IoT and Personal Security: Drones Can Hack Into Your Smart TV
Here’s an IoT and personal security fact: Hackers can commandeer televisions and broadcast stations? An over-the-counter drone and some easily accessible know-how are all it takes.
Are you vulnerable? Would you recognize a phishing scam delivered via television?
Iot and Personal Security: Using Drones to Hack Smart TVs
At a recent Defcon conference, security researcher Pedro Cabrera demonstrated how he transformed a commercially available DJI quadcopter into a smart TV hacking tool. He hovered the drone, armed with a software-defined radio, near a TV antenna. Then, with a few clicks, he took over the screen and displayed his video.
Changing a neighbor’s channel may be harmless, but hackers use the tactic for nefarious ends, like deploying deceptive phishing scams designed to resemble trustworthy manufacturer messages. They capture passwords, track user activity, and even run crypto-mining software without owners’ awareness, much less consent.
Cabrera warned:
“The lack of security means we can broadcast with our own equipment anything we want, and any smart TV will accept it. The transmission hasn’t been at all authenticated. So this fake transmission, this channel injection, will be a successful attack.”
“We could also design this attack to cover a whole town, or even a whole country.”
The Defcon presenter further explained that hijacking a nearby television doesn’t even require a drone, just a strategically placed amplifier. “If I want to target my neighbor, the easiest way is with an amplifier and a directional antenna,” explained Cabrera. “And then for sure my signal will be received [more strongly] than the original one,” he added. “In this case, the attack is just a matter of range and amplifiers.”
Europe’s HbbTV Standard is Especially Vulnerable
At Defcon, Cabrera touched on the differences between TVs that use the HbbTV (Hybrid broadcast broadband) standard and the ATSC one. The former is prevalent in Europe, the latter in North America. HbbTV systems pull data from URLs, rendering them more vulnerable to Cabrera’s method.
The main take away is that hacked smart TVs are the next scam frontier. Now that people are savvier when it comes to recognizing email scams, cyber criminals are moving on to TV-hacking schemes. Note that TV manufacturers show no signs of abandoning the HbbTV protocol, against which security researchers have long cautioned.
So it’s up to you. You are responsible for locking down your TV and PC.