Future Watch VII: Your Smart TV opens up a new frontier for hacks and spying

Just like smartphones arrived in most markets and obliterated regular feature phones, smart TV’s are expected to change the way we interact with our television sets. A smart TV, or hybrid TV, comes integrated with several web 2.0 applications and widgets that allow users to access the Internet and obtain content from several sources.

However useful this may be, this opens up a brand new attack surface for hackers to exploit. This video showcases how a Samsung LED 3D TV was hacked into and compromised by researchers. They subsequently accessed TV settings, channel lists, device ID, firmware, widgets, history and attached USB drives.

The prospects of this are scary since the hacker gets a direct entry point into our home and into a device that we never thought would face such threats. Moreover, the popularity of smart TV’s is only going to increase over time and this exposes plenty of people to such attacks in the future.

Potential threats faced by smart TV sets

At first, one doesn’t realize the implications of such a security breach. But an experienced hacker could gain root access into a smart TV, breach the local network that the TV is connected to and cause utter mayhem as a result. Here are the potential risks of a hacked smart TV.

• The attacker can gain remote access. As a result he can remotely control the TV and change channels.
• Once an attacker gains access he can enter widgets and apps (like Skype) and steal the information that is stored on them. This includes personal details, card details and passwords.
• A hacker can install advanced malware and backdoor exploits on the TV set.
• DDoS (distributed denial of service) attacks can also be initiated. For instance, this could cause the TV set to restart itself endlessly, even if the power is turned OFF.
• If a USB drive is connected to the TV, a hacker can access the content on it and create a virtual image.
• If the smart TV is connected to a router, an attacker can monitor network traffic and reach the other machines on the network. This could specifically affect companies that use such TV sets.
• Icons on the home screen could be replaced and could be used to redirect the user to a fake page that phishes for credit card data or other details.
• The scariest aspect though, is the camera integrated with the TV. A hacker can switch on the camera, and the microphone, to see and hear everything. Facial recognition software can also be misused to breach personal privacy.

Other considerations to keep in mind

Not many people regularly update the firmware on their smartphones, so it seems less likely that they will regularly update their smart TV sets. This would leave smart TV’s open to malicious attacks. OEM’s (original equipment manufacturers) also freely give out their SDK (software development kit) so attackers can easily get their hands on these and tailor malicious software accordingly.

However, the downside for attackers is that they will need access to the local network that the TV is connected to. This differs from the regular viruses and worms that reach victims through the Internet. A hacker will also need network details and the IP address for the TV set. This can be prevented with a secure network or router and with the help of strong passwords. Moreover, switching the power off when the TV is not in use is highly recommended.

Technology used in smart TV sets is still in its nascent stages but the potential for hack attacks is present. We advise readers to remain vigilant and stay aware of developments and security tips related to smart TV sets and related system protection software. Internet access always invites hackers in large numbers and while such attacks are not common today, it will not be long before such exploits become more common.

Rahul Thadani