Smart TVs are vulnerable to hacking with 'red button attack'

show ad

Rounded up to be killed: ISIS seizes dozens of Iraqi soldiers and drives them to desert to be shot in revenge for commander's death
NBC golf analyst and his driver in unseemly fracas at the US Open as sports channel employee is arrested for running cop over with a GOLF CART
U.S. Army appoints General to lead investigation into Bowe Bergdahl's desertion and capture by the Taliban
BREAKING NEWS: Radio legend Casey Kasem dead at age 82
Chelsea Manning claims government secrecy means it is IMPOSSIBLE for Americans to know the truth about US wars and accuses government of lying about Iraq in controversial New York Times op-ed
American woman, 24, 'was raped in Brazil after watching Australia-Chile World Cup match'
EXCLUSIVE: Jagger's lover is a ballet dancer 43 years his junior... and they met two weeks BEFORE L'Wren's sad suicide
Today's fathers spend seven times as much time with their children than they did 40 years ago - when it was roughly five minutes a day
Denying climate change is like saying the moon is made of cheese, argues Obama as he takes on global warming deniers at commencement speech
Smiling assassin of Iraq dubbed the Desert Lion who has reputation for roadside executions enjoys his role as the poster boy for jihad
How Isis have rampaged towards the capital: A blow by blow account of how Islamist militants outnumbered 20-to-1 by the army cut through huge swathes of Iraq
'I'll see you guys in New York:' US commander who was ordered to hand captured ISIS leader-to-be to Iraqis in 2009 reveals chilling parting words of fanatic who is leading extremist march on Baghdad
Basketball courts built by the Americans remain, but expensive military hardware left to the Iraqi army by the US lies burnt and charred
Don't blame me for meltdown in Iraq: Astonishing 'essay' by former British Prime Minister Tony Blair who says Obama quit too soon
'Jessica Simpson's $18,000 make-up rider, Dennis Rodman's 28 near-no-shows and a drunk Quentin Tarantino': Insider releases tell-all book about celebrity 'divas' backstage on the Tonight Show
Three teens including two siblings killed in horror hit-and-run on their way home from a party
Eight-year-old boy who dreamed of being a pilot dies two days before Father's Day in crash during plane ride which was a treat from a family friend
Family's outrage as 3-year-old left with facial injuries after being mauled by a pit bull is thrown out of KFC by employee who said her face was 'scaring the other diners'
'They were trying to kill me!' Former D.C. Mayor Marion Barry claims HE was the victim in infamous 1990 crack cocaine bust
Border Patrol union under fire for 'racist' tweet listing 'burrito wrapping' as part of new job description after photos revealed sub-human conditions in which immigrant children are kept
'I did NOT cheat my way to the crown!': Miss USA winner Nia Sanchez denies claims she faked a move to Nevada in order to win pageant
'At my age I don't have much to lose': Pope Francis ditches the bulletproof Popemobile which has protected pontiffs since 1981
Pope Francis claims global economy is close to collapse and describes youth unemployment rates as an ‘atrocity’ in damning message
'Dad stop it!': Vegas-bound flight diverted after man has meltdown and lunges at cabin crew in front of his own horrified children

Researchers at Columbia University claim smart TVs can be hacked
So-called hybrid TVs can be hijacked using a $250 (£150) 1-watt transmitter
The scientists are set to discuss the exploit in a paper later this year
They claim attackers could get access to viewers' internet accounts
They could then post on Facebook, write fake reviews, and much more

Published: 04:36 EST, 9 June 2014 | Updated: 10:12 EST, 9 June 2014

View
comments

A team of scientists at Columbia University claim hybrid smart TVs that blur the line between televisions and the internet are vulnerable to a simple hack.

Coined the ‘red-button attack’ - named after the red button used on modern smart TV remotes to access additional content - the flaw can be exploited with just a $250 (£150) transmitter.

In just minutes, someone using a smart TV could find their various internet accounts sending spam, printing coupons and writing fake reviews without their knowledge.

Hackers could, in theory, also use these accounts to harvest personal information.

Scroll down for video

Scientists at Columbia University have revealed how modern hyrbrid smart TVs (stock image shown) are vulnerable to an attack that was not previously known. Dubbed the 'red button attack', hackers could hijack broadcasts to access a viewer's various connected internet accounts, including Facebook

Yossi Oren and Angelos Keromytis from the Network Security Lab have outlined their research in a paper set to be released later this year.

The hack is apparently remarkably easy to perform.

HOW DRONES CAN ALSO STEAL YOUR IDENTITY

Experts in London recently proved it's possible to use drones to steal data.

They modified an aircraft capable of tapping into a phone's Wi-Fi settings.

Once it had access, it was able to read and steal personal information.

Called Snoopy, the drone takes advantage of smartphones that actively search for networks.

From this it can also see networks those devices have accessed in the past.

