Major Security Flaws Discovered In Internet HDTVs 128
wiredmikey writes "Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it's likely that similar security flaws exist in other Internet TVs. The security researchers were able to demonstrate how an attacker could intercept transmissions from the television to the network using common 'rogue DNS,' 'rogue DHCP server,' or TCP session hijacking techniques. Mocana was able to demonstrate that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device's Internet functionality."
Re:But How Connected is the TV Anyways? (Score:4, Informative)
The one that I just got supports external HDD's, USB Cameras, wired, wireless, HTTP (via vieracast). Granted, the TV's OS is very limited, but it supports enough that it could be very damaging if compromised.
For instance, my TV currently has stored in it passwords for my Skype/Netflix/Pandora accounts as well as my WPA2 creds.
The very limited VieraCast interface simply uses HTTP to generate it's menus and people have already started to use squid/DNS redirecting to do things like stream from Myth etc etc.
This guy so far seems to have made the most progress.
http://customvieracast.blogspot.com/ [blogspot.com]
Re:Heh (Score:5, Informative)
Re:But How Connected is the TV Anyways? (Score:5, Informative)
1) Set up ssh and dynamic dns on compromised TV, or perhaps a cron job to do a reverse SSH tunnel every so often (to bypass firewall). Now you know where this connection is, at all times, and have full control, at any time.
2) Set up BIND DNS, set to forward to whatever malicious DNS server you want.
3) Either set up a phony DHCP server, and/or do some arp poisoning so that all traffic to the internet is routed thru the TV.
4) Control the entire household's internet connection -- rewriting HTTP pages, sending whatever DNS responses you want (Google? SURE, its this IP here in china!), capturing passwords (redirecting HTTPS to HTTP so that cert errors dont occur, or inserting non HTTPS javascript to capture the password), etc.
ANY smart device on a home network has the potential to wreak massive havok on that network.