Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spoiler Alert: Your TV Will Be Hacked

Soulskill posted more than 2 years ago | from the let's-hope-so dept.

Security 211

snydeq writes "With rising popularity of Internet-enabled TVs, the usual array of attacks and exploits will soon be coming to a screen near you. 'Will Internet TVs will be hacked as successfully as previous generations of digital devices? Of course they will. Nothing in a computer built into a TV makes it less attackable than a PC. ... Can we make Internet TVs more secure than regular computers? Yes. Will we? Probably not. We never do the right things proactively. Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection.'"

cancel ×

211 comments

Heh (5, Funny)

jeesis (2494876) | more than 2 years ago | (#39720823)

No longer will I need a universal remote to screw with the neighbors television.

Re:Heh (5, Interesting)

AmiMoJo (196126) | more than 2 years ago | (#39721365)

I recently got a Panasonic smart TV. There is an Android app that lets you control it from your phone/tablet, and you can push photos and video directly from the device onto the TV screen. It works over wifi and there isn't any kind of authentication or code. In other words if your neighbours have insecure wifi and a Panasonic TV you and display whatever you like on their screen.

I'm sure many other smart TV platforms are similarly insecure, in that they assume your wifi network is a secure environment.

Re:Heh (2)

Eraesr (1629799) | more than 2 years ago | (#39721729)

My Samsung can do the same (although I don't need a separate app for it, my HTC Sensation has support for Wifi media player devices out-of-the-box) but on the TV I do need to explicitly grant the device access to my TV.

The revolution (1)

Anonymous Coward | more than 2 years ago | (#39720839)

will be H4X0R3D

Re:The revolution (1)

Anonymous Coward | more than 2 years ago | (#39720911)

will be H4X0R 3D

Please God no! No more 3D crap.

Re:The revolution (2)

dmacleod808 (729707) | more than 2 years ago | (#39721419)

My crap is already in 3D...

Re:The revolution (1)

Anonymous Coward | more than 2 years ago | (#39721613)

Two words: Goatse TV.

Scariest thing ever; worse in 3D.

Priceless (0)

Anonymous Coward | more than 2 years ago | (#39720841)

"But cracking your main target while pirating porn with your buddies and taking over the whole company? Priceless."

:O( (0)

docilespelunker (1883198) | more than 2 years ago | (#39720867)

I just got an internet enabled TV and now you tell me!

Re::O( (0)

ByOhTek (1181381) | more than 2 years ago | (#39721013)

Heh, the predictability of this is why I've avoided them.

Think! (4, Interesting)

flyneye (84093) | more than 2 years ago | (#39721113)

Think once,
Think twice,
Think don't watch television. It was never beneficial. It soaks up valuable internet/gaming time. Pay t.v. is never worth the cost.
Just another screen to clean.It encourages relatives/loafers to hang around your place eating your food for longer than normal.
Whatever is on will just piss you off / bore you. It's just re-runs anyway. Just take it to Salvation Army and get a donation receipt for tax purposes.

Re:Think! (1)

Jeff DeMaagd (2015) | more than 2 years ago | (#39721397)

You can't do gaming on a TV? Which universe is this again?

I don't know about this screen cleaning thing, I've not needed to clean my screen in a while. Maybe the ones I own have an anti-static coating on them.

Re:Think! (4, Funny)

Anonymous Coward | more than 2 years ago | (#39721497)

Oh hey, it's you:
http://www.theonion.com/articles/area-man-constantly-mentioning-he-doesnt-own-a-tel,429/

Get off your high horse. There are plenty of good, informative shows for intelligent people to watch. And despite the popular meme, there actally are shows that are pretty well done. Not everything on TV is lowest-common-denominator crap.

Re:Think! (2)

KGIII (973947) | more than 2 years ago | (#39721835)

Yip. I watch pretty much nothing but documentaries. Of course, because cable companies are retarded (or smart actually), I have to pay a lot more than I should for the privilege. I had to upgrade to the digital package with a bunch of silly channels that I've never watched just to get BBC America, The Military Channel, Planet Green, The Science Channel, and History International (H2 now).

Re:Think! (0)

Anonymous Coward | more than 2 years ago | (#39721797)

I was with you up to the Salvation Army part. My TV still makes a darn-nice media PC monitor.

But I quit watching "regular TV" over a decade ago. The only time it seems to affect me is when I walk into a group of people who are stressed out over Survivor or American Idol or something.

