Smart TVs are vulnerable to an attack that harnesses ordinary television signals to give the hacker root access to the TV's software, according to a cybersecurity researcher.
The researcher, Rafael Scheel, verified that the hack works with two Samsung models, and it could potentially be modified to exploit similar bugs in other sets, Ars Technica reported. All told, 90 percent of the TVs sold in the last few years are potential victims of similar attacks, Scheel said during a presentation to the European Broadcasting Union last month.
The first part of the hack that Scheel presented takes advantage of the fact that terrestrial broadcasting now uses digital signals in many countries (the US transitioned to digital in 2009). An attacker could embed malicious code into a digital TV signal using a low-cost transmitter, which could reach several TV sets nearby in a densely-populated city neighborhood.
Related
- Own a Vizio TV? It May Have Spied on You Own a Vizio TV? It May Have Spied on You
After the signal reaches the smart TV, it would exploit known security flaws in their web browsers to gain root access to the operating system. Given the security flaws present in many other Internet of Things (IoT) devices, the malicious code could be designed to spread to other devices connected to the same wired or wireless network as the TV.
"Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways," Scheel told Ars Technica. "Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV's camera and microphone."
The security vulnerabilities of IoT devices have been well documented, as has the use of TVs to spy on their users (sometimes by design). Samsung, whose TVs Scheel used to demonstrate the viability of the attack, did not immediately respond to a request for comment.
Cook like a top chef with smart gadgets that add high-tech convenience to your kitchen.
No wonder everyone is fleeing the TV business.
Even if they're mostly ads.
Sevenhugs's universal remote uses location beacons to switch active devices based on what the remote is pointed at.
Relax Smart TVs Could Succumb to Remote Hacks stories
Recent Congressional action to overturn FCC rules on data sharing won't impact internet users' privacy, ISP executives say.
A 34-foot display supporting HDR and backed by a Harman audio system. Is that enough to entice us back to movie theaters?
Rather than just having one display on a smartwatch, Samsung wants two, with the second being placed around the rotating rim of the watch.
While other manufacturers are ditching curved TVs, Samsung is embracing them as sales are set to peak this year.
The rule requires ISPs to get consent before they sell sensitive consumer data. Republican Senators and FCC members say it's unnecessary and harmful to ISPs.
The leaked documents include user guides that show the CIA's efforts to install its surveillance code on Mac firmware.
The messaging services are renowned for their end-to-end encryption, which, in this case, also made them vulnerable to attacks.
Hanging a TV above your fireplace mantle is nothing new, but a new model from Samsung mounts flush with the wall and includes a bezel that looks like an actual picture frame.
Verizon will blast gigabit Internet into your window. At MWC, we saw how that will happen.
Samsung has a stylus which feels just like a fine European pencil. We tried it.
Amazon is refusing to give authorities investigating a murder access to data from Alexa.
Samsung Display secures huge order worth billions from its rival.
The New Revolution Galactic Attack offers a gaming-like experience.
Vizio secretly collected viewing data from 11 million TVs, according to an FTC complaint.
We live in a world of mass surveillance. Here are some tips for staying anonymous while still staying online.
Design patent cases very rarely reach the Supreme Court. It had not heard such a case in more than 120 years.
Is public Wi-Fi safe? Hell, no. But there are steps you can take.
Let's be honest, that's a surprise to no one.
Learn what might be ailing your laptop and how to speed it back up.
Your intensions when cracking a Wi-Fi password are no doubt noble—we trust you—so here's how to do it.
Verizon has apparently had with with the Yahoo name (and AOL, apparently).
Apple already offers the three premium channels individually, but this new bundle would let you buy them together, hopefully at a lower price.
How passion and drive helped this social media star build a global brand.
One consumer tech website found that PC manufacturers overstate battery life, but measuring it meaningfully can be challenging.
Yes, there will be harpoons.
Just get a special barcode from Amazon, bring it into your local CVS or another participating store, show it to the cashier, and add as much cash as you like to your Amazon Balance.
The new Scheduled Pause feature is easy to use—perhaps too easy if you plan on using it to stop yourself from late-night internet binges.
On-site spot checks will focus on preventing abuse of the tech industry's favorite visa.
You can now download a limited selection of TV shows and movies—mostly Netflix originals—to your Windows PC.
Putting your effort in upfront and collecting the returns forever after is the foundation of financial freedom.