You may want to consider the security of the fancy new 55-inch high-def LCD Television that Santa Claus brings you. Surprise, surprise, surprise they may have security holes that could allow hackers to take over your home network. Consumer appetite for on-demand and online video content will drive sales of Internet-connectable TV devices to nearly 350 million units worldwide by 2015 reports ITnewsLink.
Parks Associates’ Connected Living Room: Web-enabled TVs and Blu-ray Players forecasts worldwide sales of Internet-connectable HDTVs, Blu-ray players, game consoles, and digital video players like Apple‘s (AAPL) Apple TV will grow about fourfold from 2010.
Parks Associates says all major manufacturers are debuting new models with innovations in content aggregation, apps development, and user interfaces. Content options are finally catching up to the hardware innovations, and growing libraries of on-demand movies and TV available are starting to unlock the potential of connected TV devices as multifunction online entertainment and communications platforms.
The growth of these devices will increase opportunities for apps developers – including third-party developers and giants such as Google (GOOG), Samsung, and Yahoo (YHOO), and one other group, hackers.
Mocana, a company that focuses on securing the “Internet of Things”, released a study that highlights digital security flaws in Internet-connected HDTVs reports ITnewsLink. The Mocana researchers believe that the security flaws exist in many Internet TVs and recommend that consumers seek out third-party security tests before they purchase and install them in their homes.
Mocana’s CEO Adrian Turner told ITnewsLink: “…manufacturers are rushing Internet-connected consumer electronics to market without bothering to secure them … consumer electronics companies that might lack internal security expertise should seek it out, before connecting their portfolio of consumer devices to the Internet.”
Mocana’s research shows that attackers may be able to leverage Internet-connected TVs to hack into consumers’ home networks. Researchers found that the Internet interface failed to confirm script integrity before those scripts were run. Mocana was able to show that JavaScript could then be injected into the normal data stream, allowing attackers to obtain total control over the device’s Internet functionality. As a result, an attacker could intercept transmissions from the television to the network using common “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques. The security holes could allow attackers to:
- Present fake credit card forms to fool consumers into giving up their private information.
- Create a man-in-the-middle attack on the HDTV to dupe consumers into thinking that “imposter” banking and commerce websites were legitimate.
- Steal the TV manufacturer’s digital “corporate credentials” to gain special VIP access to backend services from third-party organizations including popular search engines, video streaming, and photo sharing sites.
- Monitor and report on consumers’ private Internet usage habits without their knowledge.
The flaws Mocana uncovered should raise questions about the security of consumer electronics in general-which manufacturers are scrambling to connect to the Internet, often with little or no security technology on board.
Mocana’s CEO Adrian Turner continued: “While much public discussion … on the recent explosion of smartphones … the vast majority of new devices coming onto the Internet aren’t phones at all: they are devices like television sets, industrial machines, medical devices, and automobiles – devices representing every conceivable industry. And the one thing that all these manufacturers have in common is that, unlike the computing industry, they don’t have deep experience in security technology.”
Related articles
- Microsoft Already Won The Battle For The Living Room When Nobody Was Looking (tarpon.wordpress.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.