients for hacker-controlled PCs, called Sadako, perhaps.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.