General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | 3 | 4 | (show all)   Print Thread
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 17:52:28
Print Post

Re: TV hijacking


[re: MHC] [link to this post]
 
In reply to a post by MHC:
If it is a "Smart TV" that can download apps such as iPlayer, 4OD, GoogleMaps, Facebook Twitter ... and whatever else, then there is always the possibility that one of the front-line apps could contain inappropriate code that may turn the TV into a monitoring device, or force access to the LAN ...
The apps typically on Smart TVs are limited somewhat, the general use case of installing Netflix or iPlayer is not going to cause a bunch of issues.

Add to the fact the CVEs against Sony TVs are incredibly low:
https://www.cvedetails.com/vulnerability-list/vendor...

I stand by the PCs are a much greater risk, even with the Kaspersky AV.
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 17:55:08
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
There is a listing of known vulnerabilities here against Sony Bravia TVs:

https://www.cvedetails.com/vulnerability-list/vendor...

Compare this with Windows 7:
https://www.cvedetails.com/vulnerability-list/vendor...

Now you know why you need to have Kaspersky on your PC, whereas it is not on the TV.
Standard User Michael_Chare
(fountain of knowledge) Mon 28-May-18 22:18:19
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
Depends on the resources of those doing the hijacking. There are those that can make centrifuges in Iran shake themselves to bits.

TVs with microphones could be targets as explained here.

Michael Chare


Register (or login) on our website and you will not see this ad.

Standard User ukhardy07
(knowledge is power) Mon 28-May-18 22:32:05
Print Post

Re: TV hijacking


[re: Michael_Chare] [link to this post]
 
Depending how much you believe, they are already in your modem smile

I will let you research on that one if you have some time.

I understand the attack vectors, I've been a guy on the front end doing pentesting and PCI pentest + segmentation testing. I just think for your standard home user, it's unlikely to occur on a smart TV.

This does not mean NSA etc have not done something, it is widely publicized they have routes into Samsung Smart TVs.

Put another way, whilst feasibly possible we need to be realistic, are most home users TVs compromised - no? Nothing will ever be totally secure, in the grand scheme of things, it's not a significant risk.

Take a major national bank, they rolled out these TVs all over the shop. Risk was marked as "informational" not even a low due to practically no vulnerabilities in the wild.

Edited by ukhardy07 (Mon 28-May-18 22:33:31)

Standard User ian72
(eat-sleep-adslguide) Tue 29-May-18 09:19:07
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
In reply to a post by Malwaremike:
having read stories about CCTV cameras etc being open to attack
The main reason CCTV cameras are "open" to attack is that in general they are sending the video feed to the Internet (so people can access from their phones/off site web browsers) and they haven't changed the default password. The vast majority of cameras would be fine if people just changed the password to something secure.
Administrator MrSaffron
(staff) Tue 29-May-18 10:04:19
Print Post

Re: TV hijacking


[re: ian72] [link to this post]
 
Many models also operate their own small web server so prime for someone to upload something to and then have it do something.

If the camera was ONLY pushing a video stream to a manufacturers website for storage/viewing there would be a lot smaller risk footprint.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Oliver341
(eat-sleep-adslguide) Tue 29-May-18 11:58:08
Print Post

Re: TV hijacking


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
If the camera was ONLY pushing a video stream to a manufacturers website for storage/viewing there would be a lot smaller risk footprint.

Whilst that's true, a lot of the companies making those cameras are small Chinese brands no-one has heard of who could disappear at any time along with their website, and the camera would become useless for remote viewing.

Oliver.
Administrator MrSaffron
(staff) Tue 29-May-18 12:20:58
Print Post

Re: TV hijacking


[re: Oliver341] [link to this post]
 
And there is your IOT, smart TV conundrum security that is better is possible but at what cost.

e.g. on smart TV it may mean paying for secure certificates for a long time i.e. signed code updates

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Malwaremike
(committed) Tue 29-May-18 19:01:27
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
Our TV has some installed apps, including Netflix, iPlayer, Five, Youtube, News and similar, but we don't use them except iPlayer and then maybe once in a couple of months. We certainly don't access the internet on TV, far too slow for a start! I'll continue on these lines, thanks again for the advice and interesting comment.

My long-standing paranoia for matters tech began some 20 yrs ago when a relative lost £500 from a bank's ATM. He could not have taken it himself as he and his family were 1000 miles away with us for that week. The bank said that such a phantom withdrawal could not possibly happen, he must have loaned his card and details to someone else. Even though he used his card to buy us dinner 1000 miles away within two hours of the phantom withdrawal. He was repaid a couple of years later when the banks were flooded by similar complaints. Now I enjoy instant online banking from my armchair what could possibly go wrong?
Standard User Vorlon
(fountain of knowledge) Thu 31-May-18 00:35:47
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
I found the same with a newish Samsung Smart TV. I was taken back by the amount of agreements that initially appeared to need agreeing to. This time If i remember correctly there were 4 separate agreements which was more than any previous Smart TV I had purchased. So I decided to disagree to them all and to see what worked and what didn't. I guess in theory the TV should basically work just like a non Smart TV with no agreements agreed to.

However, surprisingly I do remember that the things I did check seemed to work without issue.
It's a few months ago now so the exact details I'm unsure of. One thing I did find (as I guess will be the same with many) is the last thing you want is to read and faff around with deciding on if you agree or disagree to something when the exciting bit (well for me anyway - since I was a bench engineer) is seeing how good the picture and sound are.

It would be good if there was a paper "note" with a brief description as to why you need to agree to each of the TV's separate agreements.

As per Michael Chare post, I believe two of the large TV companies had complaints about their Voice search facilities, basically "listening" to other chit chat before a key word was spoken. Then this info would be returned to their servers.
These are the sort of things that I believe have been classed as a security issue and something to be aware of.

On the Internet side I just use the Lan connection connected to an Internet switch as I found that at peak times there was too much WiFi interference between different flats in the small block I live in. I even purchased MetaGeek's Inssider software to get a clear visual display of competing WiFi signals in my vicinity.
What would happen is that my Tv's Wifi connection would fall back to a slower connection speed until it was stable. With Amazon Video that meant usually moving from 1080 to 720 resolutions.

Edited by Vorlon (Thu 31-May-18 00:46:27)

Pages in this thread: 1 | [2] | 3 | 4 | (show all)   Print Thread

Jump to