General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread
Standard User Malwaremike
(committed) Sun 27-May-18 15:45:18
Print Post

TV hijacking


[link to this post]
 
With the ever-increasing number of online scams I was rather taken aback to buy a new TV and find a swathe of permissions being demanded by Sony. They require the right to note all sorts of stuff, such as browser and other tech details. The TV updated itself twice in the first three days.

Could some of our learned contributors say whether the TV's ethernet connection through my Plusnet router could be used to obtain access to the rest of my network, comprising two PCs and two iPads on wifi? And if so, what can I do about it?
Standard User caffn8me
(eat-sleep-adslguide) Sun 27-May-18 20:12:12
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
You could put your television on a separate VLAN if that's possible

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User robertcrowther
(committed) Sun 27-May-18 21:03:00
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
I stopped buying Sony products years ago. You can buy other brands which offer the same (often better) functions and abilities for much less than what you would pay for Sony products.

If you use a firewall on both your router and computers and also have at least a basic security software on your devices then you should be fine. People only tend to get problems when visiting dodgy websites.


Register (or login) on our website and you will not see this ad.

Standard User bowdon
(committed) Sun 27-May-18 22:15:19
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
I recently attempted to buy a new Sony tv and was suprised by how much the interface now relies on their built in OS.

It ended up getting an audio fault on the HD channels so I sent it back and eventually got an LG tv, which is a lot better when it comes to the interface. It's not as integrated as the Sony tv seems to be.

Demon => Freeserve => Pipex => Be => Sky => BT Infinity 2
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 01:54:57
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
I do not really follow the question.

If you use a standard router by an ISP, the TV is NATd behind a firewall, and hence is not directly internet facing at any point. It is only visible to the devices in your home e.g. your iPad can talk to the TV... Nobody from the outside world can scan the internet and see your TV, they would merely see any ports you have opened to the outside world.

I see no problem having a TV, 2 PCs and 2 iPads on the same network. In general, the largest attacks focus on PCs since these have the greatest user base, and generally then, the pivot into a home network environment is a user going on something suspicious e.g. free video streaming etc.

I fail to see how a Sony TV being on a network will compromise 2 ipads and 2 PCs unless you are doing something seriously suspect with the Sony TV, I can't even think of any examples.
Administrator MrSaffron
(staff) Mon 28-May-18 10:05:55
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
Any device on a LAN has the potential to compromise other devices, hence why your LAN devices should run their own firewalls

Much more likely that a wrong click on a device you own or someone in household owns will lead to malware and a nasty payload.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Malwaremike
(committed) Mon 28-May-18 11:09:30
Print Post

Re: TV hijacking


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
Any device on a LAN has the potential to compromise other devices, hence why your LAN devices should run their own firewalls

This is what I was worried about, having read stories about CCTV cameras etc being open to attack. I should have added that each PC has Kaspersky IS updated daily, and we know not to click on links etc. Hopefully our new TV won't be the equivalent of leaving the back door unlocked frown
My electronic experience dates from 1953 when I bought one of the first germanium diodes for 12s 6d (62p) and hasn't advanced much since then, so many thanks everyone for your advice on this excellent forum.
Standard User Michael_Chare
(fountain of knowledge) Mon 28-May-18 11:28:35
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
The TV will quite likely make regular checks for updates. Essentially you have to trust that the firmware that it runs has not been compromised in someway.

Michael Chare
Standard User MHC
(sensei) Mon 28-May-18 14:49:35
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
If it is a "Smart TV" that can download apps such as iPlayer, 4OD, GoogleMaps, Facebook Twitter ... and whatever else, then there is always the possibility that one of the front-line apps could contain inappropriate code that may turn the TV into a monitoring device, or force access to the LAN ...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 17:49:03
Print Post

Re: TV hijacking


[re: Michael_Chare] [link to this post]
 
In reply to a post by Michael_Chare:
The TV will quite likely make regular checks for updates. Essentially you have to trust that the firmware that it runs has not been compromised in someway.

