×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Major Security Flaws Discovered In Internet HDTVs

Soulskill posted more than 3 years ago | from the toasters-soon-to-be-at-risk dept.

Security 128

wiredmikey writes "Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it's likely that similar security flaws exist in other Internet TVs. The security researchers were able to demonstrate how an attacker could intercept transmissions from the television to the network using common 'rogue DNS,' 'rogue DHCP server,' or TCP session hijacking techniques. Mocana was able to demonstrate that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device's Internet functionality."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

128 comments

Heh (1)

Stargoat (658863) | more than 3 years ago | (#34804310)

That could be hilarious. Oh won't someone think of the children at risk!

Re:Heh (4, Funny)

xystren (522982) | more than 3 years ago | (#34804348)

Now I got an excuse... No Honey, I wasn't watching porn, the TV just switched and it won't let me change the channel!

Re:Heh (5, Funny)

DWMorse (1816016) | more than 3 years ago | (#34804484)

To the first hacker that figures out how to Rick Roll an entire family watching a gripping TV series finale: One Internet Dollar!

Re:Heh (5, Informative)

FatdogHaiku (978357) | more than 3 years ago | (#34804844)

Re:Heh (1)

Anonymous Coward | more than 3 years ago | (#34804870)

Their really is an xkcd for everything isnt there?

Re:Heh (0)

Anonymous Coward | more than 3 years ago | (#34804940)

Yes, there is. They're all pretty awesome comics, really. I love their style.

Re:Heh (-1)

Anonymous Coward | more than 3 years ago | (#34805346)

I see you, cuddlefish. Actually for the last two years or so they've been mostly trite garbage with rare exceptions. It used to be an awesome webcomic, but the quality of the writing went majorly downhill, and now Randy is just cashing in.

Re:Heh (1)

hairyfeet (841228) | more than 3 years ago | (#34807996)

Oh no my friend, you are thinking MUCH too small! Imagine the ULTIMATE troll hack, one that would go down in history for all time! I am of course talking about replacing one of Disney's primetime product sales dressed as a show with....dum dum dum....a 3D Goatse!

All across the land one would hear all the little childrens in a unified voice say "Mooooom, there's a GIANT BUTTHOLE on the TV!" followed by all the dads saying "What, did the president interrupt programming again?". Oh it would be a classic and go down in history! For bonus points one could have the 3D Goatse bounce to the beat of "Never gonna give you up"!

As for TFA, who didn't see this coming? This is one of the reasons I say we need NAT on IPV6. Because otherwise we are gonna have tons of CCC (Cheapo Chinese Crap) consumer junk, all of which will be plugged into the Internet and most of which will have squat in the ability to update or patch, all just sitting there ripe for the picking. It'll make those XP SP2 machines still running on the net look like hardened BSD installs.

So I ask you, what better way to dramatically prove to the masses the current "plug it all into the net!" idea is flawed than by giving them a giant Goatse?

Re:Heh (1)

Hoi Polloi (522990) | more than 3 years ago | (#34804498)

Force people to watch nothing but The Jersey Shore. This could be the secret to getting people to watch it.

Outer Limits Intro ..... (5, Funny)

Anonymous Coward | more than 3 years ago | (#34804354)

"We control the horizontal."
"We control the vertical...."

Re:Outer Limits Intro ..... (1)

venuspcs (946177) | more than 3 years ago | (#34804926)

WEll they need to take control of my tv and hack a fucking web browser like Chrome into it so I can surf the internet.

Re:Outer Limits Intro ..... (1)

countertrolling (1585477) | more than 3 years ago | (#34805274)

Those controls disappeared decades ago.

Re:Outer Limits Intro ..... (4, Interesting)

tomhudson (43916) | more than 3 years ago | (#34805598)

Those controls disappeared decades ago.

FTFA:

This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer’s permission.

Screw the users. Looks like almost everyone has accepted the "you bought it but you don't control it" mentality.

Who do we blame? Steve Jobs. Verizon? Microsoft? The Supreme Court? Everyone for not making more noise?

Re:Outer Limits Intro ..... (1)

countertrolling (1585477) | more than 3 years ago | (#34805696)

Who do we blame?

