Feeds

Hacker warning over internet-connected HDTVs

Something's wrong with one of them, but we won't tell you which or whose

Boost IT visibility and business value

Internet-connected HDTVs could be used by hackers to infiltrate home networks, according to a firm that markets device security software for smartphones, VoIP devices and TVs.

Mocana's not-exactly-disinterested warning follows tests by the firm on a range of inter-connected TVs, during which a security flaw was discovered in the kit of an unspecified manufacturer. The security firm is withholding details of the firm involved or the security weakness, at least until a fix is released.

In a press release, issued on Wednesday, Mocana explains that the security vulnerability presents a way to hack into consumers’ home network and potentially (our emphasis) intercept and redirect internet traffic to and from the HDTV to mount phishing scams, gain access to backend services from third-party organisations (such as video streaming) or monitor and report on consumers’ private internet usage habits.1

Mocana said its researchers were able to use hacking techniques familiar to the world of PC skullduggery (such as “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques) to inject JavaScript onto a vulnerable device "allowing attackers script integrity before running code".

Security problems involving embedded devices have been in the news quite a bit over recent months, with attacks against industrial control systems from the Stuxnet worm. Problems from malware on ATMs have also also sporadically appeared.

Either sabotaging an industrial plant – perhaps one involved in uranium enrichment – or powering an ATM to swipe card details before cashing out accounts are clear hacker objectives that would be difficult to pull off by simply hacking into Windows PCs and planting malware.

However, the same can't be said of hacking into an internet-connected TV to run a phishing scam, for example. Mocana said its research shows how hackers might be able to extend the functionality of an internet-connected TV without the manufacturer’s permission, something hobbyist hackers might be interested in, but not exactly a clear route towards getting free cable or satellite TV access, a far more plausible attack scenario especially since security researchers have already demoed attacks on hotel TV systems.

Overall, however, we can't help but conclude that Mocana is talking up a threat in the hope of later selling into it, thereby helping it to establish a new line of business. The supposed threat of hackers turning off internet-connected fridges, thereby causing your milk to go sour, has been around for more than 10 years (example here). Hacking TVs is a new spin on a similar theme and for that, at least, Mocana is to be congratulated.

More details on Mocana's (redacted) research on the vulnerabilities of one unnamed internet-connected TV can be found here (pdf). ®

Bootnote

1Frankly we think Mocana missed a few tricks here by not talking about Poltergeist-style attacks from other dimensions against hi-tech TVs. It might at least talk about zombie clients for hacker-controlled PCs, called Sadako, perhaps.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?