A PoC shows the future dangers for smart TV sets

Nov 25, 2015 08:07 GMT  ·  By

Many cyber-security vendors view ransomware as 2016's biggest threat, and to help drive this point home, a Symantec security researcher demonstrated how easy it can be to infect smart TVs and how hard it can be to clean the infection afterwards.

The researcher did not reveal the TV's make and model but said it was running a modified version of Google's Android operating system, which many brands also use for their smart TV products.

To infect his TV, Symantec's Candid Wueest used a common ransomware family that targets Android devices. This ransomware shows an annoying ransom note every few seconds, overlaying the message on top of the screen, making the device inoperable.

Most Android ransomware works on Android OS-based TVs

Mr. Wueest says that infection of his device was made possible due to the lack of SSL encryption for sensitive communications between the TV and remote servers, used for app installs or firmware updates.

With a simple MitM (Man-in-the-Middle) attack, the researcher placed the ransomware on his device by spoofing a game installation package. The ransomware installation didn't encounter any roadblocks and soon took root on the device, blocking the user from using it.

After installing the ransomware, Mr. Wueest then studied methods to have it removed. His quest was not as successful as he wished, and he found that the ransom note made it almost impossible to carry out a factory reset, start a support session with the TV maker's support staff, or execute other operations.

He was eventually able to remove the ransom note, but only because he had activated the ADB (Android Debug Bridge) tool before installing the malware. This tool allowed him to connect the TV to a laptop and remove the ransomware from there.

Other types of malicious attacks are also possible on smart TVs

Besides ransomware, Symantec says that smart TVs are also vulnerable to other types of threats. Attackers can hijack smart TVs to perform click fraud, crypto-currency mining, steal user personal data, extract various authentication credentials used by smart TV apps, or even add the TV to a DDoS botnet.

To prevent malware from infecting smart TVs or stop malicious actors from carrying out other types of attacks, Mr. Wueest provided a series of mitigation techniques that smart TV owners can employ.

Some of the most useful tips recommend that users always keep their TV's software updated to the latest version, that they disable features that they don't use, and only install apps from verified sources. Additionally, users should enable app verification in the TV's settings, inspect the TV's built-in security settings, and turn up the defensive features to max, and always disable remote access to the TV when not needed.

MitM attack on smart TVs
MitM attack on smart TVs

Ransomware on smart TVs (3 Images)

Smart TV infected with ransomware
MitM attack on smart TVsUpdate Denial attack on smart TVs
Open gallery