I'll have to assume that's a rhetorical question, as I'm certain you know the answer :-)

Personally, I blame the voices in my head.

Re:Outer Limits Intro ..... (1)

tomhudson (43916) | more than 3 years ago | (#34805904)

Who do we blame?

I'll have to assume that's a rhetorical question, as I'm certain you know the answer :-)

Personally, I blame the voices in my head.

  1. Sit down in bus next to some total stranger
  2. Ask them if the voices in your head are bothering them - if so, you'll try to ask them to keep it down
  3. GOTO 1

Re:Outer Limits Intro ..... (1)

Ihmhi (1206036) | more than 3 years ago | (#34808090)

Those controls disappeared decades ago.

FTFA:

This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer’s permission.

Screw the users. Looks like almost everyone has accepted the "you bought it but you don't control it" mentality.

Who do we blame? Steve Jobs. Verizon? Microsoft? The Supreme Court? Everyone for not making more noise?

Wait a sec, are you saying that I could jailbreak my television? I don't know if it's incredibly awesome or incredibly depressing.

Re:Outer Limits Intro ..... (2)

russ1337 (938915) | more than 3 years ago | (#34805640)

I guess you can now apply the business meaning....

http://en.wikipedia.org/wiki/Vertical_integration [wikipedia.org] & http://en.wikipedia.org/wiki/Horizontal_integration [wikipedia.org]

The entire entertainment chain being controlled all the way vertically: entertainment production, manufacture of devices and what you can watch; and horizontally across all distribution channels and devices that you watch it on.

basically the Apple business model.

Ok now, go up a level from this article (1)

unity100 (970058) | more than 3 years ago | (#34804358)

and get to the main page. now, observe the title & summary of this article. then, gaze towards the article & summary below, while keeping this one in mind.

great timing to make a point ....

Re:Ok now, go up a level from this article (1)

xystren (522982) | more than 3 years ago | (#34804396)

I wonder if they have the same security bulletin writers as Microsoft does, it reads just like a patch Tuesday update description. No real details, except that your system can be completely compromised.

Cool ... (1)

Artem Tashkinov (764309) | more than 3 years ago | (#34804392)

but the same trick works even for unsuspicious human beings using your wireless/wired connection (you can hijack their web browser sessions, steal their credentials, etc). It's been known probably since the conception of the Internet that HTTP isn't a secure protocol - probably TV manufactures never thought of their devices to be used on [public|untrusted|malicious] networks.

Re:Cool ... (0)

Anonymous Coward | more than 3 years ago | (#34804652)

probably TV manufactures never thought of their devices to be used on [public|untrusted|malicious] networks.

as the TVs were all designed to be used on the frikkin' internet, I agree. We all trust the internet to be private and benign.

But How Connected is the TV Anyways? (2)

damn_registrars (1103043) | more than 3 years ago | (#34804404)

I have a hard time seeing a compromised TV being as much of a security risk as a compromised PC. Would a TV have your personal information on it? Probably not. Would it be able to access a computer on your home network enough to get at personal information? Seems unlikely. Sure, I suppose it may be possible for an internet TV to become a botnet agent helping in a DDoS attack or something, but even that seems like it would be of minimal utility. I don't really see a TV as being useful in pumping out spam, either, unless the manufacturers were putting mail agents in there to report problems back to the manufacturer.

Re:But How Connected is the TV Anyways? (2)

Samantha Wright (1324923) | more than 3 years ago | (#34804466)

I strongly suspect everyone here will feel much the same way, but TFA and I agree that there are a lot of people out there who are just technically challenged enough to use their web-capable TVs on sites where credit cards might be involved, or perhaps not find it surprising when attempting to purchase PPV content responds with a mysterious credit card prompt they've never seen before. The TFA also mentions scenarios where the TV's functionality could be extended, limited, or denied to the user, in addition to things like stealing browser history.

