Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Millions of Smart TVs Vulnerable To 'Red Button' Attack

Comments Filter:
  • by Opportunist (166417) on Sunday June 08, 2014 @04:39AM (#47189437)

    Yes, I RTFA. And the responsible consortium knows about the bug and doesn't consider it "important" enough to warrant a change because it's "not cost efficient" to execute an attack.

    It is.

    If all it takes is to weave a signal into the program, there are SO many places where this can take place that it's literally trivial to execute. Aside of the idea they present themselves, i.e. a 1MW transmitter used to infect a rather small area, how about using the broadcast itself? Yes, that means that you have to gain access to the show when or before it is aired, but considering just how many people are concerned with the creation of TV programming, having an "inside man" is fairly trivial. From production to cutting to storage to preparation to the actual broadcast, a show goes through many, many hands, every single thereof having the chance to inject the signal without anyone noticing before it's too late.

    Now add that the more recent history taught us that governments are certainly not above abusing such a flaw and tell me again that there is "no need for concern".

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      I disagree. That's like claiming you can hack someone's ethernet switch by writing a special html page because the traffic will simply pass through. This red button attack works differently. If I understand correctly the interactive stuff (tv guide, pause, record) is provided by the cable company. They may use an underlying feed from the broadcaster but that's it.

      • by jones_supa (887896) on Sunday June 08, 2014 @04:59AM (#47189473)
        So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data. The client TV then automatically interprets the HTML from the transport stream metadata. Provided that the attack was successful, a bunch of TVs can for example be controlled to access a certain website through HTTP requests, causing a denial of service attack for that website.
        • by Anonymous Coward on Sunday June 08, 2014 @05:48AM (#47189559)
          There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. For the next hour, sit quietly and we will control all that you see and hear. We repeat: there is nothing wrong with your television set. You are about to participate in a great adventure. You are about to experience the awe and mystery which reaches from the inner mind to... The Outer Limits.
        • by Fnord666 (889225) on Sunday June 08, 2014 @11:18AM (#47190445) Journal

          So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data.

          No. They are actually overriding the DVB broadcast signal from the broadcaster and inserting malicious packets into the stream.

          Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard.

          All of the references to the "red button" on the remote are a distraction that can be confusing. The red button on your remote is simply a way that you can invoke or interact with the hybrid content in the broadcast stream. It has nothing to do with the actual attack and the embedded content doesn't need to be actual interactive content.

          • Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television.

            And for anyone wondering just why the hell anyone would want this, TFA clarifies:

            Broadcasters and advertisers have been eager to use the HbbTV to target ads more precisely and add interactive content, polls, shopping and apps, to home viewers.

            So let me get this right... "Punch the Monkey", coming to a TV near you? Flashing and bouncing "Take the "Which Ninja Turtle are you most like?" poll for a chance to win $1000!!!"? Malicious "Your TV isn't secure! Click here to upgrade!" ads that install some bullshit TV "app" that does only god-knows-what? Remote scripting running on a device designed without any security in mind, and which will probably never be updated during its 8+ year lifetime?

            How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.

            • by sjames (1099) on Sunday June 08, 2014 @05:11PM (#47191975) Homepage

              The Red button can be useful IFF there is no network connection at all (preventing most of the crap). For example, on DirecTV you can pull up sports scores, weather for your location, and such.

              But over the air with a network connection? I agree with you, DO NOT WANT!

              I notice they seem to have put plenty of effort into DRM in the spec to protect content providers, and none into security that would protect the owner of the TV.

            • And cable, and satellite.. dont forget those boxes we now have to rent again to get our video feed ( the real reason for moving to digital TV,, but that is a different subject ) are in effect a smart TV... THEY control what your set gets to display to you..

              Now what i dont know, is: Do these 'receivers' have this technology yet? If not, its a matter of time.

    • The people involved with the production of a tv show wouldn't have access to the data being exploited, the attack would have to be closer to the OTA broadcast or cable operator. Changing the files containing the code would be fairly obvious so you'd still need to use some hardware for a MITM attack inside the broadcast or cable facility.

      • At that point, you could probably perform various other attacks too. You are given access to important equipment and the company trusts you not to pull any funny shit. After that it all boils down whether you simply want to work ethically and do your job properly.
    • by MrL0G1C (867445)

      The Forbes article mentions a 1W and a 25W amplifier. Quick check confirms the paper also says this (not 1MW !).

      • by msauve (701917)
        If a 1W transmitter could cover a neighborhood, a megawatt transmitter could cover a city.

        Of course, the OP probably screwed up doubly, and meant mW. Getting and using a megawatt transmitter is hardly "trivial."
    • by anegg (1390659)

      Executable content from an uncontrolled source. Sheesh! Why do the folks who design/build entertainment electronics have such a limited understanding of the digital world? Going back to the invention of the Compact Disc as a music medium, the industry consistently demonstrates an inability to think broadly about the opportunities and consequences of the digital world.

      People with home networks (i.e., lots of folks) and a TV that permits executable content that was received from an uncontrolled RF source

    • by mrdogi (82975)
      i.e. a 1MW transmitter used to infect a rather small area

      Um, one megawatt could be used to hack a 'small area' like the entire United States. Perhaps you're thinking of a 1 mW (milliwatt) transmitter?
  • Joe Sixpack suffers a loss as a result of such an attack, who compensates him ? He has never heard of the possibility, but ignorance cannot be claimed by neither the smart TV manufacturers nor the TV broadcaster nor the local standards regulator. All of the latter will claim that it was some 'malicious 3rd party', but they knew about it and took no action to mitigate the threat. It is no longer an excuse to complain that ''it is software and very complicated''.

    Who will compensate Joe Sixpack ?

    • by Anonymous Coward
      Probably no one. Most likely the Smart TV software is provided with a typical "as-is, with no guarantees" policy.
  • "Researchers from Dickweed University's Network Security Lab discovered a flaw affecting nearly every TV on the planet. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to turn on or off, or switch channels. The attack works by equipping a drone with a powerful universal remote, sending commands to all TVs in a broad range." It's even scarier like this!

    • by yacc143 (975862)

      Well, one important detail. Exactly the neighborhoods that have a high level of SmartTVs, will also be receiving their programming via cable or sat, so your RF highjacking is received by only tiny subset.

      • Good point. How many people are watching terrestrial broadcasts, a particular station, with one of the vulnerable Smart TVs in a given area at any particular time? My guess is its probably very few.
        • by BitZtream (692029)

          Timing would make it easier to get larger numbers of televisions. Certain TV shows are more popular. The state of the union address, for example, would be watched by many of those in the more affluent neighborhoods.

          • Of course, most of those affluent folks will be watching cable or satellite, not broadcast.
          • The State of the Union address is normally in English on the four "broadcast*" networks, plus the three cable news channels. I haven't checked, but I bet there's at least one channel in my cable package simulcasting it in Spanish as well.

            *In an affluent neighborhood, the broadcast networks will probably be coming in by cable or satellite too. If I understand correctly that makes them immune from this attack.

    • by Fnord666 (889225)

      "Researchers from Dickweed University's Network Security Lab discovered a flaw affecting nearly every TV on the planet. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to turn on or off, or switch channels. The attack works by equipping a drone with a powerful universal remote, sending commands to all TVs in a broad range." It's even scarier like this!

      That is not how this attack actually works. The attack has nothing to do with the remote and references to it and the "red button" have derailed things. This is an attack on the broadcast television signal. As you recall, broadcast TV was switched from an analog signal to digital. In Europe the protocol for this signal is DVB and in the US it is ATSC. Within these digital broadcasts is a protocol called the HbbTV standard which allows additional interactive data, features, etc. to be embedded to provid

  • It requires a fair amount of RF and broadcast equipment know-how to set up your own mini TV station with a DVB stream with HTML properly injected in the TS metadata. And then you have to make sure that the receivers actually pick up your channel. Possible, but far from trivial. I suspect no one bothers exploiting this one.
    • by drolli (522659)

      Slashdot comments dominated by software guys. I can tell you, with the *right* (semi-expensive ~ 10k) equipment, the hardware part of this is fairly trivial. (lets say 1h)

      Police and secret services use IMSI catchers and trojan-based attacks on a large scale, so why should they not set up a DVB base station for an attack on a specific target (nevertheless infecting 1 Mio of devices in the target area).

      Large-scale phishing attacks could get *much* easier. Imagine a News channel which broadcasts a warning abou

    • by citizenr (871508) on Sunday June 08, 2014 @08:12AM (#47189869) Homepage

      Actually it requires about $200 and nothing more.

      http://www.hides.com.tw/produc... [hides.com.tw]

      Bundled Opencaster offers point and click HbbTV support.

      • Okay, so far so good, but how about the signal amplifying and transmitting part?
        • by nmb3000 (741169)

          Okay, so far so good, but how about the signal amplifying and transmitting part?

          TFA discusses that:

          a $250 1-watt amplifier could cover a 1.4 square kilometer area. [...] By positioning the retransmission gear at a decent height within line of sight of a tower (on a drone, say, or on the roof of a tall building), a hacker in Flushing, Queens could deliver malicious payloads via the Home Shopping Network to a potential audience of 70,000 people per square kilometer. Or he could also hijack 10 different stations including CBS , NBC and Fox from a single antenna in the Inwood neighborhood of upper Manhattan that reaches 50,000 people per square kilometer. With a more powerful 25-watt amp (about $1,500) the hacker can cover more like 35 square kilometers, taking the reach of the attack into the hundreds of thousands of people.

  • by frnic (98517)

    Since this is SLashdot, I didn't bother reading the article - so, I am sure there is an obvious answer.

    How does someone with a LOW BUDGET even have 10's of thousands of smart tv's in range of an RF signal?

    • How does someone with a LOW BUDGET even have 10's of thousands of smart tv's in range of an RF signal?

      Rooftop, a tall tree, a drone and so on -- you just need a transmitter and a high place to go with it.

    • by MrL0G1C (867445)

      $250 for an 'amplifier' that reaches tens of thousands of people according to the article and paper.

    • by Lumpy (12016)

      NYC and find a tall building.

  • TVs have no business being on the internet, much less downloading stuff from Facebook. A TV is for watching television. How did we do it up to now, without the internet? Gee...

    • A TV is for watching television.

      I think it's for connecting game consoles, media players, and whatnot. But indeed, it has no business being "smart".

      • by Mr D from 63 (3395377) on Sunday June 08, 2014 @05:47AM (#47189555)
        Right. There is little need for TVs that tune or are smart anymore. Just need a monitor. Let separate upgradeable or replaceable devices handle video sources. Today's Smart TVs are like yesterday's TVs with the built in DVD player.
        • If space is a premium like it is in New York or other urban areas, a smart tv isn't bad value. Plus it frees up an HDMI socket. maybe Facebook integration is overboard but hulu and Netflix aren't going away for awhile. Neither is Plex or DLNA or Spotify or...

          As an aside, what I really want from a smart tv is much smarter UI. I don't think I've seen a smart tv with a decent UI. Something that makes it easy to switch the inputs, change settings, etc. also implements CEC so I can turn on my consoles or whateve

          • ^Sure, as long as you are OK with the inability to upgrade the "smart" part with better hardware, or new functionality. But as for space, their are many very small products that can mount out of sight directly on the back of the TV. I do use Netflix on my Sony TV, which is not very old, but its smart functionality is already "outdated" by newer hardware with much better performance, like the Roku3.
            • by alen (225700)

              if your TV plays Netflix and Vudu, what is the point of upgrading?

              • if your TV plays Netflix and Vudu, what is the point of upgrading?

                For one thing, Netflix may choose to end compatibility with older devices that don't support the new digital restrictions management capabilities on which its licensors insist. For another, a TV that supports only WEP won't work anymore if you upgrade your house's wireless network to better WPA family protocols.

              • DD/DTS audio for one reason. Profile compatibility for another..... and whatever future changes occur.
            • If the hardware can do on chip decoding of content at the same resolution as the native resolution of the panel, and most other changes are software, then why would I need to upgrade the hardware?

              Having it feel snappy and nice to use is a software problem

          • by Lumpy (12016)

            If you think "space is at a premium" even in a 250 sq foot apartment, that a Smart TV is a good idea, then you are nuts.

            You have a buttload of space on the back of that TV to put a Roku Box, and a Apple TV, and a XBMC box, and your Cable TV box Plus a HDMI switcher if you bought low end with less than 4 HDMI inputs. And if that space is really at a premium, then you also bought a universal remote and a IR extender so all the devices can be on the back of that TV out of the way and you have only one remote

            • by Culture20 (968837)
              In a 250 sq foot apartment, you don't even need the IR extenders. The IR will bounce off the walls easily enough.
          • by Arker (91948)
            "If space is a premium like it is in New York or other urban areas, a smart tv isn't bad value."

            If this article is to be believed it's a horrible value. The only way I would take one is if you were paying me to dispose of it.

            The article focuses on the idea of some random low-budget cracker using this, but that's missing the point entirely. It's *designed* to give the TV stations/Advertisers/Broadcasting and Marketing complex pwnership of your system from the start. Anything they send, your "smart" tv
        • by tepples (727027)
          So what device would tune OTA television broadcasts? I haven't seen a lot of OTA tuners since the end of the coupon program, and even those were required to be standard definition. And no, Netflix doesn't have sports, and online sports services black out anything shown OTA.
          • RE OTA Tuners.... I can still see keeping tuner functionality even though an ever shrinking percentage of folks actually use the tuners. There are plenty of tuner options out there, including HDHomerun's latest network tuners with DLNA support, tuner STBs, etc.

            The issue regarding netflix and sports is a separate topic, IMO, that is a fact regardless of having smart TV built in or separate.
  • by msobkow (48369)

    Looks like I just escaped disaster by not owning a TV at all. Torrents, baby, torrents and streaming.

    I honestly don't understand why people would buy a "smart" TV instead of a monitor, surround sound speakers, and plug it in to a laptop or computer. How many people really use OTA broadcasts nowadays?

    • by BitZtream (692029)

      Looks like I just escaped disaster by not owning a TV at all.

      Aren't you so special and clever.

      Torrents, baby, torrents and streaming.

      And proud to be a thief. How many legitimate sources of video are offered as torrents? I'd be interested in trying them myself.

      I honestly don't understand why people would buy a "smart" TV instead of a monitor, surround sound speakers, and plug it in to a laptop or computer.

      Then you're an idiot. Not everyone wants 3 or 4 different devices to do one simple thing. Not everyone wants to dick around keeping a computer working properly all the time.

      How many people really use OTA broadcasts nowadays?

      About 8% at last check, use OTA exclusively. Significantly more use a mix of OTA and other sources. So a significant number of people.

      Of course if you weren't so busy trying

    • by dingen (958134)

      I honestly don't understand why people would buy a "smart" TV instead of a monitor, surround sound speakers, and plug it in to a laptop or computer. How many people really use OTA broadcasts nowadays?

      Yeah, because computers aren't susceptible to attacks at all. Everyone knows there's nothing more secure than keeping an internet-connected computer running 24/7 in your house.

    • I honestly don't understand why people would buy a "smart" TV instead of a monitor, surround sound speakers, and plug it in to a laptop or computer.

      Because not having a huge noisy tower next to the TV is more spouse-acceptable [wikipedia.org] than having one. Because people don't have to keep it updated with Windows updates and antivirus updates. Because a computer's out-of-the-box interface is designed to be navigated from a desk with a mouse and keyboard rather than from a recliner with a traditional TV remote control. Because people have trouble plugging in a cable box and a BD player [slashdot.org], let alone a computer. Because some people have tried to build a home theater PC

  • by Monoman (8745) on Sunday June 08, 2014 @06:22AM (#47189625) Homepage

    I prefer my Roku 2/3 to the smart features on my TVs but it is difficult to buy a nicer TV these days without the "Smart" features included. It would be nice is if you could disable the "Smart" part of these TVs. I don't think I have seen that as an option but I guess you could just disable the networking.

    • by drinkypoo (153816)

      I don't think I have seen that as an option but I guess you could just disable the networking.

      By which you mean don't plug it in, and don't give it your wifi password? It's not like these devices get to speak on your network without you taking action.

      • What if a weird suitcase man comes into my living room, calmly chucks the ethernet cable to the TV, gives me an angry stare, and disappears behind the corner?
        • by Lumpy (12016)

          You sit there and cry because we all know that ethernet cables are impossible to unplug once they are plugged in. DAMN THEM for making them a single use permanent item!

          • by Nethead (1563)

            Hey, I've met a few RJ45s that thought they were permanent. You know the ones, thick snag guard and clip side positioned where you need a lock pick set just to release it.

      • by Monoman (8745)

        Correct in my case and probably for most /. readers.

        We all know that no manufacturer in their right minds would turn WiFi on by default and auto join any network possible. No consumer would ever have a WLAN configured to be wide open without a password. Nah, never happen. ;-)

    • by dingen (958134)

      I can turn off HbbTV support on my Smart TV, no problem. In fact I had disabled it even before I realized it could be a security hazard, as it also slows down booting and channel switching, while providing no benefit to me whatsoever.

  • News at 11. Or is it...? (organ music) Dunnn Dunnn DUNNNNNN!!!

    The article winds up with "Another fix would be to prompt users to press a button confirming their okay before an app launches on their TV, as well as regular reminders that apps are loading or running whenever they switch channels." Well, I don't look forward to having to click my remote to approve apps from my couch, but it's not exactly an emergency. Seems appropriate to wait for Miller Beer or Dr. Evil to actually execute the attempt first

  • by FuzzNugget (2840687) on Sunday June 08, 2014 @07:36AM (#47189789)

    When you make cheap, shitty, under-engineered, non-compatible systems that can't be commodotized because everyone is banking on their propriety system taking off and cornering the market... that you'll end up with a cheap, shitty, under-engineered system with major security flaws?

    Yet another reason why Smart TVs are worse than useless.

  • by citizenr (871508) on Sunday June 08, 2014 @08:21AM (#47189893) Homepage

    http://www.hides.com.tw/produc... [hides.com.tw]

    This is an USB dongle, you push TS stream into it. Bundled Opencaster software will build TS stream for you. Basically its a small Digital TV station capable of transmitting one mux.

    * DVB-T version, will not work with ATSC TVs in US. Btw LOL US and your ATSC A/53 mpeg2 "hd"tv.

  • by Yossi Oren (3686971) on Sunday June 08, 2014 @08:41AM (#47189945)

    Thanks for the comments. I hope I can clarify some of the things people said here.

    Re popularity of OTA vs. cable: Cable is more popular in the US, but that's just the US. Digital Terrestrial is much more common in other places - for example it's the most popular delivery method in Europe by far (page 39) . [europa.eu] In the US immigrants use it a lot more than US-born.

    To whomever suggested attacks via the remote control's IR port: that sounds a lot of fun to try, but the IR receiver's much less sensitive than the RF jack, it has a much lower data rate, and it needs line of sight.

    About the power calculations: 1 Watt (0 dBm) can cover an area of 1.4 square Kilometers, under reasonable assumptions. The math is in the paper.

    One last thing: A big shout-out to Martin Herfurt, whose work on HbbTV security [wordpress.com] was our starting point.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      About the power calculations: 1 Watt (0 dBm) can cover an area of 1.4 square Kilometers, under reasonable assumptions. The math is in the paper.

      I hope the math in the paper is right, then, because 1 watt would be 30 dBm. A value of 0 dBm is 1 milliwatt.
      http://en.wikipedia.org/wiki/DBm [wikipedia.org]

  • I knew the Easy Button could do a lot of things but this is just incredible

  • by kheldan (1460303) on Sunday June 08, 2014 @10:45AM (#47190327) Journal
    Tell me again why we even need 'smart TVs' in the first place?
    I'd rather spend the money on a basic TV with better picture quality and get the 'smart' part from what I connect to it (DVR in my case).
  • The problem isn't that someone can inject a fraudulent signal that does bad things. The problem is that THE OFFICIAL BROADCAST SIGNAL can include code that does bad things.

    Just because code is part of a TV broadcast doesn't mean you should trust it. Just because code is part of a TV broadcast doesn't mean it should be able to hijack your stored internet credentials and automatically log into your account on any website, and take actions on those websites as if they were you, modify the content you see on th

  • I can use a cheap, low powered transmitter to get his TV to download child porn, get out the pop corn and wait for Internal Affairs to raid his house?

  • TFA mentions NTSC. "t’s on the verge of mass adoption in the U.S. as it was recently added to NTSC standards used in North America." NTSC was the obsolete low-def video format that's no longer used. It's DEAD. HDTV is the ATSC standard. These *TSC acronyms are mutually exclusive. So right off the bat, the article is on shaky ground.

    This "hack" seems like an uncommon scenario, as top-of-the-line "smart" TVs tend to be owned by relatively affluent and as such, the cash-stocked user is probab

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...