Smart TVs can be great, offering direct portals to video-on-demand services like Netflix, YouTube and Hulu. When they’re well implemented, as they tend to be on modern TVs, they make consuming internet me-based media a pleasure.
Unfortunately, because they have to connect to the internet, they have the potential to be exploited. A new exploit for a class of Smart TVs has been discovered, and its unique in that the attacker doesn’t need direct access to, or control of your device to find a way in. Security consultant Rafael Scheel demonstrated the attack as a proof of concept.
What makes it frightening is that it works by latching on to a DVB-T signal. A Low-cost transmitter can embed malicious code in to a TV signal. The digital signal (which happens to be the one that South Africa has adopted, but seems very slow to roll out) is capable of being read by a great number of modern TVs – and could be easily compromised. This was demonstrated on two new, updated Samsung models. It’s scalable, so could be used to infect more than a single set in one go.
“Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways,” Scheel told Ars Technica. “Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.”
Worse is that in interconnected homes, the TV could be used as a way to get in to your other devices. Thankfully, there is very little reason to receiving a DVB-T2 signal here in South Africa until we finally do have that long-awaited digital TV rollout. Your Samsungs are safe for now.