Re:But How Connected is the TV Anyways? (4, Interesting)

theNetImp (190602) | more than 3 years ago | (#34804528)

I live in Japan. We just bought a new Sony Bravia TV, and unlike the ones in the states, it contains, a hard drive, and the ability to serve as a DVR. Someone hacks into it, and can now use it to store what ever they want, even use it as part of the botnet. Think it's not a security risk now? There is a reason my Television is not connected to the internet, even though it could be connected to it.

Re:But How Connected is the TV Anyways? (0)

AngryNick (891056) | more than 3 years ago | (#34804668)

There is a reason my Television is not connected to the internet, even though it could be connected to it.

So why buy the TV?

Re:But How Connected is the TV Anyways? (-1)

Anonymous Coward | more than 3 years ago | (#34804730)

Maybe because it serves the main function of being a fucking television?!?!? Dimwit!

Re:But How Connected is the TV Anyways? (0)

Anonymous Coward | more than 3 years ago | (#34804886)

Perhaps for the integrated DVR functionality?

Re:But How Connected is the TV Anyways? (1)

IMightB (533307) | more than 3 years ago | (#34804988)

I'll bite, this is my first HDTV, I also purchased some rabbit ears and dropped my cable TV because HD cable has the same problem that SD cable has: Endless Channels of Nothing Good On.

So I manage to get by with nothing but rabbit ears and connected TV which has Netflix/Pandora/(more) was well as PS3 and my audio component stack (including Myth) connected to it.

My wife and I don't care for the vapid sheeple fodder (in HD!) that is found on TV nowadays and, with a couple of exceptions, don't follow any show religiously. The connected TV was the "Straw" that caused us to drop SD cable and just use the internet. So I guess that we're one of those customers that is causing Comcast to wet their pants right now.

Re:But How Connected is the TV Anyways? (2)

timeOday (582209) | more than 3 years ago | (#34805002)

Having my TV join a botnet still doesn't sound like that much of a crisis.

The biggest problem I do see is that my Bravia is linked to my amazon.com account. We can purchase streaming movies with a few remote control key-presses. So I would guess if my TV is cracked, the thieves could go on an amazon shopping spree with my account.

But then, I've had credit cards compromised before (both personal and corporate). They were resolved with a couple phone calls, and I wasn't liable for anything.

So I am not going to worry about it, much less go without Netflix or Amazon streaming "just in case." This is a problem that Sony should be all over (assuming they are one of the affected brands) - I know they can update the TV software whenever they want.

Re:But How Connected is the TV Anyways? (0)

Anonymous Coward | more than 3 years ago | (#34805024)

The UNIX design philosophy. Do one thing and do it well. Don't be a television and a web browser and a DVR and a DVD player. Be just a television. Be just a DVR. Be just a DVD player. One day I joked about needing anti-malware tools on all of your appliances. It seems like that's becoming less of a joke and more of a reality.

Re:But How Connected is the TV Anyways? (2)

Sloppy (14984) | more than 3 years ago | (#34805300)

Saying "don't be a television and a web browser" is like pointing at a PDP11 running Unix and saying, "Don't be a document editor and also a formatter and also a C compiler." You're trying to apply the Unix philosophy at the wrong level. Look inside and then you'll see it. There's a codec library (and/or hardware) that does one thing well, and is used as part of many applications, just like "sed" is.

Re:But How Connected is the TV Anyways? (1)

fluffy99 (870997) | more than 3 years ago | (#34807210)

These internet capable TVs are running a Linux kernel. There really is a lot you can do with them with the right knowledge. Would it really be that hard to spoof a connection to the firmware update site and pass custom firmware back to the TV? Or send commands back to the TV to dump its memory for you, thereby giving up your Amazon account info? Maybe even a small routine to sniff the local wire for your credentials and email them out?

It's really not as far fetched as you think.

Re:But How Connected is the TV Anyways? (5, Insightful)

multisync (218450) | more than 3 years ago | (#34805156)

it contains, a hard drive, and the ability to serve as a DVR. Someone hacks into it, and can now use it to store what ever they want, even use it as part of the botnet

I would be more concerned with entertainment companies "hacking in to it" to remove programs you might be storing. The Kindle experience has shown us that devices that can be remotely accessed by the vendor can not be trusted.

I'll stick with dumb devices that simply do what I tell them.

