What makes an Internet-connected TV different from a PC? When you think about it, not all that much. Both have storage devices, processors, IP addresses and software. And if that’s the case, why wouldn’t a TV that’s connected to the Web or a home network be vulnerable to the types of attacks that have plagued computer users for years? It turns out that they are.
Yes, that sounds pretty far-fetched, and until recently I didn’t give it much thought. But in the last few weeks, two security experts have independently discovered ways to break into a connected TV.
And as far back as 2010, when Internet TVs were far less common, researchers from Mocana, a San Francisco security firm, found that it was possible for a hacker to obtain passwords and credentials from services accessed via a connected TV. Whether that could lead to an actual theft of financial data wasn’t clear at the time.
Earlier this month, an Italian researcher named Luigi Auriemma said he found a way to launch the equivalent of a Denial of Service attack against a Samsung D6000 TV that sent it into an endless reset loop. (A Denial of Service, or DoS, attack overwhelms servers and PCs with so many bogus requests that they simply shut down or get too clogged to operate.)
In a blog post Auriemma noted that current Samsung TVs can be controlled remotely via iPad, Android and other devices over a network. “The vulnerabilities require only the Ethernet/Wi-Fi network connected to be exploited so anyone with access to that network can do it,” he wrote. After the attack was launched, the TV was impossible to use or reset without a good deal of tinkering.
A second researcher, Gabriel Menezes Nunes, managed a similar exploit against a Sony Bravia TV, using a publicly available networking tool.
DOS attacks are one thing, but it would be far more serious if hackers were able to gain personal information, such as a credit card number, transmitted while a user was shopping on the Web via a TV. Some services let users share photos, and personal information, such as calendars and contacts. Are they secure?
I think it’s too soon to worry about putting a firewall around your TV. But one thing we’ve seen over the years is that hackers are attracted to platforms that are widely used. That’s why Windows is such a common target and why Macs were not targeted until Mac OS X became much more popular.
By 2016, 100 million homes in North America and Western Europe will contain television sets that blend traditional programs with Internet content, according to NPD In-Stat, a technology research firm. If you’re a hacker, that’s one juicy target.
Roger Grimes, a security researcher for Microsoft, and a blogger at our sister site, InfoWorld, says he had no trouble hacking into set top boxes of a major cable television provider. Grimes, who has dozens of computer certifications, put it very well in a recent post.
“The future of Web-connected TV is going to be just like today’s world. We’ll have global malware takeovers, constant patching of our TVs, DoS attacks, and all the other ugly stuff that comes with our always-connected world. In my line of work, job security is guaranteed.”
San Francisco journalist Bill Snyder writes frequently about business and technology. His work appears regularly in CIO.com and the publications of Stanford's Graduate School of Business and the Haas School of Business at the University of California at Berkeley. He welcomes your comments and suggestions.