Feeds

Hacker warning over internet-connected HDTVs

Something's wrong with one of them, but we won't tell you which or whose

Security for virtualized datacentres

Internet-connected HDTVs could be used by hackers to infiltrate home networks, according to a firm that markets device security software for smartphones, VoIP devices and TVs.

Mocana's not-exactly-disinterested warning follows tests by the firm on a range of inter-connected TVs, during which a security flaw was discovered in the kit of an unspecified manufacturer. The security firm is withholding details of the firm involved or the security weakness, at least until a fix is released.

In a press release, issued on Wednesday, Mocana explains that the security vulnerability presents a way to hack into consumers’ home network and potentially (our emphasis) intercept and redirect internet traffic to and from the HDTV to mount phishing scams, gain access to backend services from third-party organisations (such as video streaming) or monitor and report on consumers’ private internet usage habits.1

Mocana said its researchers were able to use hacking techniques familiar to the world of PC skullduggery (such as “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques) to inject JavaScript onto a vulnerable device "allowing attackers script integrity before running code".

Security problems involving embedded devices have been in the news quite a bit over recent months, with attacks against industrial control systems from the Stuxnet worm. Problems from malware on ATMs have also also sporadically appeared.

Either sabotaging an industrial plant – perhaps one involved in uranium enrichment – or powering an ATM to swipe card details before cashing out accounts are clear hacker objectives that would be difficult to pull off by simply hacking into Windows PCs and planting malware.

However, the same can't be said of hacking into an internet-connected TV to run a phishing scam, for example. Mocana said its research shows how hackers might be able to extend the functionality of an internet-connected TV without the manufacturer’s permission, something hobbyist hackers might be interested in, but not exactly a clear route towards getting free cable or satellite TV access, a far more plausible attack scenario especially since security researchers have already demoed attacks on hotel TV systems.

Overall, however, we can't help but conclude that Mocana is talking up a threat in the hope of later selling into it, thereby helping it to establish a new line of business. The supposed threat of hackers turning off internet-connected fridges, thereby causing your milk to go sour, has been around for more than 10 years (example here). Hacking TVs is a new spin on a similar theme and for that, at least, Mocana is to be congratulated.

More details on Mocana's (redacted) research on the vulnerabilities of one unnamed internet-connected TV can be found here (pdf). ®

Bootnote

1Frankly we think Mocana missed a few tricks here by not talking about Poltergeist-style attacks from other dimensions against hi-tech TVs. It might at least talk about zombie clients for hacker-controlled PCs, called Sadako, perhaps.

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.