Internet TVs can be hacked, security expert warns

 

Porn streamed to supposedly wholesome family channels; the theft of customers' personal data; and other nasty tricks loom as possible threats from hackers of Internet-connected TVs as such devices gain in popularity, a security expert warned this week.

 

Roger Grimes said Internet TVs are basically computers with always-on network interfaces, central processing units and storage and operating systems.

 

"The future of Web-connected TV is going to be just like today's world. We'll have global malware takeovers, constant patching of our TVs, DoS (denial of service) attacks, and all the other ugly stuff that comes with our always-connected world. In my line of work, job security is guaranteed," Grimes said in an article posted on PC World.

 

He said there is nothing in a computer built into a TV that makes it less vulnerable than today's personal computers.

 

Components like network interfaces, operating systems and even memory will likely offer hackers "a bounty of attack choices," he added.

 

But he also lamented that while Internet TVs can be made more secure than regular computers, manufactuers are not likely to do so, at least proactively.

 

"Can we make Internet TVs more secure than regular computers? Yes. Will we? Probably not. We never do the right things proactively. Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection," he said.

 

Grimes said he had hacked Internet-connected TVs before, when he and his team were paid to try and break into the world's largest cable television provider's set-top box, one of the first so-called IP TVs.

 

The set-top boxes, which are connected to regular TV sets, were simply a custom personal computer appliance running a specialized version of the BSD operating system.

 

He said his team's goal was to see if it could hack into the set-top box, steal customer personal information, pirate services, and launch denial-of-service attacks.

 

Grimes said he even added two personal challenges - to steal porn, one of the biggest revenue streams for cable companies; or force porn onto another TV watching family-oriented content, to make offended customers drop their service.

 

After finding vulnerabilities in the box, he said he and his team "owned" the box and rooted the entire cable system.

 

"It was an awesome day and week -- perhaps the most fun I've ever had professionally. Pen testing is always fun. But cracking your main target while pirating porn with your buddies and taking over the whole company? Priceless," he said. — TJD, GMA News