Re::O( (0)

Anonymous Coward | more than 2 years ago | (#39721377)

I wouldn't worry too much about it, while Internet TVs being hacked will happen, it won't be a common occurrence. While it is a computer, it doesn't have a general purpose OS, and you don't execute arbitrary code on it. You're not downloaded random programs off the internet and running them, and the attack footprint is very small. Assuming that you're not crazy enough to have a TV with a public IP address, hacking a TV would require some kind of browser drive by, which just isn't that practical, since it would likely have to be tailored to your specific model. I mean, for comparison, there have been a few million PS3's and XBox360's online for the last 5 years, how often do you hear about them getting hacked (for the meaning of "hacked" being used in TFA). And a game console is much closer to a general purpose OS than a TV, and the quantity of units in the wild would make either console a much more tempting target than any given model of TV.

Re::O( (1)

swalve (1980968) | more than 2 years ago | (#39721853)

I would be surprised if they weren't running some kind of GPOS. I just assumed they were running some kind of Linux.

Shopping channels (1)

sTERNKERN (1290626) | more than 2 years ago | (#39720875)

As long as the h4ckZ0rs only switch my channel from NatGeo to CNN I do not really care much, but I bet they will be after things like credentials of people buying stuff on shopping channels.

Re:Shopping channels (1)

pegdhcp (1158827) | more than 2 years ago | (#39720901)

"Here goes your facebook ID, oops so bad, you had a bank account interconnected to it...."

I do not think it can be even sued properly, so many layers between you and the potential attacker... I am in the sector and so many (naive??) developers believe that the platform OS being Unix, mostly Linux, makes the device secure enough. This is due to the fact that most developers are from household appliance backgrounds, not from the jungle called Internet...

Re:Shopping channels (2)

ArsenneLupin (766289) | more than 2 years ago | (#39720963)

"Here goes your facebook ID, oops so bad, you had a bank account interconnected to it...."

That would be Paypal ID, not facebook, and it's not as if nobody had told you so already one million times [paypalsucks.com]

Re:Shopping channels (1)

Anonymous Coward | more than 2 years ago | (#39721291)

Actually there are a lot of MMO's and gaming portals that you don't even have to sign up for anymore if you have a facebook account because they're tied into facebook now. So you might have a bank account tied to a facebook account in ways you might have not thought of.

Re:Shopping channels (1)

mehrotra.akash (1539473) | more than 2 years ago | (#39721739)

There are also banks that are making FB apps for account access
Read only for now thankfully

Re:Shopping channels (2)

ArsenneLupin (766289) | more than 2 years ago | (#39720953)

As long as the h4ckZ0rs only switch my channel from NatGeo to CNN I do not really care much,

Na, they'll switch your channel from Disney Channel to Playboy instead, and then you will care...

Re:Shopping channels (2)

neyla (2455118) | more than 2 years ago | (#39721025)

Why would you care about that ?

Re:Shopping channels (4, Funny)

ByOhTek (1181381) | more than 2 years ago | (#39721185)

I'd care. Huge improvement. Have you seen the shit they throw out on Disney? You can at least expect a tolerable plot from Playboy.

Re:Shopping channels (0)

Tukz (664339) | more than 2 years ago | (#39721367)

But the girls on Disney is usually hotter than the girls on Playboy...

Re:Shopping channels (2)

philip.paradis (2580427) | more than 2 years ago | (#39721509)

You're not supposed to use Toys 'R Us as a place to meet new girlfriends, unless you're talking about the moms.

Re:Shopping channels (1)

Khyber (864651) | more than 2 years ago | (#39721405)

"You can at least expect a tolerable plot from Playboy."

I work in a porn shop, this statement is about as far from the truth as one could possibly get.

Everyone knows you get Playboy for the commentary/articles, not the plot or girls.

FFS their Jan/Feb 2012 issue was of Lindsey Lohan, photoshopped to hell and back.

Re:Shopping channels (3, Funny)

FaxeTheCat (1394763) | more than 2 years ago | (#39721743)

FFS their Jan/Feb 2012 issue was of Lindsey Lohan, photoshopped to hell and back.

And I thought photoshopping was used to to improve pictures...

Re:Shopping channels (0)

Anonymous Coward | more than 2 years ago | (#39721873)

It's literally like someone at the Disney Channel ran out and bought Sitcoms for Dummies and then stole all the examples in chapter 1. Finding out Disney has no integrity is a worse kick to the inner-child nuts than learning the truth about about Santa Claus.