Re:But How Connected is the TV Anyways? (1)

Paradise Pete (33184) | more than 3 years ago | (#34805224)

We just bought a new Sony Bravia TV, and unlike the ones in the states, it contains, a hard drive, and the ability to serve as a DVR.

Which model is it? I can't even find it online.

Re:But How Connected is the TV Anyways? (1)

Rob the Bold (788862) | more than 3 years ago | (#34805594)

I live in Japan. We just bought a new Sony Bravia TV, and unlike the ones in the states, it contains, a hard drive, and the ability to serve as a DVR. Someone hacks into it, and can now use it to store what ever they want, even use it as part of the botnet. Think it's not a security risk now? There is a reason my Television is not connected to the internet, even though it could be connected to it.

Emphasis mine.

Let me be a "Devil's Advocate" here". If it's not hurting me, it's not really a security risk, right? Really more of an annoyance if I noticed my storage space reduced or somehow noticed a performance problem. Why are there millions of PC out there in botnets? Same reason, I suppose. "My PC has been a little slow lately, but I can still use it. I'll have my geek brother-in-law take a look at it some time if I think of it."

OK, so that attitude is horrifying to us geeks. But to your average PC user -- and perhaps even more so to your average TV watcher -- it's perfectly rational. If it's more of a hassle to prevent or fix it than it is to live with it, you live with it.

Oooh. I've got a car analogy. My wife busted the right rear-view mirror on her car backing out of the garage. (Not her fault, of course, it was dark. And she was tired.) She could get it fixed. I would on my car, it would annoy the hell out of me. Every time I went to check the mirror I'd notice that it was shattered and I have to replace it. But my wife is perfectly willing to accept the slight degradation of visibility instead of the hassle and cost of the repair. It probably raises the likelihood of an accident a little, but not so much that it bothers her.

Re:But How Connected is the TV Anyways? (2)

Tuoqui (1091447) | more than 3 years ago | (#34804570)

It would become trivially easy to DOS attack someone's TV by making it display nothing but goatse and 2girls1cup.

Re:But How Connected is the TV Anyways? (0)

Anonymous Coward | more than 3 years ago | (#34805084)

It would become trivially easy to DOS attack someone's TV by making it display nothing but goatse and 2girls1cup.

I would totally pay extra for that.

Re:But How Connected is the TV Anyways? (1)

bickerdyke (670000) | more than 3 years ago | (#34804600)

I have a hard time seeing a compromised TV being as much of a security risk as a compromised PC. Would a TV have your personal information on it? Probably not.

Definitly yes.

Facebook updates, Email alerts and incomming IM messages superimposed over the tc picture probably would be the favourite apps. And they all need your login credentials.

Re:But How Connected is the TV Anyways? (3, Informative)

IMightB (533307) | more than 3 years ago | (#34804678)

The one that I just got supports external HDD's, USB Cameras, wired, wireless, HTTP (via vieracast). Granted, the TV's OS is very limited, but it supports enough that it could be very damaging if compromised.

For instance, my TV currently has stored in it passwords for my Skype/Netflix/Pandora accounts as well as my WPA2 creds.

The very limited VieraCast interface simply uses HTTP to generate it's menus and people have already started to use squid/DNS redirecting to do things like stream from Myth etc etc.

This guy so far seems to have made the most progress.

http://customvieracast.blogspot.com/ [blogspot.com]

Re:But How Connected is the TV Anyways? (3, Funny)

nospam007 (722110) | more than 3 years ago | (#34804710)

"Would a TV have your personal information on it? Probably not."

How about the kiddie/personal porn on the USB HD attached directly to the TV?

Re:But How Connected is the TV Anyways? (1)

Charliemopps (1157495) | more than 3 years ago | (#34804802)

The limitation on what a compromised device can do is it's internet connection, not the processor. An compromised HDTV that has web browsing is capable of doing anything a compromised PC can. Not to mention the fact that the HDTV probably has the users login information for netflix and the like stored un-encrypted. I also doubt its all that easy to patch the TV.

