Smart TVs subverted by radio attack

Millions of smart TVs can be hijacked by burying attack code in signals broadcast to the net-connected devices, security experts warn.

The attack exploits loopholes in widely used technology that helps smart TVs receive tailored adverts.

Once hijacked, the TVs could be made to send messages on behalf of attackers, find other vulnerable devices in a home or launch other attacks across the net.

Detecting and stopping the attack would be difficult, said the researchers.

The attack uses the Hybrid Broadcast Broadband TV (HbbTV) standard that is widely supported in smart television sets sold in Europe.

The HbbTV system was designed to help broadcasters exploit the internet connection of a smart TV to add extra information to programmes or so advertisers can do a better job of targeting viewers.

But Yossef Oren and Angelos Keromytis, from the Network Security Lab, at Columbia University, have found a way to hijack HbbTV using a cheap antenna and carefully crafted broadcast messages.

"For this attack you do not need an internet address, you do not need a server," Mr Oren told Forbes, external. "You just need a roof and an antenna and once you are done with your attack, there's completely no trace of you."

By exploiting loopholes in HbbTV, smart TVs could be hijacked by attackers and used to do anything their real owners would do.

For instance, the researchers said, if owners had logged in to Facebook via a TV app, the attack could be used to post messages on the social network on that person's behalf.

Alternatively, wrote the researchers in a paper, external, the loopholes could be used to bombard a target website with data or to log spurious votes or clicks.

It could also be used to scan devices inside a home network for vulnerabilities or display on-screen notices asking for credit card or other sensitive information.

In areas where lots of people owned smart TVs, a $250 (£150) antenna could reach thousands of people, said Mr Oren. A bigger antenna could extend the reach of the attack considerably, he added.

Millions of smart TVs use HbbTV across Europe, and more than 60 broadcasters in the region have signed up to use the technology.

Mr Oren said the standards body that oversaw HbbTV had been told about the security loophole. However, he added, the body did not think the threat from the attack was serious enough to require a re-write of the technology's security.