A recent demonstration by a researcher proves that almost any Smart TV can be turned into a spying tool against you, and it’s almost impossible to detect the hack.
With the WikiLeaks’ release of the CIA’s hacking tools, it’s discovered that they can control Samsung’s smart TV and use it as a spying device, but in order to do that, they needed a physical connection and access in order to install their spyware.
Now, however, a new TV attack was developed by a security researcher Rafael Scheel. This OneConsult’s researcher has created his personal TV attack that allows you to use some of the rogue TV signals to get access to the TV. DVB-T (Digital Video Broadcasting-Terrestrial) signals can give any hacker root access on pretty much any smart TV out there, and that means that your TV can be turned into a spying tool at any time.
Scheel’s demonstration was presented at a security conference and it showed that no physical access is needed in order to use this method. Instead, a hack from the distance is a perfectly possible option, and since it operates in the background, the victim is not even aware that anything is going on.
Scheel believes that the center of the attack is HbbTV (Hybrid Broadcast Broadband TV), which is an industry standard, one supported by many TV manufacturers. Even other TV transmission technologies support HbbTV, DVB-T included.
It’s known that TV’s usually connected to a stronger signal, the cable providers transmit theirs from hundreds of miles away, and the rogue signal can be transmitted from a house or even a close city. Attackers can use the HbbTV standard to send commands that instruct TV’s to load malicious websites in the background.
There were two exploits that Scheel used to take over his TV. One of them was based on CVE-2015-3090, a zero-day that was leaked in 2015 by Hacking Team, and the other one allowed him access to the user’s firmware.
Since the data flows to the TV only, thanks to the DVB-T method, it’s pretty hard to even discover the attack. Scheel says that the only time that the attacker can be caught is while he’s transmitting the signal in real-time. It’s also discovered that the “backdoor” created by this method of hacking is impossible to remove and that not only the factory reset operation didn’t do the trick.