Next big security risk for home users: Internet connected TV

Every device between the TV cable and your laptop is hackable

By  

"I've successfully hacked Internet-connected TVs before," Grimes writes, not even adding that hacking a set-top box is pretty impressive considering how hard it often is to just get them to do what they're designed to do in the first place. "When I worked at Foundstone, my penetration-testing team got paid to try and break into the world's largest cable television provider's set-top box -- one of the first so-called IP TVs. Regular televisions were connected to set-top boxes, which were simply a custom personal computer appliance running a specialized version of BSD."

Grimes offers a few details and tools he used to break in to the cable box, but the important bit of the story could be a rewrite from a million other security stories: The vulnerabilities his team used to crack the set-top box were a JavaScript cross-site scripting attack, and an undocumented, unpatched, insecure web server running on the STB with no recent updates installed and little hope of ever getting any.

Your TV is probably smarter than most of the shows you watch on it

The specifics of how he broke into one STB years ago aren't relevant to the big-screen sitting in your living room running endless games of Call of Duty or the Big Bang Theory marathon.

No matter what firmware is running the thing, it's almost certain there is some vulnerability that would give hackers access to it.

The question is why.

They might be able to use the STB's certification to crack your ISP's security, or use it as a launching point for spam or attacks on other STBs.

They could even sit by voyeuristically monitoring the taste entertainment that is far less refined than the impression you try to give to people who don't join you for hours of brain-decaying reality TV.

They could even use root access in your STB or Internet-connected TV as a jumping off point to machines in the rest of the house.

If one end of an Ethernet cable is plugged into the TV, it's a good bet the other end is plugged in to the same router or switch used by the other computers in the house.

Photo Credit: 

Reuters

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question