Pipe 37Z Watching TV. No prob - it's watching you, too.

Watching TV. No prob - it's watching you, too.

by
in security on (#37Z)
This just in from the Register: If you're watching a "smart television" containing internet capability and camera/microphone, your television is also watching you and can be coopted via malware to do all sorts of terrible things. Manufacturers seem to be blind to this, turning out lots of new models of internet-aware devices that risk being "smart" in all the wrong ways.
[Security experts] demonstrated exactly [the vulnerability] just down the road from the Infosec Europe conference, held in London. "Installing the bugging software requires physical access to the device, which is how we did it, or by installing a malicious app," said Felix Ingram, principal consultant at NCC Group. "Malicious apps could be downloaded from the manufacturer’s app store. The TV does have the option for auto-updating, so releasing a legitimate app, then releasing a malicious update, is another attack vector."
Why bother buying a Smart TV though, when you can much more simply make your own using a Raspberry Pi [video]? You control the hardware, you control the software, and for bonus points you don't have to rely on the manufacturer to provide you the occasional firmware update out of the goodness of their hearts.

History

2014-05-10 13:22
Watching a Smart TV? It's watching you, too.
zafiro17@pipedot.org
This just in from the Register: If you're watching a "smart television" containing internet capability and camera/microphone, your television is also watching you and can be coopted via malware to do all sorts of terrible things. Manufacturers seem to be blind to this, turning out lots of new models of internet-aware devices that risk being "smart" in all the wrong ways.
[Security experts] demonstrated exactly [the vulnerability] just down the road from the Infosec Europe conference, held in London. "Installing the bugging software requires physical access to the device, which is how we did it, or by installing a malicious app," said Felix Ingram, principal consultant at NCC Group. "Malicious apps could be downloaded from the manufacturer’'s app store. The TV does have the option for auto-updating, so releasing a legitimate app, then releasing a malicious update, is another attack vector."
Why bother buying a Smart TV though, when you can much more simply make your own using a Raspberry Pi [video]? You control the hardware, you control the software, and for bonus points you don't have to rely on the manufacturer to provide you the occasional firmware update out of the goodness of their hearts.
Reply 0 comments