{"title":"Watch and be watched: Compromising all Smart TV generations","authors":"Benjamin Michéle, Andrew Karpow","doi":"10.1109/CCNC.2014.6866594","DOIUrl":null,"url":null,"abstract":"Smart TVs are slowly becoming ubiquitous in households and offices, offering an ever-growing number of features such as Internet access, media players, and built-in cameras and microphones. They are physically placed in sensitive locations and connected to trusted home and business networks. These TVs use the same operating systems and software stacks as regular PCs, leaving them vulnerable to similar software-based attacks. Even worse, security updates are provided much less frequently and stop completely after the TV has reached end-of-life. Furthermore, as these systems are closed, it is nearly impossible for end users to examine if the TV is vulnerable or if it has been compromised. This paper demonstrates that Smart TVs in their current state must not be considered trustworthy and therefore pose a severe security and privacy threat. We show that the integrated media player - a feature offered on nearly every Smart TV on the market, ranging from entry level to high end models and regardless of the vendor - is highly vulnerable. We developed a practical proof-of-concept attack using a malicious video file that gives an attacker permanent, full control over the device, yet is completely undetectable by the user. Furthermore, we provide fully functional payloads for stealthily tapping into a TV's camera and microphone.","PeriodicalId":287724,"journal":{"name":"2014 IEEE 11th Consumer Communications and Networking Conference (CCNC)","volume":"37 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"47","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 11th Consumer Communications and Networking Conference (CCNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCNC.2014.6866594","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 47
Abstract
Smart TVs are slowly becoming ubiquitous in households and offices, offering an ever-growing number of features such as Internet access, media players, and built-in cameras and microphones. They are physically placed in sensitive locations and connected to trusted home and business networks. These TVs use the same operating systems and software stacks as regular PCs, leaving them vulnerable to similar software-based attacks. Even worse, security updates are provided much less frequently and stop completely after the TV has reached end-of-life. Furthermore, as these systems are closed, it is nearly impossible for end users to examine if the TV is vulnerable or if it has been compromised. This paper demonstrates that Smart TVs in their current state must not be considered trustworthy and therefore pose a severe security and privacy threat. We show that the integrated media player - a feature offered on nearly every Smart TV on the market, ranging from entry level to high end models and regardless of the vendor - is highly vulnerable. We developed a practical proof-of-concept attack using a malicious video file that gives an attacker permanent, full control over the device, yet is completely undetectable by the user. Furthermore, we provide fully functional payloads for stealthily tapping into a TV's camera and microphone.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