The Plusnet router itself makes regular checks for updates, we trust that the firmware has not been compromised in some way just fine. Likewise Windows checks for updates over Microsoft Update automatically, again we trust it. I see no issue with trusting the Sony updates, if anything the firmware upgrades are likely to patch security vulns if they exist.
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 17:52:28
Print Post

Re: TV hijacking


[re: MHC] [link to this post]
 
In reply to a post by MHC:
If it is a "Smart TV" that can download apps such as iPlayer, 4OD, GoogleMaps, Facebook Twitter ... and whatever else, then there is always the possibility that one of the front-line apps could contain inappropriate code that may turn the TV into a monitoring device, or force access to the LAN ...
The apps typically on Smart TVs are limited somewhat, the general use case of installing Netflix or iPlayer is not going to cause a bunch of issues.

Add to the fact the CVEs against Sony TVs are incredibly low:
https://www.cvedetails.com/vulnerability-list/vendor...

I stand by the PCs are a much greater risk, even with the Kaspersky AV.
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 17:55:08
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
There is a listing of known vulnerabilities here against Sony Bravia TVs:

https://www.cvedetails.com/vulnerability-list/vendor...

Compare this with Windows 7:
https://www.cvedetails.com/vulnerability-list/vendor...

Now you know why you need to have Kaspersky on your PC, whereas it is not on the TV.
Standard User Michael_Chare
(fountain of knowledge) Mon 28-May-18 22:18:19
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
Depends on the resources of those doing the hijacking. There are those that can make centrifuges in Iran shake themselves to bits.

TVs with microphones could be targets as explained here.

Michael Chare
Standard User ukhardy07
(knowledge is power) Mon 28-May-18 22:32:05
Print Post

Re: TV hijacking


[re: Michael_Chare] [link to this post]
 
Depending how much you believe, they are already in your modem smile

I will let you research on that one if you have some time.

I understand the attack vectors, I've been a guy on the front end doing pentesting and PCI pentest + segmentation testing. I just think for your standard home user, it's unlikely to occur on a smart TV.

This does not mean NSA etc have not done something, it is widely publicized they have routes into Samsung Smart TVs.

Put another way, whilst feasibly possible we need to be realistic, are most home users TVs compromised - no? Nothing will ever be totally secure, in the grand scheme of things, it's not a significant risk.

Take a major national bank, they rolled out these TVs all over the shop. Risk was marked as "informational" not even a low due to practically no vulnerabilities in the wild.

Edited by ukhardy07 (Mon 28-May-18 22:33:31)

Standard User ian72
(eat-sleep-adslguide) Tue 29-May-18 09:19:07
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
In reply to a post by Malwaremike:
having read stories about CCTV cameras etc being open to attack
The main reason CCTV cameras are "open" to attack is that in general they are sending the video feed to the Internet (so people can access from their phones/off site web browsers) and they haven't changed the default password. The vast majority of cameras would be fine if people just changed the password to something secure.
Administrator MrSaffron
(staff) Tue 29-May-18 10:04:19
Print Post

Re: TV hijacking


[re: ian72] [link to this post]
 
Many models also operate their own small web server so prime for someone to upload something to and then have it do something.

If the camera was ONLY pushing a video stream to a manufacturers website for storage/viewing there would be a lot smaller risk footprint.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Oliver341
(eat-sleep-adslguide) Tue 29-May-18 11:58:08
Print Post

Re: TV hijacking


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
If the camera was ONLY pushing a video stream to a manufacturers website for storage/viewing there would be a lot smaller risk footprint.

Whilst that's true, a lot of the companies making those cameras are small Chinese brands no-one has heard of who could disappear at any time along with their website, and the camera would become useless for remote viewing.