Re:Shopping channels (0)

Anonymous Coward | more than 2 years ago | (#39721637)

Never mind the content - how about the recent MS patent for automatic micropayments on cable for skipping commercials, re-watching a recording, etc? That could be just plain "mischief" to run up someone else's cable bill.

Re:Shopping channels (0)

Anonymous Coward | more than 2 years ago | (#39721037)

Scratch that, reverse it.

Re:Shopping channels (1)

ByOhTek (1181381) | more than 2 years ago | (#39721187)

Sadly, it's more like they would switch your TV to a cycle of shock images such as goatse, tubgirl and lemonparty.

Gonna need.. (0)

sociocapitalist (2471722) | more than 2 years ago | (#39720891)

...an axe then as I don't have IP on my telly...

Non-functional requirements (4, Insightful)

thsths (31372) | more than 2 years ago | (#39720895)

These are often forgotten by engineers. Usually they are formulated as thing you do not want your TV to do:

- not damage your furniture
- not start a fire
- not weight a ton
- not hack your network

You would think these are simple and logical expectations. The problem is, they are hardly good marketing, so they may not receive the necessary priority. But they can be very bad marketing if a story hits...

Re:Non-functional requirements (5, Insightful)

Jeff DeMaagd (2015) | more than 2 years ago | (#39721375)

Why blame the engineers for that? The engineers that I know are trying to make things the best they can be, but they're prevented by short-sighted penny pinchers that make constricting demands.

Re:Non-functional requirements (1)

wed128 (722152) | more than 2 years ago | (#39721693)

That's the hell I live in! MOD PARENT UP!

Barney (2, Funny)

DarkXale (1771414) | more than 2 years ago | (#39720897)

One day, our TVs shall be hacked, and they shall show nothing but that damned purple Dinosaur.

Re:Barney (2)

geekmux (1040042) | more than 2 years ago | (#39720971)

One day, our TVs shall be hacked, and they shall show nothing but that damned purple Dinosaur.

The new goatse...only much more offensive.

Re:Barney (1)

FudRucker (866063) | more than 2 years ago | (#39721199)

you can now get goats.cx in high definition, you'll be able to count the pubic hairs that border around the event horizon

Can't hack what you don't have (-1, Redundant)

wickerprints (1094741) | more than 2 years ago | (#39720939)

I don't have a TV. At some point, I simply stopped needing one. Don't really watch movies, and the few that I do, I watch on my computer because I'm not one of those folks who feels like they need to stare at a five foot wide display in order to enjoy it.

If anything, I'd be more worried about a future in which networking technology is built into cars or other devices that might actually have life-or-death consequences should they fall prey to malicious exploits. Some things just don't need to be online.

Re:Can't hack what you don't have (5, Funny)

DNS-and-BIND (461968) | more than 2 years ago | (#39721163)

OpenBSD (1)

Anne Thwacks (531696) | more than 2 years ago | (#39720951)

Please can we have a list of TVs capable of running OpenBSD?

Or even NetBSD?

Re:OpenBSD (0)

Anonymous Coward | more than 2 years ago | (#39720999)

NetBSD only runs on toasters.

Re:OpenBSD (0)

Anonymous Coward | more than 2 years ago | (#39721407)

What, your toaster doesn't have a TV on it? Fucking Luddite.

Why not yet ? (5, Interesting)

nonos (158469) | more than 2 years ago | (#39720957)

I'm wondering why my tv hasn't been hacked with air waves : one morning, I switched it on and it told me a firmware update had been uploaded over the air during the night.

What can stop hackers to send rogue fw updates over the air ?

Also, is it possible to exploit mpeg2 video decoder bugs to takecontrol of tv ?

Any info of previously discovered hacks of this kind ?

Re:Why not yet ? (2)

profplump (309017) | more than 2 years ago | (#39721333)

Appliances with heavy compute loads typically have dedicated hardware (or at least an FPGA) to do their primary task -- your TV almost certainly does demuxing, MPEG decoding, and AC3 decoding outside the main CPU. So even assuming a poorly written software the hardware design does quite a bit to protect you from inline attacks.

You'd probably have better luck attacking something like the closed-caption system, or the virtual channel number or the like. That stuff is low-bandwidth enough that it may happen on the main CPU.

Re:Why not yet ? (0)

Anonymous Coward | more than 2 years ago | (#39721495)

The mpeg2 decoder and the CPU most likely share the main memory and the graphics buffer (if that's separate from the main memory) so the CPU can pass chunks of the mpeg stream to the decoder and draw stuff on top of the video. I'd think that it's easier to find a way to provide a misformatted mpeg stream to start an exploit rather than trip the decoder in a way that grants control of the main CPU.