Re:But How Connected is the TV Anyways? (5, Informative)

LordLimecat (1103839) | more than 3 years ago | (#34804866)

1) Set up ssh and dynamic dns on compromised TV, or perhaps a cron job to do a reverse SSH tunnel every so often (to bypass firewall). Now you know where this connection is, at all times, and have full control, at any time.
2) Set up BIND DNS, set to forward to whatever malicious DNS server you want.
3) Either set up a phony DHCP server, and/or do some arp poisoning so that all traffic to the internet is routed thru the TV.
4) Control the entire household's internet connection -- rewriting HTTP pages, sending whatever DNS responses you want (Google? SURE, its this IP here in china!), capturing passwords (redirecting HTTPS to HTTP so that cert errors dont occur, or inserting non HTTPS javascript to capture the password), etc.

ANY smart device on a home network has the potential to wreak massive havok on that network.

Re:But How Connected is the TV Anyways? (1)

damn_registrars (1103043) | more than 3 years ago | (#34805392)

I pondered the possibility of that happening on a TV. And indeed, it seems like a pretty solid way to do it, however there is one large hurdle to clear - actually getting the applications to run on the TV. Are all the internet connected TVs using the same CPUs and operating systems? If not you would need to craft ways to deploy your requisite applications for each CPU/OS combination (not to mention you would of course need compatible binaries for each of them).

Sure, you can run SSH and some of the others through Java, which may clear the CPU/OS hurdle (assuming of course that the set runs Java fairly well) but then how will you get them to run when you want?

Basically, I'm not sold that it would be worth a hacker's time to do it. Someone will probably prove me wrong on this matter, but I don't see why it would be worthwhile at the moment.

Re:But How Connected is the TV Anyways? (1)

John Hasler (414242) | more than 3 years ago | (#34805692)

Are all the internet connected TVs using the same CPUs and operating systems? If not you would need to craft ways to deploy your requisite applications for each CPU/OS combination (not to mention you would of course need compatible binaries for each of them).

Crafting a piece of malware that could compromise several tens of millions of TVs would be worth doing even if there were tens of millions of others that it would not run on.

Sure, you can run SSH and some of the others through Java, which may clear the CPU/OS hurdle (assuming of course that the set runs Java fairly well) but then how will you get them to run when you want?

The bot will run whenever the set is on, of course.

Re:But How Connected is the TV Anyways? (1)

damn_registrars (1103043) | more than 3 years ago | (#34808220)

Are all the internet connected TVs using the same CPUs and operating systems? If not you would need to craft ways to deploy your requisite applications for each CPU/OS combination (not to mention you would of course need compatible binaries for each of them).

Crafting a piece of malware that could compromise several tens of millions of TVs would be worth doing even if there were tens of millions of others that it would not run on.

I agree with that logic. However the question there is at what point will there be tens of millions of internet-connected TVs that are capable of running the same malware by exploitation of the same vulnerability?

Sure, you can run SSH and some of the others through Java, which may clear the CPU/OS hurdle (assuming of course that the set runs Java fairly well) but then how will you get them to run when you want?

The bot will run whenever the set is on, of course.

Which, depending on the TV and its usage pattern, might not end up being all that useful for the botnet master.

Re:But How Connected is the TV Anyways? (1)

zwei2stein (782480) | more than 3 years ago | (#34804946)

Compormised TV will be actually attack PC over lan.

This is valuable when NAT/Firewall is in picture - PC owner might be shielded from attacks by simply not having public IP or because ISP set up firewall.

Re:But How Connected is the TV Anyways? (1)

drinkypoo (153816) | more than 3 years ago | (#34805258)

As the PC becomes more secure there will be a push to find other devices in your house to use as botnet nodes.

Re:But How Connected is the TV Anyways? (3, Funny)

countertrolling (1585477) | more than 3 years ago | (#34805290)

I don't really see a TV as being useful in pumping out spam...

Approximately 16 minutes of every hour is devoted to spam... formerly known as "bathroom breaks"

Re:But How Connected is the TV Anyways? (1)

John Hasler (414242) | more than 3 years ago | (#34805738)

I don't really see a TV as being useful in pumping out spam, either, unless the manufacturers were putting mail agents in there to report problems back to the manufacturer.