Oliver.
Administrator MrSaffron
(staff) Tue 29-May-18 12:20:58
Print Post

Re: TV hijacking


[re: Oliver341] [link to this post]
 
And there is your IOT, smart TV conundrum security that is better is possible but at what cost.

e.g. on smart TV it may mean paying for secure certificates for a long time i.e. signed code updates

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Malwaremike
(committed) Tue 29-May-18 19:01:27
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
Our TV has some installed apps, including Netflix, iPlayer, Five, Youtube, News and similar, but we don't use them except iPlayer and then maybe once in a couple of months. We certainly don't access the internet on TV, far too slow for a start! I'll continue on these lines, thanks again for the advice and interesting comment.

My long-standing paranoia for matters tech began some 20 yrs ago when a relative lost £500 from a bank's ATM. He could not have taken it himself as he and his family were 1000 miles away with us for that week. The bank said that such a phantom withdrawal could not possibly happen, he must have loaned his card and details to someone else. Even though he used his card to buy us dinner 1000 miles away within two hours of the phantom withdrawal. He was repaid a couple of years later when the banks were flooded by similar complaints. Now I enjoy instant online banking from my armchair what could possibly go wrong?
Standard User Vorlon
(fountain of knowledge) Thu 31-May-18 00:35:47
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
I found the same with a newish Samsung Smart TV. I was taken back by the amount of agreements that initially appeared to need agreeing to. This time If i remember correctly there were 4 separate agreements which was more than any previous Smart TV I had purchased. So I decided to disagree to them all and to see what worked and what didn't. I guess in theory the TV should basically work just like a non Smart TV with no agreements agreed to.

However, surprisingly I do remember that the things I did check seemed to work without issue.
It's a few months ago now so the exact details I'm unsure of. One thing I did find (as I guess will be the same with many) is the last thing you want is to read and faff around with deciding on if you agree or disagree to something when the exciting bit (well for me anyway - since I was a bench engineer) is seeing how good the picture and sound are.

It would be good if there was a paper "note" with a brief description as to why you need to agree to each of the TV's separate agreements.

As per Michael Chare post, I believe two of the large TV companies had complaints about their Voice search facilities, basically "listening" to other chit chat before a key word was spoken. Then this info would be returned to their servers.
These are the sort of things that I believe have been classed as a security issue and something to be aware of.

On the Internet side I just use the Lan connection connected to an Internet switch as I found that at peak times there was too much WiFi interference between different flats in the small block I live in. I even purchased MetaGeek's Inssider software to get a clear visual display of competing WiFi signals in my vicinity.
What would happen is that my Tv's Wifi connection would fall back to a slower connection speed until it was stable. With Amazon Video that meant usually moving from 1080 to 720 resolutions.

Edited by Vorlon (Thu 31-May-18 00:46:27)

Standard User ultra
(fountain of knowledge) Wed 13-Jun-18 22:56:47
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
In reply to a post by ukhardy07:
The Plusnet router itself makes regular checks for updates, we trust that the firmware has not been compromised in some way

One has the option to switch to some other router if one wishes... you only need to know the login details and (fortunately, on Plus.Net) they're easily found via the members portal.

---

If you run a business, have a second ISP and backup web hosting...
Standard User RobertoS
(elder) Thu 14-Jun-18 00:00:31
Print Post

Re: TV hijacking


[re: ultra] [link to this post]
 
In reply to a post by ultra:
One has the option to switch to some other router if one wishes... you only need to know the login details and (fortunately, on Plus.Net) they're easily found via the members portal.
Or in the information they post out to you on joining smile.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 71307/12780Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User ukhardy07
(knowledge is power) Thu 14-Jun-18 03:21:54
Print Post

Re: TV hijacking


[re: ultra] [link to this post]
 
In reply to a post by ultra:
In reply to a post by ukhardy07:
The Plusnet router itself makes regular checks for updates, we trust that the firmware has not been compromised in some way

One has the option to switch to some other router if one wishes... you only need to know the login details and (fortunately, on Plus.Net) they're easily found via the members portal.
In which case say you choose a Linksys, Netgear or a Cisco device, they all check for updates automatically now, again we trust the firmware has not been compromised in some way. Disabling this feature can be achieved, at which point you potentially expose yourself to a security vulnerability if you miss the latest firmware.