Re:Why not yet ? (2)

AmiMoJo (196126) | more than 2 years ago | (#39721355)

What can stop hackers to send rogue fw updates over the air ?

They are required to be cryptographically signed in most places. Of course if the master key leaks you are screwed.

Also, is it possible to exploit mpeg2 video decoder bugs to takecontrol of tv ?

Probably not because it is decoded by a dedicated DSP that is separate from the CPU, and is not capable of executing code in the same way.

Re:Why not yet ? (0)

Anonymous Coward | more than 2 years ago | (#39721585)

There was an article some month ago on /. about new attack vectors on the entertainment systems in cars. The researches exploited a bug in the system's WMA decoder to execute arbitrary code.

Re:Why not yet ? (1)

drinkypoo (153816) | more than 2 years ago | (#39721777)

Also, is it possible to exploit mpeg2 video decoder bugs to takecontrol of tv ?

Probably not because it is decoded by a dedicated DSP that is separate from the CPU, and is not capable of executing code in the same way.

MAYBE. Could use an integrated CPU+GPU. Could be that MPEG2 is handled in software while MPEG4 is handled in hardware, this is not unusual today.

Re:Why not yet ? (0)

Anonymous Coward | more than 2 years ago | (#39721839)

Huh, what are you talking about? What model? I have NEVER heard of a TV getting firmware from an OTA broadcast. It wouldn't make sense to do, considering there are so many thousands of models of TV.

As far as exploting via MPEG2, probably not since most (if not all) TVs are going to do their decoding via dedicated hardware rather than on a general purpose CPU, so the most they should do is either crash it or give garbled video. However, the TS packet processing is probably done on the CPU, so if there was a poor software implementation, anythings possible.

Common Profit Model... (0)

Anonymous Coward | more than 2 years ago | (#39720965)

"...Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection.'"

The same could be said of the medical field where all we find are (long-term profitable) treatments, and hardly ever a (short-term, one-time fee) cure. There's hardly an opportunity where fixing something permanently is more profitable that prolonging a problem and treating it instead.

Is it half-baked or acceptable design? Tough to pimp products these days where security gets in the way of having fun. Screw that security bullshit, gimme my fun....and thus the results we have today.

Television? That sounds familiar... (1)

Anonymous Coward | more than 2 years ago | (#39720977)

Isn't that the branding they use for monitors larger than 24 inches?

Re:Television? That sounds familiar... (1)

ChunderDownunder (709234) | more than 2 years ago | (#39721089)

These monitors are all-in-one computers.

The extent to which they're secure depends on the manufacturer providing firmware updates.

Bonus points to any manufacturer that bases its firmware on Linux in a non-tivoized manner to attract a cult following as has occcured with embedded wifi routers and plug computers.
e.g. ship a default firmware with a drm-infested userspace but allow those that care to replace components with foss equivalents.

Re:Television? That sounds familiar... (1)

wed128 (722152) | more than 2 years ago | (#39721711)

bases its firmware on Linux in a non-tivoized manner

Has any manufacturer ever done this?

Never gonna give you up. (5, Funny)

Anonymous Coward | more than 2 years ago | (#39720989)

Bonus points for the first ones to rickroll on every channel at once.

And... go

Dumb displays (5, Insightful)

mehrotra.akash (1539473) | more than 2 years ago | (#39720991)

I prefer my TV's to be dumb displays
They should be limited to take video in, modify resolution/contrast/etc as per settings and display it on the screen, and provide a control interface
IF I want to play media on it, I will use a device for that
Modularity is better

Re:Dumb displays (4, Funny)

Chrisq (894406) | more than 2 years ago | (#39721213)

I prefer my TV's to be dumb displays

... Like your women?

Re:Dumb displays (1)

FudRucker (866063) | more than 2 years ago | (#39721219)

I agree with you on that, TVs should be kept simple because the more features they add to them the more things can break and the more things can be exploited and internet enabled TVs could turn a 600 dollar TV in to a huge expensive brick

Re:Dumb displays (1)

bythescruff (522831) | more than 2 years ago | (#39721321)

Exactly. The mess of different and incompatible "services" offered on TVs are a matter of supreme indifference to me. I have a computer hooked up to my TV and sound system; that's where my old computer goes when I buy a new one. It's much more capable than the built-in software on any TV; it's a general-purpose device that I can configure any way I like. My TV doesn't need to do anything more than display the image it's told to.