The bot will have a built-in MTA, of course. More likely they will primarily be interested in stealing credentials, though.

Go back to dumb devices (3, Interesting)

GrumblyStuff (870046) | more than 3 years ago | (#34804434)

I hate how all these "smart" ones can be tricked into doing nefarious deeds.

Re:Go back to dumb devices (0)

Anonymous Coward | more than 3 years ago | (#34804680)

But the marketing term "smart" brings in far too much money

Re:Go back to dumb devices (0)

Anonymous Coward | more than 3 years ago | (#34805622)

I hate how all these "smart" ones can be tricked into doing nefarious deeds.

Nothing says you have to plug them into the network.

The feature is there if you want it; if you don't, just use it like a "dumb" device.

Re:Go back to dumb devices (1)

GrumblyStuff (870046) | more than 3 years ago | (#34806100)

Unless I'm required to update it so I can watch OTA stations or cable or newly released movies.

In any case, I'd prefer not to anything extra I won't use that will pad the cost and allow for possible software bugs. And how long will it be before they're all wireless? What then? Cover my TV with aluminum foil?

Now why can't the hackers go fo cable box free HBO (1)

Anonymous Coward | more than 3 years ago | (#34804514)

Now why can't the hackers go for the cable box and hack us some free HBO

they do (0)

Anonymous Coward | more than 3 years ago | (#34805886)

and get free uncapped unlimtied internet

So, basically... (2)

msauve (701917) | more than 3 years ago | (#34804522)

If you have control over the network infrastructure, you can give a host DHCP/DNS info which might not be right and make it go where you want.

Major automotive security alert!!11!!! If someone steals your car, they get the stuff inside, too.

Ok, so... (1)

yabos (719499) | more than 3 years ago | (#34804604)

If someone gets into your home network, maybe they can mess with your TV... I think maybe you would have bigger problems if someone was actually able to get on your network, since they could do many worse things.

Javascript is becoming a major plague (3, Insightful)

Anonymous Coward | more than 3 years ago | (#34804620)

Of course, the language per se is innocent. But embedding programmability in everything (Web pages, PDF what not) is becoming the biggest security nightmare all around. And the Web Masters want to entice us to be part of the fray. Quoth slashdot:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Thanks, but no, thanks. I might not want anything (Classic needs cookies, bad Fido, no cookies for you today). Quoth again Slashdot [slashdot.org]:

Why does "This Function Require JavaScript?"

Welcome to the now, man!
[...]

Well, thanks again, but no, thanks. I'm getting pretty well along without my browser executing random stuff from out there (in most cases in ain't even malicious, but wickedly bad programming, just DOSing my computer).

Meh.

Re:Javascript is becoming a major plague (0)

Anonymous Coward | more than 3 years ago | (#34805924)

Computer security 101:
When you run untrusted code on your computer, it is no longer your computer.

Re:Javascript is becoming a major plague (1)

VortexCortex (1117377) | more than 3 years ago | (#34806252)

Computer security 101:
When you run untrusted code on your computer, it is no longer your computer.

Esp. When the "untrusted" JavaScript code is compiled by IE's, Chrome's, and Firefox's engine into machine code on the fly... It's supposed to be run in a VM or interpreted, yet for the sake of speed we run it as machine code right on the metal -- Goodbye Sandbox!

Re:Javascript is becoming a major plague (1)

noidentity (188756) | more than 3 years ago | (#34806072)

I was trying to use Sprint's web site to see whether their cellphone service was worth using. It seemed to require JavaScript, the latest Flash, a fast web connection, and the latest web browsers to even show any useful content. Lacking all these, I had to give up.

Flaws in a TV? (1)

Wowsers (1151731) | more than 3 years ago | (#34804660)

Forget the security flaws, the ability to stream content to a HDTV is so variable, that you don't know if a set will actually cope with steaming until you buy it. So much for standards. Now THAT is a flaw! So that's why I've not bought a HDTV, and stick to a PC with a HD monitor - at least the computer can play anything I throw at it - and without wasting more electricity transcoding the content into something the TV might like.