During tests, hackers exposed credit card information and passwords.

According to Forbes, it would occur while someone is watching TV and would be over in just 12 minutes.

More...

The attack works by exploiting a vulnerability in Hybrid Broadcast-Broadband Television (HbbTV).

This ‘allows broadcast streams to include embedded HTML content which is rendered by the television,’ the researchers wrote in their paper.

‘This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard.’

The hacker would then, in essence, take over the channel a viewer was watching for a short amount of time.

This would be done by using a simple amplifier, costing as little as £150 ($250) on a rooftop to hijack networks across an area of 0.5 square miles (1.4 square kilometres).

Alternatively, a transmitter could also be placed on a drone, which could hover outside the windows of houses to hijack TVs.

In doing so, the hacker would have access to any websites the viewer was logged into on their smart TV.

This could range from getting access to their Facebook accounts to writing fake reviews on websites for products.

The attack could be carried out by attaching a small and cheap transmitter to a drone (stock image shown) and then hovering outside a victim's window. The attackers could also set up a transmitter on a roof to potentially hijack tens of thousands of TVs across an entire city

HbbTVs broadcasts can be hijacked because they are not linked to a web server, which also makes attacks virtually untraceable.

‘This enables a large-scale exploitation technique with a localised geographical footprint based on radio frequency (RF) injection,’ the researchers continue.

This ‘requires a minimal budget and infrastructure and is remarkably difficult to detect.’

‘In a dense urban area, an attacker with a budget of about $450 (£270) can target more than 20,000 devices in a single attack.’

There are a number of possible solutions. The most drastic includes cutting all internet access to smart TVs.

Alternatively, broadcasters could begin to integrate smart TVs into a network that could see if they are being hijacked by monitoring for high spikes in signal strength.

Perhaps the most simple solution, though, would be to have a confirmation box pop-up on screen when a viewer’s smart TV is trying to open an app such as Facebook.

This, however, would detract from the current seamless and smooth integration between TV and internet favoured by companies at the moment.

WHY THE RISE IN 'SMART' DEVICES MIGHT BE A PROBLEM

'This potential attack method isn't related specifically to the use of the red button on a TV remote specifically, but to any interaction with a smart TV,' says David Emm, senior security researcher at Kaspersky Lab in Russia.

'Such an attack would effectively be a "man in the middle" attack, with hackers placing themselves between the consumer and the broadcaster and injecting their own, bogus information into the broadcast stream - for example, fake adverts and other content.

'After hacking the radio signal, hackers "become the broadcaster" and even have the ability to hack into anything sent or received by the consumer.

'One problem with such an attack is that, since it would involve hacking into the radio signal through the use of an antenna, it would be difficult to track down the attackers.

'It’s reminiscent of someone sniffing the traffic on a public Wi-Fi hotspot or setting up a fake one.

'Providers need to ensure they are considering such security implications of new technology.

'When new technologies emerge, the focus tends to be on the positive benefits - how the technology will make people's lives easier - not enough focus is placed on the risks inherent in the use of the latest technology.

'Smart fridges, garage doors, car entertainment systems and electricity meters are all examples of new technology that all benefit from Internet connectivity, but the extension of technology in this way also brings the possibility of more cyber-attacks.'

Red Button Flaw Exposes Major Vulnerability In Millions of Smart TVs

MOST WATCHED NEWS VIDEOS

Comments (55)

Share what you think

View all

The comments below have not been moderated.

Plebeian, Plebsville, United Kingdom, 3 days ago

"My" LG was smart until it was found that LG were using these devices to snoop. It's now just a large dumb screen with a sometimes wired connection. Be smart and buy dumb, control the stuff you own.

Click to rate

professor_plum, ukville, 4 days ago

Let me guess, we'll need special TV antivirus software and a firewall. Yours for only £40.

Click to rate

ComeOnNow, London, United Kingdom, 4 days ago

With all the other gadget people have in their homes, I really cant see the point of Smart TV's!

Click to rate

Mad Dog, Great Britain, United Kingdom, 5 days ago

I wouldn't use a smart TV for anything other than YouTube and catch up TV. If you want easy access to the internet buy a tablet or smartphone.

Click to rate

JUSTMYOPINION, Canyon Lake Texas, United States, 5 days ago

Nothing is safe anymore. Last week I bought a new pack of jockey under ware and when I put on the first pair I swore I felt a distinct humming in the material of the crotch. I looked up and I'll be damned if there wasn't a drone flying over my house at that very moment. I just scratched my head and wondered what information the government got from that?

Click to rate

jhope46, norwich, United Kingdom, 5 days ago

Simple pop the back off ur smart tv unplug the multi plug for the camera and mic put backtogether dnt use facebook twitter ect problem solved if ur tv ever goes fauly pop the back off plug it back in they wont no its been touched make sure u block statistic data on the router so they cant track what ur watching