Re:Dumb displays (0)

Anonymous Coward | more than 2 years ago | (#39721393)

We need a Fucking Obvious mod, would be more appropriate than Insightful here

Re:Dumb displays (4, Insightful)

cbope (130292) | more than 2 years ago | (#39721413)

The more functionality that becomes "built-in", the quicker that "display device" will become obsolete. Is it any wonder why the manufacturers are pushing smart TV's so hard?

First, there was TV!
Then widescreen!
Then HD Ready!
Then Full HD!
Then LED!
Then 3D!
Now Smart TV!

The rate of obsolescence has really increased in the past 15 years or so with TV's. That's why I waited for Full HD to drop into my price range, and I bought a good, high-end LCD of a decent size with HDMI inputs. I can plug anything into it. I do not miss LED, 3D or smart TV. I can play back blu-ray at full quality, which is enough. I have an HTPC connected to it for browsing and media playback.

I prefer to keep my displays dumb and put the smarts elsewhere. That is unless you want to buy a new TV every few years... (I certainly have better things to spend my money on)

Re:Dumb displays (2)

ColdWetDog (752185) | more than 2 years ago | (#39721537)

I prefer to keep my displays dumb and put the smarts elsewhere.

The problem is that, for much of the viewing audience, there is no 'elsewhere'.

Re:Dumb displays (1)

mehrotra.akash (1539473) | more than 2 years ago | (#39721703)

A $250-300 PC would last you much longer without getting outdated than the builtin media players and web browsers on TV's which essentially get outdated after 4-5 years (or less)
And, the demographic that pays the premium for a "Smart TV" probably already has multiple computing devices: most of which would be TV compatible which can host the smarts
Some features like onscreen widgets may be missed, but thats a small compromise for a much longer lifespan

Re:Dumb displays (1)

BenoitRen (998927) | more than 2 years ago | (#39721897)

A $250-300 PC would last you much longer without getting outdated than the builtin media players and web browsers on TV's which essentially get outdated after 4-5 years (or less)

Considering how quickly computer hardware breaks these days (compared to the 90s), I'm not too sure about that.

Re:Dumb displays (1)

CastrTroy (595695) | more than 2 years ago | (#39721713)

So many things you can just plug into the TV now. Plug in your Wii/XBox360/PS3 and you can watch movies play games, browse the internet (Wii is pretty weak on this, not sure about the other two). There's also a plethora of boxes like Roku, AppleTV, LG, and others that a dumb simple to just plug in and use, so that you can watch all your shows streaming over the Net. My new (although old model) Android phone can plug into HDMI. Back in the old days, it was quite hard to get a computer to plug into a TV and not look like garbage. Now with digital inputs like HDMI, DVI, and even VGA (which is analog), it's quite easy to get a good picture on your screen from a computer. Spend $400 (or less) on a computer, plug it into your TV, and there you go. Although some of the viewing audience may not have an "elsewhere", that number is ever shrinking, and the only reason why anybody remains in that group is because their lack of willingness to learn, even just a little bit.

Re:Dumb displays (1)

GauteL (29207) | more than 2 years ago | (#39721735)

I prefer my TV's to be dumb displays
They should be limited to take video in, modify resolution/contrast/etc as per settings and display it on the screen, and provide a control interface
IF I want to play media on it, I will use a device for that
Modularity is better

I hear you, but this (the current) approach has some serious drawbacks, including cable mess and multiple remotes (or one poor universal), power extensions when you only have two sockets, etc.

The right approach would be for each TV to come with a hidden and swappable "smart" unit (or bought "naked" if you wish), controlled by the main TV's remote control, powered by the TV and with a standardised interface. This way, you'd have the best of both worlds, you'd be rid of the cable and remote control mess and it'd still be modular. People could then create Boxee boxes, Cable/Satellite set top boxes or fully functional PCs to adhere to the standardised smart unit interface. You may also want the WIFI or Ethernet connectivity in the TV, so that you could have multiple smart units all connected to a hub in the TV.

The problem is that nobody but the consumer is interested in standards. They would all create their own proprietary slot suitable only for their own smart units.

I think not... (0)

Anonymous Coward | more than 2 years ago | (#39721005)

but then again how does one hack an imaginary television

Please... (0)

Anonymous Coward | more than 2 years ago | (#39721017)

Hack my TV, and remove all those pesky advertisements.
I should charge all those companies a billboard fee for posting advertising inside my apartment without permission.

