Feeds

Hacker warning over internet-connected HDTVs

Something's wrong with one of them, but we won't tell you which or whose

Beginner's guide to SSL certificates

Internet-connected HDTVs could be used by hackers to infiltrate home networks, according to a firm that markets device security software for smartphones, VoIP devices and TVs.

Mocana's not-exactly-disinterested warning follows tests by the firm on a range of inter-connected TVs, during which a security flaw was discovered in the kit of an unspecified manufacturer. The security firm is withholding details of the firm involved or the security weakness, at least until a fix is released.

In a press release, issued on Wednesday, Mocana explains that the security vulnerability presents a way to hack into consumers’ home network and potentially (our emphasis) intercept and redirect internet traffic to and from the HDTV to mount phishing scams, gain access to backend services from third-party organisations (such as video streaming) or monitor and report on consumers’ private internet usage habits.1

Mocana said its researchers were able to use hacking techniques familiar to the world of PC skullduggery (such as “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques) to inject JavaScript onto a vulnerable device "allowing attackers script integrity before running code".

Security problems involving embedded devices have been in the news quite a bit over recent months, with attacks against industrial control systems from the Stuxnet worm. Problems from malware on ATMs have also also sporadically appeared.

Either sabotaging an industrial plant – perhaps one involved in uranium enrichment – or powering an ATM to swipe card details before cashing out accounts are clear hacker objectives that would be difficult to pull off by simply hacking into Windows PCs and planting malware.

However, the same can't be said of hacking into an internet-connected TV to run a phishing scam, for example. Mocana said its research shows how hackers might be able to extend the functionality of an internet-connected TV without the manufacturer’s permission, something hobbyist hackers might be interested in, but not exactly a clear route towards getting free cable or satellite TV access, a far more plausible attack scenario especially since security researchers have already demoed attacks on hotel TV systems.

Overall, however, we can't help but conclude that Mocana is talking up a threat in the hope of later selling into it, thereby helping it to establish a new line of business. The supposed threat of hackers turning off internet-connected fridges, thereby causing your milk to go sour, has been around for more than 10 years (example here). Hacking TVs is a new spin on a similar theme and for that, at least, Mocana is to be congratulated.

More details on Mocana's (redacted) research on the vulnerabilities of one unnamed internet-connected TV can be found here (pdf). ®

Bootnote

1Frankly we think Mocana missed a few tricks here by not talking about Poltergeist-style attacks from other dimensions against hi-tech TVs. It might at least talk about zombie clients for hacker-controlled PCs, called Sadako, perhaps.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.