Smart TVs vulnerable to "red button" hacking


Intenet-connected or Smart TVs could be vulnerable to drive-by hacking attempts, according to researchers.

The so-called "red button attack" uses a man-in-the-middle exploit to intercept a digital television signal rather that IP-based data.

By transmitting data packets over the airwaves, malicious code can be sent to these televisions. Once exploited by hackers, these devices can then be made to send messages by hackers, find other vulnerable devices on a home network or even launch attacks across the internet.

Yossef Oren and Angelos Keromytis, from the Network Security Lab at Columbia University, warned that finding and preventing such attacks would be difficult.

In a research paper published by the pair, such an attack could be carried out using an inexpensive antenna and carefully constructed broadcast messages.

"For this attack you do not need an internet address, you do not need a server," Mr Oren told Forbes. "You just need a roof and an antenna and once you are done with your attack, there's completely no trace of you."

The hack works be using the Hybrid Broadcast Broadband TV (HbbTV) standard, widely used in European smart TVs. The technology is used in sets that provide TV via digital terrestrial broadcasts and via broadband.

The attack could then do anything the owner was able to do. The researchers said if a TV owner was logged into Facebook, the attackers could also post messages to the social network.

The researchers also detailed in the paper how the flaw could be used to DoS a website.

Oren said that in built up areas a cheap antenna could hack hundreds of TVs. A bigger antenna could hit thousands.

"The attacks described in this paper are of high significance, not only because of the very large amount of devices which are vulnerable to them, but because they exemplify the complexity of securing systems-of-systems which combine both internet and non-internet interfaces," they added.

"Similar cyber-physical systems will become increasingly more prevalent in the future Internet of Things, making it especially important to analyse the weaknesses in this system, as well as the limitations of its proposed countermeasures."

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.