I must have been hacked (2)

ozduo (2043408) | more than 2 years ago | (#39721031)

Because all I'm getting are repeats

Not surprising .. (-1)

Anonymous Coward | more than 2 years ago | (#39721033)

TV is *already* a virus

I have a challenge to all hackers out there (5, Funny)

AuMatar (183847) | more than 2 years ago | (#39721045)

The ultimate TV hack, one that will make you the most infamous hacker in the US. Make it so that during the last quarter of the superbowl, the entire country gets rickrolled and are unable to return to the game. If it's a close game, wait til the very end (last year doing it on Brady's last drive would be perfect).

Re:I have a challenge to all hackers out there (0)

Anonymous Coward | more than 2 years ago | (#39721369)

And put up that goates picture. A whole generation will be instantly scarred for life and always link it to football.

Re:I have a challenge to all hackers out there (5, Funny)

Cornwallis (1188489) | more than 2 years ago | (#39721493)

Playing "Heidi" might be more appropriate.

New DMZ (1)

alex67500 (1609333) | more than 2 years ago | (#39721069)

I never thought I'd have to create a new DMZ just for my TV :-)

More concerned by the TV companies than hackers (5, Insightful)

travellerjohn (772758) | more than 2 years ago | (#39721079)

An internet enabled TV is going to be irresistible to TV companies. Perfectly legally they will get together with the manufacturers to personalise you TV experience. Given half a chance they will monitor your viewing, suggest programs, personalise adverts, maybe even personalise the news. Not so bad you might think: I never have to see Sarah Palin on the TV again. More likely, if they think you are an independent voter in a swing state, it is back to back political adverts for you for the next six months. Don't be surprised if your remote dont seem to work half way through a PAC spot. Remember If You're Not Paying for It; You're the Product

Re:More concerned by the TV companies than hackers (2)

Craefter (71540) | more than 2 years ago | (#39721799)

I was thinking along the same lines. In the near future you will probably be labled a thief if you don't sit out the commercials and zap to other channels. The content delivery program will also offer you a rebate if the camera on top of the TV detects that you are intently watching the commercial breaks..... and smiling.

Re:You wont see Palin or other contrary opinions (0)

Anonymous Coward | more than 2 years ago | (#39721837)

They will make sure you only see the news that they want you to see. Even more so than now.
MSM will own you.

Spoiler Indeed (1)

arisvega (1414195) | more than 2 years ago | (#39721097)

Oh, the times ahead! There is so much fun to come! That will give a whole new meaning to the word 'entertainment' !

So 2000 and late... (0)

Anonymous Coward | more than 2 years ago | (#39721107)

Today you don't even need to hack your computer to turn it into a TV.

What is this article about? Science-Past?

No, not really.... (1)

Lumpy (12016) | more than 2 years ago | (#39721115)

I dont care what any of this hype says, if your TV is gonna get hacked then why are we not seeing all the BluRay players from all these same companies that are running Linux and the interactive services getting hacked?

Every single BLuRay player sold runs linux and most have ethernet on them for interactive services on the disc or built into the player. Panasonic has one that has hulu, netflix, and an app store + video skype. These are not getting hacked.

And I WISH they would get hacked, cracked, and smacked. I want to blow out the useless OS and install XBMC.

Amazing (2)

ledow (319597) | more than 2 years ago | (#39721179)

I wonder how they intend to hack my TV when it's not plugged into either Ethernet or wireless networks. Because even if I did have an "Internet TV", it wouldn't be plugged in.

If it was, it would be behind my firewall/router. If they were relying on me to visit a malicious website to "infect" my TV, they'd be sadly disappointed - I can't imagine that many people use their TV like that given that every year or so the requirements change. If you can see a modern Internet site (e.g. Flash, Silverlight, etc.), then chances are that your software is pretty up-to-date and no worse than a PC that was similarly updated.

Of those that don't handle interactive content directly, it's either not a risk (it's pretty hard to crash AND compromise an embedded browser with just a badly formed HTML page or similar), or it goes through some sort of remote proxy (e.g. Opera Mini) that will probably be working to stamp out the problem for you.

Above all that, beyond playing tricks and crashing my browser, I'd be interested to know what incentive they would have to do that? I don't plug credit card numbers into my TV. I watch TV on it. If you're silly enough to plug in things like Facebook, Twitter, etc. passwords into your TV, then maybe they could cause a little havoc ("Guess what John watched last night on the Adult Channel?") but that's about it.

Or is this just a ruse to sell "Antivirus for your TV"?