Linux (4, Interesting)

tsa (15680) | more than 3 years ago | (#34804672)

Don't most of the newer TVs run Linux? My father's LG does. So it's entirely possible that the first real viruses for Linux will run on TVs rather than normal computers.

Re:Linux (1)

cyber-vandal (148830) | more than 3 years ago | (#34805792)

My Sony Bravia certainly does. Now we see if the MS shills' predictions of Linux being hacked as much as Windows come true, given that it seems to be in everything from TVs to ebook readers to mobile phones these days.

Re:Linux (1)

Joe Snipe (224958) | more than 3 years ago | (#34805974)

How can you tell? Can you get a shell? Can you get busybox running? I'd love to get into my tv.

Re:Linux (1)

fluffy99 (870997) | more than 3 years ago | (#34807290)

Network scanners like nmap show it running a linux kernel. I understand the Samsung TVs are also running Linux and there is a hack to get to a shell on them.

Rogue DHCP server? (4, Funny)

WD (96061) | more than 3 years ago | (#34804784)

Well that's just great! You're telling me it's not safe to lug my HDTV into Starbucks anymore?

User permission (3, Insightful)

Gumshoe (191490) | more than 3 years ago | (#34804930)

This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission.

Surely that should read, "without the user's permission".

Re:User permission (1)

wvmarle (1070040) | more than 3 years ago | (#34805572)

This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission.

Surely that should read, "without the user's permission".

What's the difference? Don't think that when you buy such a device you're the owner/user in this day and age. You're not. You're a consumer, no more no less. Your only job is to consume content, preferably pay every time, or at least watch the commercials. You may have some influence on what you get to watch, but the manufacturer controls the list you can choose from.

So now get back to that sofa, commercial break is starting in a moment.

Re:User permission (1)

Rob the Bold (788862) | more than 3 years ago | (#34805626)

This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission.

Surely that should read, "without the user's permission".

I guess it depends on who owns your TV. Certainly sounds in this case like the author believes you've just licensed it.

Re:User permission (2)

fluffy99 (870997) | more than 3 years ago | (#34807334)

This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission.

Surely that should read, "without the user's permission".

No that's probably correct. The manufacturer probably uses the same chassis and hardware across many models, and the only difference is the software features. Another similar example is Video cards where the lesser models simply have a few cores turned off in the GPU. Enabling those features would give you the equivalent of the more expensive model.

Sensationalist crap (0)

Anonymous Coward | more than 3 years ago | (#34805004)

"...using common 'rogue DNS,' 'rogue DHCP server,' or TCP session hijacking techniques..."

Any given device on an average home network can be "hacked" in the same way. This is not news.

Solution! iptvtables and ipv6tables (1)

Sulfate (1972932) | more than 3 years ago | (#34805116)

Solution! ipTVtables and ip6TVtables squidTVguard,

alternatively NETBSDTV ;o)

Same old same old (1)

Sloppy (14984) | more than 3 years ago | (#34805158)

People are selling personal computers that come preloaded with insecure software? I'm shocked!

Oh, the personal computer is called something else, "internet TV," so that makes this news.

Re:Same old same old (1)

wvmarle (1070040) | more than 3 years ago | (#34805652)

There is another difference.

People by now are used to having to update the software on their computer regularly. This is not a multi-purpose computer - this is a specialised device. Not many people, if any, are used to update the software on a device - that was until now generally not an issue, if possible in the first place. Even on modern devices it's, in my experience, not that easy anyway.

Point in case: I'm having problems updating my LG smart phone: the Android update software, Windows only, fails to recognise my phone when running in VirtualBox. Windows itself detects it just fine though. No matter what you have to connect it to another computer first, hunt down update software (that wasn't easy! Really well hidden on LG's web site!), and hope it works. It can't be done on the phone itself - it only gives a notice that updates are available without instructions on how to install them. I don't have a Windows partition, all my other Windows needs (e-banking) are fulfilled with that virtual machine. Having to install an alternative O/S just to update my phone... which is Linux based to begin with... ridiculous.

