Smart TVs are vulnerable to attacks

HITBSecConf2019 - The 10the annual HITB Security Conference in The Netherlands - Trainings, Conference track and Haxpo exhibition. Register now.

Home entertainment has expanded beyond the traditional television. Modern TV sets are very similar to a desktop computer: they have a processor, memory, a hard disk and some sort of an operating system running.

Most of them run a stripped down version of Linux, UNIX or Windows. The OS provides access to a network and other services such as image/video/audio decoding. Some of the more expensive models have full-blown browser implementations.

They are now constantly connected to the Internet and offer a wide range of online services such as videos, music, online shopping and various web services. All these connections use communication protocols, which need to be tested and proofed in order for them to be secure.

Codenomicon robustness tested six well-known TV manufacturers’ top model smart TVs. The bad news is that none of them cleared all of the tests where critical communications protocols were scrutinized.

“It was disappointing to discover that so many of name-brand TVs crashed with video and DVB protocols, when those are the core functionalities in the TVs. The potential for vulnerabilities in these devices is relatively high, and the threat scenarios increase as the smart TVs become more and more popular in regular households”, said security specialist Rikke Kuipers

Codenomicon will not disclose any details of the vulnerabilities in order to protect the users of those devices.

The complete paper including details is available here.