INTERNET CONNECTED TELEVISIONS could be targetted by drive-by hackers, according to research.
The exploit, referred to as a "red button attack" is a "man in the middle" exploit, but rather than targeting data transfer over IP, it intercepts the television signal from the TV broadcaster.
Since the digital switchover, sound, picture and accompanying data are transmitted using data packets, and so the same vulnerabilities apply.
Through attacking the interactive TV signal, malicious code can be damaging for anyone whose television is connected to the internet.
Particularly vulnerable would be hybrid televisions that offer a part IP, part broadcast service such as Youview or BT Vision via the HbbTV standard.
The exploit was discovered by two researchers from the Columbia University Network Security Lab, who plan to publish their findings in August.
At its simplest the attack, which could, for example, be the result of a drone carrying a counterfeit signal as it passes overhead, might spam the user with advertisements, but at worst, its payload could be used to hack devices, allowing other more serious malware to be installed.
Kaspersky Labs senior security researcher David Emm warned that TV broadcasters - and indeed all Internet of Things (IoT) organisations - should be wary. He said, "Providers need to ensure they are considering such security implications of new technology.
"When new technologies emerge, the focus tends to be on the positive benefits - how the technology will make people's lives easier - not enough focus is placed on the risks inherent in the use of the latest technology."
He warned that the danger is not limited to TV broadcast signals, adding, "Smart fridges, garage doors, car entertainment systems and electricity meters are all examples of new technology that all benefit from internet connectivity, but the extension of technology in this way also brings the possibility of more cyber-attacks."
Broadcast intrusions are nothing new. In 1987 two New York TV stations were overriden with a pirate broadcast by a man in a Max Headroom mask. The principles used there are equally applicable to a "red button attack".
The exploit, referred to as a "red button attack" is a "man in the middle" exploit, but rather than targeting data transfer over IP, it intercepts the television signal from the TV broadcaster.
Since the digital switchover, sound, picture and accompanying data are transmitted using data packets, and so the same vulnerabilities apply.
Through attacking the interactive TV signal, malicious code can be damaging for anyone whose television is connected to the internet.
Particularly vulnerable would be hybrid televisions that offer a part IP, part broadcast service such as Youview or BT Vision via the HbbTV standard.
The exploit was discovered by two researchers from the Columbia University Network Security Lab, who plan to publish their findings in August.
At its simplest the attack, which could, for example, be the result of a drone carrying a counterfeit signal as it passes overhead, might spam the user with advertisements, but at worst, its payload could be used to hack devices, allowing other more serious malware to be installed.
Kaspersky Labs senior security researcher David Emm warned that TV broadcasters - and indeed all Internet of Things (IoT) organisations - should be wary. He said, "Providers need to ensure they are considering such security implications of new technology.
"When new technologies emerge, the focus tends to be on the positive benefits - how the technology will make people's lives easier - not enough focus is placed on the risks inherent in the use of the latest technology."
He warned that the danger is not limited to TV broadcast signals, adding, "Smart fridges, garage doors, car entertainment systems and electricity meters are all examples of new technology that all benefit from internet connectivity, but the extension of technology in this way also brings the possibility of more cyber-attacks."
Broadcast intrusions are nothing new. In 1987 two New York TV stations were overriden with a pirate broadcast by a man in a Max Headroom mask. The principles used there are equally applicable to a "red button attack".
No comments:
Post a Comment