Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Television IT Hardware

Millions of Smart TVs Vulnerable To 'Red Button' Attack 155

An anonymous reader writes "Researchers from Columbia University's Network Security Lab discovered a flaw affecting millions of Smart TVs supporting the HbbTV standard. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to interact with any website on their behalf — Academic paper available online."
This discussion has been archived. No new comments can be posted.

Millions of Smart TVs Vulnerable To 'Red Button' Attack

Comments Filter:
  • by Anonymous Coward on Sunday June 08, 2014 @05:47AM (#47189445)

    I disagree. That's like claiming you can hack someone's ethernet switch by writing a special html page because the traffic will simply pass through. This red button attack works differently. If I understand correctly the interactive stuff (tv guide, pause, record) is provided by the cable company. They may use an underlying feed from the broadcaster but that's it.

  • by Mr D from 63 ( 3395377 ) on Sunday June 08, 2014 @06:47AM (#47189555)
    Right. There is little need for TVs that tune or are smart anymore. Just need a monitor. Let separate upgradeable or replaceable devices handle video sources. Today's Smart TVs are like yesterday's TVs with the built in DVD player.
  • Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television.

    And for anyone wondering just why the hell anyone would want this, TFA clarifies:

    Broadcasters and advertisers have been eager to use the HbbTV to target ads more precisely and add interactive content, polls, shopping and apps, to home viewers.

    So let me get this right... "Punch the Monkey", coming to a TV near you? Flashing and bouncing "Take the "Which Ninja Turtle are you most like?" poll for a chance to win $1000!!!"? Malicious "Your TV isn't secure! Click here to upgrade!" ads that install some bullshit TV "app" that does only god-knows-what? Remote scripting running on a device designed without any security in mind, and which will probably never be updated during its 8+ year lifetime?

    How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.

  • by sjames ( 1099 ) on Sunday June 08, 2014 @06:11PM (#47191975) Homepage Journal

    The Red button can be useful IFF there is no network connection at all (preventing most of the crap). For example, on DirecTV you can pull up sports scores, weather for your location, and such.

    But over the air with a network connection? I agree with you, DO NOT WANT!

    I notice they seem to have put plenty of effort into DRM in the spec to protect content providers, and none into security that would protect the owner of the TV.

"We don't care. We don't have to. We're the Phone Company."