An Internet-TV falls under the "device" class, and as such is generally expected to "just work", and have no way to install software or updates. Like my DVD player, my all-in-one printer, and many other pretty smart devices with lots of functionality. As far as I know there is no (easy, user serviceable) way to upgrade their software.

Re:Same old same old (1)

cyber-vandal (148830) | more than 3 years ago | (#34805818)

My Sony TV has an update firmware facility. I'm not sure I'd want to risk bricking my TV though. As to LG, well after my experience with the shoddy firmware on the Viewty (that LG refused to update) I wouldn't bother buying another.

Re:Same old same old (1)

fluffy99 (870997) | more than 3 years ago | (#34807458)

the Android update software, Windows only, fails to recognise my phone when running in VirtualBox. Windows itself detects it just fine though.

VirtualBox has flaky USB support in my opinion. Try something stable like VMWare. Try booting from a copy of the Ultimate Boot Disk for Windows and see if the updater will run from there. Was your VirtualBox Windows install done with nlite? That might be your problem as well.

DFu3k!? (-1)

Anonymous Coward | more than 3 years ago | (#34805404)

To yet another is the ultimate conglomerate in the Most people into a philosophies must 200 running NT gawXker At most

Make moneys with it.... (0)

Anonymous Coward | more than 3 years ago | (#34805628)

1. Make antivirus and antispyware software for smart TV's.
2. Pwn teh markets....
3. Profitzzzzzzzz

WHat for??? (1)

hesaigo999ca (786966) | more than 3 years ago | (#34805750)

When you can plug your computer into the back of the tv and use it as a screen, why give the tv functionality of a computer
where can you install the AV or firewall or malware programs on your tv, you cant, yet even M$ says you need those if you want to surf the web, the guy who thought of adding the browser to the tv was an idiot....sorry for saying...especially when i can just hook mine up and do the exact same thing by using the tv as my screen......!

you can pretend to leak it (-1)

Anonymous Coward | more than 3 years ago | (#34805778)

IM still not buying one.

DO so and your supporting DRM and hollywood.
BAD
here me
BAD
ask the rabbit up the line he'll tell ya/

missing the point (1)

seanadams.com (463190) | more than 3 years ago | (#34806042)

If you are worried that someone can change what's on your TV you are missing the point. The real concern is that by rooting your TV (which might have a linux shell for example) this can then be used as a vector to access anything on your home network that would otherwise be protected by NAT/FW. More sophisticated users would be well advised to set up a separate guest LAN that can only get straight out to the net.

Uh... (0)

Anonymous Coward | more than 3 years ago | (#34806536)

How is this news? Isn't broadcast TV already controlled by deviant malicious people? (eg: Rupert Murdock, Ted Turner)

The worst we're going to have is more porn (now available in various flavors on channels 100-500 on cable), infantile crap passing as comedy (currently on all major networks), and "info-tainment" passing as news (now available on about 500,000,000 blogs). The horror....

I fail to see how breaking fundamentally insecure communications protocols counts as news. Not only are the protocols insecure, but the original engineers knew it at the time. They never intended the "pilot program" of IPv4 to be used the way it is.

Dumb (0)

Anonymous Coward | more than 3 years ago | (#34806566)

Ther person would have to goto your house and setup a DHCP server. They might as well pick up your TV remote and download the software into it at that point. Dumb article for dummies.

The ethernet socket on my LG TV has never worked (1)

ross.w (87751) | more than 3 years ago | (#34807494)

Perhaps that's just as well then, maybe I should stop complaining even though it's a feature I paid for and never got.

Why not set top boxes? (1)

Vegan Pagan (251984) | more than 3 years ago | (#34807818)

Running a wide variety of apps on a TV has tremendous potential, but just as with PCs, game consoles and smartphones, the tech is changing so fast that the user will need to overhaul it every few years, so this tech should be implemented as set top boxes. Nobody wants to throw out their whole TV just because one small part of it is obsolete.

What a freakin' surprise (0)

Anonymous Coward | more than 3 years ago | (#34808272)

Anyone who didn't see this coming should be sentenced to working on a PCjr and 300 baud modem for the next 5 years.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...