Security researchers have revealed how Smart TVs are vulnerable to drive-by hacking attempts commonly known as the ‘red button attack’ through interception of digital television signal rather that IP-based data.
Yossef Oren and Angelos Keromytis from the Network Security Lab at Columbia University have written briefly about their findings here.
The researcher duo used Hybrid Broadcast-Broadband Television (HbbTV) – a widely used standard in Europe for smart TVs. This standard is used in television sets that provide TV using digital terrestrial broadcasts and via broadband.
Further, the standard allows broadcast streams to include embedded HTML content, which is rendered by Smart TVs.
“Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely”, note Oren and Keromytis in the abstract of their paper.
“This enables a large-scale exploitation technique with a localized geographical footprint based on radio frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect.”
The duo claims that the attack isn’t complex to carry out and with a budget of just $450, an attacker can target as many as 20,000 devices in just a single attack. Researchers further claim that once the attacker is done, there is no trace of who carried out the attack.
Once the smart TVs are hacked into, they can be used to display messages sent by attackers; find vulnerable devices in home network; display advertisements of attackers choice; or in worst scenarios carry out DDoS attacks on a server located on the Internet.