On March 22, Rafael Scheel, senior penetration tester and security researcher at cybersecurity firm Oneconsult AG, gave an “Introduction to IoT cybersecurity” live demo to the European Broadcasting Union, in which he demonstrated how TV stream signals could be used to hack smart TVs. Scheel claimed that 90 percent of TVs sold in 2016 were victims of such attacks.
"Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways. Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV's camera and microphone," Scheel told Ars Technica on Saturday.
The new hack, which surfaced in media reports Saturday, showed that your smart TV could be hacked without the hacker having any physical proximity to the device. All that is needed to hack a smart TV is a low-cost transmitter, which the hacker can use to send out malicious TV signals, which will be transmitted to nearby smart TVs.
Hackers can access the smart TVs using two flaws in web browsers, which run in the background and provide them with root access privileges to the device. According to Scheel, a wide range of smart TVs were vulnerable to the hack, including Samsung smart TVs, with the latest software update.
Smart TVs are also vulnerable because a majority of them use a terrestrial transmission standard, which is also usually used by other TVs, and have at least one critical vulnerability, which could be easily exploited by hackers. Such a hack could survive reboots and factory resets of smart TVs.
The hack is way more advanced than recent ones such as the "Weeping Angel" since it doesn’t need physical proximity to the device. Weeping Angel was revealed by WikiLeaks in March and supposedly developed by the CIA’s Embedded Devices for using Samsung TVs to spy on citizens.
The vulnerability also raises questions over the Internet of Things network strategy, which provides a large network access to devices, but security for the system hasn’t been ramped up properly to prevent such attacks.