Millions of Smart TVs Vulnerable To 'Red Button' Attack 155
An anonymous reader writes "Researchers from Columbia University's Network Security Lab discovered a flaw affecting millions of Smart TVs supporting the HbbTV standard. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to interact with any website on their behalf — Academic paper available online."
Re:It doesn't take a genius to come up with an att (Score:1, Insightful)
I disagree. That's like claiming you can hack someone's ethernet switch by writing a special html page because the traffic will simply pass through. This red button attack works differently. If I understand correctly the interactive stuff (tv guide, pause, record) is provided by the cable company. They may use an underlying feed from the broadcaster but that's it.
Re:Okay I'll be the one to say it (Score:5, Insightful)
Re:It doesn't take a genius to come up with an att (Score:5, Insightful)
Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television.
And for anyone wondering just why the hell anyone would want this, TFA clarifies:
Broadcasters and advertisers have been eager to use the HbbTV to target ads more precisely and add interactive content, polls, shopping and apps, to home viewers.
So let me get this right... "Punch the Monkey", coming to a TV near you? Flashing and bouncing "Take the "Which Ninja Turtle are you most like?" poll for a chance to win $1000!!!"? Malicious "Your TV isn't secure! Click here to upgrade!" ads that install some bullshit TV "app" that does only god-knows-what? Remote scripting running on a device designed without any security in mind, and which will probably never be updated during its 8+ year lifetime?
How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.
Re:It doesn't take a genius to come up with an att (Score:4, Insightful)
The Red button can be useful IFF there is no network connection at all (preventing most of the crap). For example, on DirecTV you can pull up sports scores, weather for your location, and such.
But over the air with a network connection? I agree with you, DO NOT WANT!
I notice they seem to have put plenty of effort into DRM in the spec to protect content providers, and none into security that would protect the owner of the TV.