Point stands, most of our devices check for updates automatically, the risk here is minimal although yes a determined attacker can attempt a number of measures, for a standard home-user the risk is negligible.

Replacement of a device to avoid security updates by the application vendor is counterproductive since 1. It exposes you to security vulnerabilities and 2. It costs an amount of money to replace.
Standard User Malwaremike
(committed) Thu 14-Jun-18 12:41:55
Print Post

Re: TV hijacking


[re: ukhardy07] [link to this post]
 
Thanks again for all the info, I posted on the Plusnet forum re updating my PN router and Bob on support pushed me a firmware update within 24 hours. I was thinking everything was sorted as far as could be sorted, then I remembered that I bought the TV from Dixons, and Dixons have admitted that hackers have accessed the details of 5.9 million customers ... ever get the feeling that you just can't win? frown
Standard User robertcrowther
(committed) Thu 14-Jun-18 13:00:22
Print Post

Re: TV hijacking


[re: Malwaremike] [link to this post]
 
If you got your TV from Dixons, then don't worry as they went bust in 2014. If you had got it from PC World (they took over from Dixons demise) then that's another matter, but either way it's not going to effect the TV.
Standard User JohnR
(eat-sleep-adslguide) Thu 14-Jun-18 21:26:24
Print Post

Re: TV hijacking


[re: robertcrowther] [link to this post]
 
You will find Dixon retail went bust.....

http://www.dixonscarphone.com

Is alive and well smile

Just a play on names.

But as you say. Where you buy a TV from is not a issue.

\_0-0_/ AdsL is Hell \_0-0_/
To Infinity
Wats SUP doc.... You using too much.....
Standard User robertcrowther
(committed) Fri 15-Jun-18 09:57:41
Print Post

Re: TV hijacking


[re: JohnR] [link to this post]
 
In reply to a post by JohnR:
You will find Dixon retail went bust.....

http://www.dixonscarphone.com

Is alive and well smile

Just a play on names.

But as you say. Where you buy a TV from is not a issue.


https://www.cnet.com/news/dixons-disappears-as-dixon...

The link reports when Dixons went bye byes. Carphone Warehouse resurrected the name, but not the company. You could say the modern version of Dixons is the PC World stores, which trades under the name DSG Retail Limited. The DSG stems from the days of Dixons.

Edited by robertcrowther (Fri 15-Jun-18 10:06:43)

Standard User richi
(member) Sat 16-Jun-18 12:01:38
Print Post

Re: TV hijacking


[re: JohnR] [link to this post]
 
In reply to a post by JohnR:
You will find Dixon retail went bust.....
At the risk of epic thread drift, nobody went bust. Dixons bought Currys, then bought PC World, then merged with Carphone.

At several points, the company rationalised its consumer-facing brands, eliminating duplication. One of these moments was when they retired the high-street Dixons brand. Initially, the shops became Currys. The Dixons brand was retained for the online arm for a while, and also as duty-free shops. Latterly of course, everything became "Currys PC World."

(Things are different again in the Republic of Ireland.)

</drift>

3 km line on THTG: 17/1.2 Mb/s with Plusnet Business.
Previously: BT ISDN, Nildram, Plusnet, 186k, EFH, Be*, Plusnet (again), Pulse8, Sky.
Standard User robertcrowther
(committed) Sat 16-Jun-18 12:10:28
Print Post

Re: TV hijacking


[re: richi] [link to this post]
 
PC World and Dixons Carphone Wharehouse trade under two different company names despite the merger. In a normal merger only one company remains, but in this case it wasn't as Dixons had already called in the Administrators before the merger and therefore it technichly went bust.

PC World = DSG Retail Limited
Dixons Carphone Warehouse = Dixons Carphone plc

Edited by robertcrowther (Sat 16-Jun-18 12:15:41)

Standard User richi
(member) Sun 17-Jun-18 09:25:10
Print Post

Re: TV hijacking


[re: robertcrowther] [link to this post]
 
You're talking about Dixons Retail plc? As far as I recall, the Carphone merger was reported at the time as "of equals," and Dixons was profitable.

Are you sure you're not thinking of the Dutch retailer of the same name?

3 km line on THTG: 17/1.2 Mb/s with Plusnet Business.
Previously: BT ISDN, Nildram, Plusnet, 186k, EFH, Be*, Plusnet (again), Pulse8, Sky.
Standard User robertcrowther
(committed) Sun 17-Jun-18 09:43:09
Print Post

Re: TV hijacking


[re: richi] [link to this post]
 
See: https://www.bloomberg.com/research/stocks/private/sn...

Note the word "acquired" and not merged. Maybe you were not aware at the time that Dixons were having financial troubles.

http://www.digitalspy.com/tech/news/a389122/dixons-t...

As reported on digitalspy and other websites that Dixons had a long history of problems and which resulted in stores closing way before Carphone Wharehouse got involved.

Edited by robertcrowther (Sun 17-Jun-18 09:49:50)

Standard User richi
(member) Sun 17-Jun-18 11:45:34
Print Post

Re: TV hijacking


[re: robertcrowther] [link to this post]
 
Respectfully, if I'm looking for financial analysis, I'll go elsewhere.

It's no surprise that, even back in 2012, Dixons Retail was responding to the consumer preference shift to out-of-town.

It's also no surprise that some financial journalists/editors describe almost any merger as "an acquisition." This is often more about editorial style guides than an analysis of the two companies' balance sheets.

Expert sources described the proposal as "a merger of equals," (e.g., this analyst-reax piece).

And the final shareholder comp. reflected a merger of equals: "Dixons and Carphone shareholders will each own 50% of the combined group under the deal..."

3 km line on THTG: 17/1.2 Mb/s with Plusnet Business.
Previously: BT ISDN, Nildram, Plusnet, 186k, EFH, Be*, Plusnet (again), Pulse8, Sky.
Standard User robertcrowther
(committed) Sun 17-Jun-18 13:34:13
Print Post

Re: TV hijacking


[re: richi] [link to this post]
 
I do like the way you had a snub at financial journalists/editors, but then go on to use their material to try and back up your point of view especially considering the source is the left wing Guardian newspaper.
Standard User richi
(member) Sun 17-Jun-18 15:34:52
Print Post

Re: TV hijacking


[re: robertcrowther] [link to this post]
 
Either you didn't read what I wrote, or you're a troll.

Whichever it is, I shan't be feeding you.

3 km line on THTG: 17/1.2 Mb/s with Plusnet Business.
Previously: BT ISDN, Nildram, Plusnet, 186k, EFH, Be*, Plusnet (again), Pulse8, Sky.
Standard User robertcrowther
(committed) Sun 17-Jun-18 17:02:23
Print Post

Re: TV hijacking


[re: richi] [link to this post]
 
Your reply came off as dissiing my sources. Sorry if you got offended from me showing you from multiple sources that I was correct and I'm not a troll just because you could not understand something I was saying. No hard feelings
Standard User richi
(member) Sun 17-Jun-18 17:06:40
Print Post

Re: TV hijacking


[re: robertcrowther] [link to this post]
 
No food for you

3 km line on THTG: 17/1.2 Mb/s with Plusnet Business.
Previously: BT ISDN, Nildram, Plusnet, 186k, EFH, Be*, Plusnet (again), Pulse8, Sky.
Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread

Jump to