Experts find smart TV 'red button' vulnerability and put you at risk

A team from the Network Security Lab at Columbia University have researched a major flaw in the Hybrid Broadcast Broadband TV (HbbTV) standard, which is what defines the way broadcast streams are intertwined with Internet technologies.

Called the "red button" flaw because of the red button found on remote controls which usually switches on features associated with Internet TV, it allows hackers to gain access to your home systems and monitor you using relatively cheap equipment, making it a very dangerous threat to home network security.

Hackers using this flaw will be able to access the credentials that are stored in your smart TV, including those for social networks, e-mail and e-commerce websites, which would allow them to send out spam, perform fraudulent activities, initiate denial-of-service attacks and attack other devices that are connected to the home network.

An alarming characteristic of these attacks is that they do not need consent from the user, nor will the users be aware that the attacks are ongoing. The attack will continue as long as the smart TV is switched on. The hacker will also be untraceable, as he never needs to get on the Internet and release a source IP address or DNS server. As smart TVs gain more features, the viciousness of these attacks will only continue to get worse.

What's more, hackers don't need fancy equipment to attack a whole neighborhood.

"In a dense urban area, an attacker with a budget of about $450 can target more than 20,000 devices in a single attack," the abstract of the research paper on the flaw states.

In addition, attacks don't require the TV to be connected to the Internet, That's because the hacking is done using the digital broadcasts used by TV services such as Freeview.

"A unique aspect of this attack is that, in contrast to most Internet of Things/Cyber-Physical System threat scenarios where the attack comes from the data network side and affects the physical world, our attack uses the physical broadcast network to attack the data network," the abstract continues.

The "red button" flaw can be classified as a "man-in-the-middle" attack, intercepting TV signals from the broadcaster and injecting malicious code into it before it enters the smart TVs.

The HbbTV standard has been widely adopted in Europe and is on the verge of mass adoption in the U.S., as the standard has been added to ATSC standards in North America.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics