Latest in Gear

Image credit: Paul J. Richards/AFP/Getty Images

Exploit attacks your smart TV through over-the-air signals

It only works in certain conditions, but you might not even notice.
1524 Shares
Share
Tweet
Share
Save

Sponsored Links

Paul J. Richards/AFP/Getty Images

Worries that someone could hijack your TV with a broadcast have been present for decades (ever see The Outer Limits?), and it's clear that they're not going away any time soon. Oneconsult security researcher Rafael Scheel has outlined an attack that can control smart TVs by embedding code into digital (specifically, DVB-T) over-the-air broadcasts. The intrusion takes advantage of flaws in a set's web browser to get root-level access and issue virtually any command. You only need to have a transmission powerful enough to reach compatible TVs, and at least one attack will work without revealing that something is wrong.

The technique is known to work on at least two recent Samsung models, and it's possible to alter the code to compromise other web-enabled TVs.

If there's a saving grace, it's the specificity of the attack. Only some countries use DVB-T, and fewer still support the hybrid broadcast broadband TV format (HbbTV) needed to make this work. The victim also needs to both be tuned into a DVB-T channel and have the TV connected to the internet. North Americans watching ATSC broadcasts have nothing to worry about right now, in other words, and you're also safe if you use a game console or media hub for your living room entertainment.

The discovery nonetheless underscores the importance of locking down smart TVs, which don't usually receive security updates as frequently as phones or PCs. It's one thing when hackers compromise individual TVs through conventional internet-only attacks, but it's that much more sinister when they can compromise multiple TVs within a certain range. Manufacturers will need to treat security as a higher priority if they're going to prevent attacks like this from happening in the real world.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1524 Shares
Share
Tweet
Share
Save

Popular on Engadget

Epic makes 10,000 lifelike photogrammetry assets free for Unreal Engine

Epic makes 10,000 lifelike photogrammetry assets free for Unreal Engine

View
Apple TV+'s head of scripted and unscripted shows has left the company

Apple TV+'s head of scripted and unscripted shows has left the company

View
Snap Spectacles 3 review: A better, more sophisticated novelty

Snap Spectacles 3 review: A better, more sophisticated novelty

View
Disney+ has arrived, here's everything you need to know

Disney+ has arrived, here's everything you need to know

View
Disney+ gets every 'Star Wars' movie in 4K, Dolby Vision and Atmos

Disney+ gets every 'Star Wars' movie in 4K, Dolby Vision and Atmos

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr