Red Button Attack

[KD6W]

http://www.forbes.com/sites/bruceupbin/2014/06/06/red-button-flaw-exposes-major-vulnerability-in-millions-of-smart-tvs/

DRONES+TV's with internet connections = printers spewing coupons? Ok, but they missed a small little detail that I'm sure can be worked out or around but think about the power needed to transmit a signal strong enough to swamp the TV front end to over come the original signal to replace it with the pseudo signal, not impossible but it's not easy easy either. That much sophistication and all for as little as $200 dollars? They are very optimistic to say the least, and a drone for anonymity, yeah I suppose? But a rooftop (like the one in the video) can be a great place to put an antenna for 5 or ten minutes and wow, no flying required... (duh). (note to self) - when you buy that sexy new-fangled uber expensive TV, remember to turn the "smart" features off. Just say thanks, but no thanks. I don;t know about you but I like watching my TV programs WITHOUT the extra attachments. What are your thoughts? - KD6W

[cooper]

Didn't check out your link yet (mobiles and such) but I *hate* the concept of 'smart' tvs. Yet another multi-purpose computer in peoples' homes that they can't manage to keep up to date. What bugs me the most is that I want to just view the stuff I've got on my fileserver.

Fuck netflix, hulu, amazon, pathe and all the other companies that want to sell you their video content. I'm sure they provide excellent service and value to their users but I'm not interested and that means they get in my way when my smart tv starts suggesting I use them.

My big worry is that if I were to replace my tv with an equally huge one these days, I'm almost certain to get one with smart crap simply because I can't get one without.

[Guest spazi]

One of the reasons I didn't buy a smart tv was the potentials of getting hacked. They are vulnerable to many things.

I had a neighbour who had a tv that was wifi capable, you know to hook up all the phones and laptops and what'not.

Anyway, the wps was hackable, and I found a script that simply would break the tv. Not cool bro.

Didn't try it though.

After that I always hated smart tv.

As cooper pointed out. It's damn hard finding a smart free tv, and they are even cheaper. I was lucky mine was on sale. Best tv so far!

Edited June 16, 2014 by spazi

[cooper]

That's the thing that worries me about "the internet of things": patching.

I can hear the support calls already:

"Hello? Please help me. My thermostat is locked at 50 degrees. If your product doesn't kill me the gas bill will."

- "Yes, I see here you're using one of our older models. We've updated the firmware a few times since then. Did you ever upgrade?"

"Did I what? It's a fucking thermostat. It took me 2 weeks to program it for my average week. Then all of a sudden it just locked itself into fry-mode and wouldn't bugde."

- "Well, if you upgrade the firmware and install the app you can then also program the thermostat using your phone from anywhere. All you need is an internet connection."

"Why the hell would I want to change the temperature from anywhere other than my house? And why the hell do I need yet another _app_ for that?"

- "But sir, that was the main reason people bought the Mark 1's - control your thermostat from anywhere."

"It was on sale last month at best buy. I needed a new thermostat and they were practically giving these things away."

- "I see"

"Can't I turn all that crap off and just get it to behave like a, you know, regular thermostat."

- "No, sir, you can't. You're going to have to upgrade the firmware, install the app and then you should be able to change the temperature again."

"<sigh>FINE! Where in the Windows App Store is your app? I have a Lumia."

- "<laughter>"

[KD6W]

With all that said, I couldn't agree more. The day our TV's is smarter than us, we are all screwed. I want my TV to be a display, you can keep the Ethernet port and built in WiFi. - KD6W

[Swamppifi]

I had a look at the video of the interview, while it has raised some good points on the possibilty of security risks, he just beating up the hype, doesn't give any substance to his claims, nor explian any details.

So I had a look today, and found this rsa confernce presetation on the risk.

It is at http://www.rsaconference.com/writable/presentations/file_upload/ht-r08-how-hackers-are-outsmarting-smart-tvs-and-why-it-matters-to-you_copy1.pdf

Also another one

http://www.google.com.au/url?q=https://media.blackhat.com/us-13/US-13-Lee-Hacking-Surveilling-and-Deceiving-Victims-on-Smart-TV-Slides.pdf&sa=U&ei=X9ufU--lG43bkAXOtoHYCA&ved=0CBYQFjAE&usg=AFQjCNG9tCcqb15ZaKzp0MA0UjjxakIhOQ

And another at

http://www.google.com.au/url?q=http://www.codenomicon.com/resources/whitepapers/codenomicon-wp-smart-tv-fuzzing.pdf&sa=U&ei=X9ufU--lG43bkAXOtoHYCA&ved=0CBQQFjAD&usg=AFQjCNFNsI8jxO-0d8HeUCs7E2bUMoexRA

What I find alarming is that app that access facebook, amazon, itunes can be accessed with a four digit number from the remote.

Now here is my point of view, remotes aren't wifi, they are infra red, so for a drone to access the system, it would need line of sight and infra red transmitter to interact with the tv, and a reciever to capture code transmitted by the remote.

You could drop a device that has a line of sight of the tv that interact with the tv by ir tranceiver and control it from a distance by wifi

Still, possible , but I think a lot of hype

Edited June 17, 2014 by Swamppifi