These devices are pretty passive, unless you make them do something. You're pretty safe while your internal network is clean (and if it isn't, your TV is the least of your worries). To infect would require some kind of active participation (same as any well-managed PC) that, maybe, possibly, it wouldn't be able to handle safely. But, chances are, the havoc it could wreak would be nothing compared to that same user on their laptop.

Of course it's something to think about but I don't think such a big fuss should be made. Hell, people still haven't worked out that a smartphone is yet-another-computer that they have to manage properly, with bad consequences if they don't (run up enormous bills, etc.). But even they aren't that much of a problem. I've never had anyone come to me about fixing their smartphone because of things like this, but I get 2-3 a week about their laptops etc. I've certainly never had anyone ask about their TV unless it was a dumb TV or literally how to wire it to their Internet connection / Wii / whatever.

I think infinitely more dangerous than a TV would be:

- smartphones
- gaming consoles with internet access / wireless
- smart meters with internet access / wireless
- Skype phones
- Internet connected printers
- etc.

And a lot of those have been running around people's houses (some targetted at non-techy users) for years. Yes, it's almost certainly possible to "attack" my printer / TV / Skype phone. But it's almost certainly not worth the effort to a) discover what model I use, b) link that to an IP address, c) somehow enter my network and intercept communications to it, d) figure out how to do something clever on that device when actions that are much easier to do and hide mean you can compromise similar people anyway.

Worst case scenario is that your TV web browsing is an "insecure" as your laptop web browsing. But with much less potential impact.

Re:Amazing (3, Informative)

SuricouRaven (1897204) | more than 2 years ago | (#39721301)

"Above all that, beyond playing tricks and crashing my browser, I'd be interested to know what incentive they would have to do that?"

Long-term botnet. Good for spamming, ad-fraud, DDoSing, that sort of thing.

we do when there's money behind it (1)

argStyopa (232550) | more than 2 years ago | (#39721191)

There seem to be plenty of efforts to ensure security when other peoples' money is at stake. Last time I checked, HDMI is the new cable standard and that has absolutely NOTHING to do with signal quality, it's a hardware-enforced "copy prevention" scheme.

I was going to say "other peoples' money (particularly not the customer's)" but then I remembered - in the free TV equation I'm NOT the customer. I'm the product (well, my eyes). In that sense, I concede their need to 'protect' their baited hook...they NEED me to not-skip the ads, to pay for the programming. But the failure is of course to realize that I AM the customer (and thus no need to protect the baited hook) in pretty much every other transaction - watching rented DVDs, cable, etc in which I *pay* for the programming. In those cases the stream should be (but isn't) mine because I am paying for it, but of course that's the baby that's thrown out with the commercial-tv-justification bathwater.

Further, when I hear 'security people' say things like: "...we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection" I brace myself for the following solution. These are the sorts of things that come from people who insist on 36-bit random hash codes that are changed every other week and can never repeat even partially (which in the real world are then just written down on sticky notes under the desk pad).

I don't think so (0)

Anonymous Coward | more than 2 years ago | (#39721433)

we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection

Speak for yourself, bitch!

not so fast summarator (0)

Anonymous Coward | more than 2 years ago | (#39721443)

Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection.

Most consumers are told that the hackers are just that nefarious and evil, they don't know that security can and should be better.

Mine won't (2)

Trogre (513942) | more than 2 years ago | (#39721453)

Because I won't put it on the Internet. That's what I have an HTPC for. And I know how to secure that. It's looking likely I will still have an HTPC in 10 years time, and nothing except standalone computers and perhaps a smartphone connected to the Internet.

Short-sighted you say? No, I've merely learned my lessons.

Reactive cheaper than Proactive (1)

rodrigoandrade (713371) | more than 2 years ago | (#39721499)

Why is this news? Being reactive has ALWAYS been cheaper than being proactive, in any field, not just technology.

Companies/government/etc. will go proactive to avoid accidents/hacks/RRODs/etc. if you're willing to pay more. Are you?

Improved security or more BS laws (2)

OldHawk777 (19923) | more than 2 years ago | (#39721507)

Improving security cost more and does more than a BS laws, but Bad Security (BS) laws only cost a few politicians and will exempt TV makers and Cable/Sat providers from all liability. Corporate-Welfare is best for the Plutocrat Republic, never good for US.

Hack2Secure

What??? (1)

lwriemen (763666) | more than 2 years ago | (#39721575)

They're making Windows TVs now?!? ;-)

Re:What??? (1)

CastrTroy (595695) | more than 2 years ago | (#39721967)

With Windows 8 coming out, and running on ARM, plus the already existence of Windows Phone that runs on phones/ARM, I don't think it will take long before we see a TV running windows, or possibly a set top box running windows, kind of like the AppleTV.

