Researchers have discovered that millions of Smart TV’s may have been taken over in a man-in-the-middle style security attack.
Angelos Keromytis and Yossef Oren, two researchers from the University of Colombia have found that many Smart TV’s could be hacked into using a cheap antenna to broadcast messages. It completes this through insecurities in the Hybrid Broadcast-Broadband Television Standard (HbbTV), which now features on millions of internet-connected TVs after being introduced two years ago.
The researches have released a paper detailing that the standard is vulnerable to a “large-scale exploitation technique” that is “remarkably difficult to detect”. It doesn’t require any large expenses either as a budget of just $270 would be enough to target around 20,000 devices.
This man-in-the-middle attack could allow any potential hackers to intercept the sound, picture and accompanying data sent by the broadcaster using data packets. It could also potentially take control over any applications set up on the TV and launch attacks over the Internet. Oren has told Forbes that “for this attack, you do not need an internet address; you do not need a server. You just need a roof and an antenna and once you are done with your attack, there’s completely no trace of you.” He added that although he told the DVB standards body about the security loophole in January, the group has not reacted, as it does not think that the threat is serious enough to re-write the technology’s security code.
While man-in-the-middle attacks against smart TV’s shows just how vulnerable smart objects can be if adequate security is not included as part of the design, the concept of hacking home devices isn’t new. In 2010, Mocana Corporations published a report on how it was possible to send fake credit card forms to Smart TVs. Last year, researchers in Germany also showed how a number of security weakness could allow such attacks as man-in-the-middle, watering holes or the ability to change what users watch on TVs. Some believe that “in the rush to get to market with smart devices, many companies are ignoring security issues.