2014-06-08

An anonymous reader writes
"Researchers from Columbia University's Network Security Lab discovered a flaw affecting millions of Smart TVs supporting the HbbTV standard. The flaw allows a radio-frequency attacker with a low budget to take control over tens of thousands of TVs in a single attack, forcing the TVs to interact with any website on their behalf — Academic paper available online."

Re:So: where is the liability ?

By BronsCon



2014-Jun-8 10:21

• Score: 5, Interesting
• Thread

In this case, it's more like "Oh no, I've been inconvenienced as a direct result of someone else's negligent actions."

If the end result of TV manufacturers not releasing a more secure firmware for the affected models is your TV running malicious code that, say, simply bricks your TV, they should be liable for repair or replacement costs. If the result is that your TV ends up running code that hacks into your computer and steals your financial and personal details, they should likewise be liable for any resulting fraud and the cost of cleaning up that mess. In both cases, maybe a little something for the trouble, as well; it's best for society that we discourage purposeful negligence like this.

We're not talking about simply missing a TV show here; there are real and potentially damaging implications here.

Tell me again?

By kheldan



2014-Jun-8 11:45

• Score: 3
• Thread

Tell me again why we even need 'smart TVs' in the first place?

I'd rather spend the money on a basic TV with better picture quality and get the 'smart' part from what I connect to it (DVR in my case).

Re:It doesn't take a genius to come up with an att

By Fnord666



2014-Jun-8 12:18

• Score: 5, Informative
• Thread

So the idea is that the attacker overrides the RF signal with his own one, which contains the malicious data.

No. They are actually overriding the DVB broadcast signal from the broadcaster and inserting malicious packets into the stream.

Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard.

All of the references to the "red button" on the remote are a distraction that can be confusing. The red button on your remote is simply a way that you can invoke or interact with the hybrid content in the broadcast stream. It has nothing to do with the actual attack and the embedded content doesn't need to be actual interactive content.

Re:It doesn't take a genius to come up with an att

By nmb3000



2014-Jun-8 14:08

• Score: 5, Insightful
• Thread

Abstract: In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television.

And for anyone wondering just why the hell anyone would want this, TFA clarifies:

Broadcasters and advertisers have been eager to use the HbbTV to target ads more precisely and add interactive content, polls, shopping and apps, to home viewers.

So let me get this right... "Punch the Monkey", coming to a TV near you? Flashing and bouncing "Take the "Which Ninja Turtle are you most like?" poll for a chance to win $1000!!!"? Malicious "Your TV isn't secure! Click here to upgrade!" ads that install some bullshit TV "app" that does only god-knows-what? Remote scripting running on a device designed without any security in mind, and which will probably never be updated during its 8+ year lifetime?

How can I make this clear? Do. Not. Fucking. Want. Yet another reason to avoid "smart" TVs, I guess.

Re:It doesn't take a genius to come up with an att

By Kalriath



2014-Jun-8 18:48

• Score: 4, Interesting
• Thread

Another effective mechanism, is to Decline the privacy policy. According to a recent Slashdot post, that disables pretty much every smart feature the TV has.

Show more