With the advent of Internet-connected products on the rise, the risk of being exploited through hacks are also on an increase. Recently, more and more products are being hacked, giving unethical parties access to sensitive data of millions of people. The latest one to add to the bag is smart TVs. A fresh demonstration by security consultant Rafael Scheel shows how easy it was to gain remote access to a couple of Samsung Smart TVs by just sending over-the-air TV signals.
Ars Technica reports that Scheel demoed the attack on two "fully updated" Samsung Smart TV models by using a "low-cost transmitter to embed malicious commands into a rogue TV signal." This is then broadcasted on the TVs and the attack gives the hacker privileged root access to the devices easily. This code exploits a flaw that exists in specific Smart TVs’ Web browser. "Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways. Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV's camera and microphone,” Scheel told the publication.
Scheel developed this exploit for a Swiss security consulting company Oneconsult, and first demonstrated it in February at the European Broadcasting Union Media Cyber Security Seminar. The remote connection requires an Internet connection, and the transmitter has to be based on digital video broadcasting—terrestrial (DVB-T). Scheel also notes that the code can be altered to attack a wider range of smart TVs. What is scary is that Scheel’s exploit requires no physical contact with the device and can work against many set of TVs at once.
Also, while the fix can be rolled out through a software update, not many makers are that efficient in dishing out updates for the Smart TV category especially. However, Engadget notes that DVB-T is only used in certain countries, and less still support the hybrid broadcast broadband TV format (HbbTV) needed to make this work. It specifically states that users in North America don’t have to worry about the exploit at all.