Android proof (1)

vlueboy (1799360) | more than 2 years ago | (#39721579)

Having just finished reading this reminder [phys.org] gives me an even worse feeling that science will die to profit seekers. Especially with the ad potential.

I already hacked mine (0)

Anonymous Coward | more than 2 years ago | (#39721599)

To upgrade the firmware enabling a Just Scan mode that the (lazy / incompetent / brain-damaged - take your pick) engineers at Samsung neglected to include in the default set of aspect ratios. It beggared belief that an aspect ratio that just displays the picture without adjustment wasn't included in the first place. Especially considering the damn thing has a VGA port and it was obviously meant to support input from a PC. A massive pain in the arse it was too - it needed a custom serial cable I had to put together myself from iffy specs I found online, with the (actually official) firmware update from another hobbyist site as Samsung didn't host it. Then there was the 30s or so sweating bullets as I thought I'd bricked my telly before the new firmware started running. I don't recommend it.

Re:I already hacked mine (2)

garyok (218493) | more than 2 years ago | (#39721625)

To upgrade the firmware enabling a Just Scan mode that the (lazy / incompetent / brain-damaged - take your pick) engineers at Samsung neglected to include in the default set of aspect ratios. It beggared belief that an aspect ratio that just displays the picture without adjustment wasn't included in the first place. Especially considering the damn thing has a VGA port and it was obviously meant to support input from a PC. A massive pain in the arse it was too - it needed a custom serial cable I had to put together myself from iffy specs I found online, with the (actually official) firmware update from another hobbyist site as Samsung didn't host it. Then there was the 30s or so sweating bullets as I thought I'd bricked my telly before the new firmware started running. I don't recommend it.

Hmm - never meant to post that as AC. I wondered why I was asked for a CAPTCHA...

Sweeping generalizations (0)

Anonymous Coward | more than 2 years ago | (#39721653)

"Nothing in a computer built into a TV makes it less attackable than a PC"..

I dispute that claim. If the TV is treated as an embedded system with a fixed set of functionality and is not supposed to be user-customizable, then it is much easier to keep it secure.

PC's cannot be secure because they're intended to allow the user to install what he or she wants. I know this is also true for smart phones, but really - if it's a traditional embedded system that serves a dedicated purpose - it should at least be possible to keep relatively secure.

Thoughts (1)

DaMattster (977781) | more than 2 years ago | (#39721769)

In this day and age, there is significant pressure to bring a product to market before your competitor and to recoup your research costs. This is probably why device security is an afterthought. The internet has made controlling the flow of information very difficult, adding to that pressure to bring the innovative product to the market and establishing that product as the leader - it is all about beating your competitor to the punch. I do think it is a conscious decision to take a reactive approach to it or maybe denying it for a while until the press heats up and forces the company to deal with it. That, in of itself, is a mistake which all major electronics and software makers have made at one time or another.

Just don't connect it to any public network. (1)

hobarrera (2008506) | more than 2 years ago | (#39721817)

Why would you want a display connected to the internet? It makes no sense. Just don't connect it the internet and you're done.
Hell, do you actually *need* it connected to your private network at all? Will it make movies look better, or have *any* advantage?

It's just crap that people want because of good marketing, not anything that they really need anyway.

A few basic design rules will help (1)

gstrickler (920733) | more than 2 years ago | (#39721895)

1. No unencrypted incoming connections. The only incoming connection possibly allowed is a limited function remote control (turn off, if it has DVR capabilities, allow changes to the recording schedule). Why does a device for viewing content need incoming connections or a web server?

2. No OTA updates. Firmware updates must be cryptographically signed, and the update must be initiated by the device itself, not "pushed". Signed updates can also be installed from a USB flash drive, no network required.

3. Built-in firewall. If it's based on Linux/BSD, set up IP tables, use Shorewall, etc.

4. If it supports Wi-Fi, Require WPA/WPA2 connections. Do not allow use of WEP or no encryption.

Obviously, that's not an exhaustive list, but if they follow those, the chances of a successful penetration decrease significantly.

provider (0)

Anonymous Coward | more than 2 years ago | (#39721927)

This article is not about internet hacking - that's what you firewall is for...
Think about it. It's about provider haching. Basically, they have a back-door (through the "analogue")
cable to your network (assuming you're dumb enough to put your local network into the back of
one of these TVs) which bypasses any firewall you may have...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...