Researchers Expose Security Flaw in Internet-Ready HDTVs

Researchers at Mocana, a security technology firm in San Francisco, recently demonstrated the ease with which they could hack into a popular Internet-ready HDTV model. They exploited a vulnerability in the software that displays websites on the TV, allowing them to control the information sent to the television. This flaw enabled them to create fake screens for sites like Amazon.com, prompting users to enter their credit card details. Additionally, they could monitor data sent from the TV to other sites.

“Consumer electronics makers seem to be rushing to connect all their products to the Internet,” said Adrian Turner, Mocana’s CEO. “The design teams at these companies have not put enough thought into security.”

Mocana, along with similar firms, sells technology to protect devices and often highlights potential threats. This test underscores a warning from security experts: the rise of Internet TVs, smartphones, and other web-ready gadgets creates new opportunities for hackers.

As these devices gain popularity, experts predict familiar scams like credit card thefts will emerge, alongside new threats exploiting device features. These newer devices lack the robust protection found in traditional products like desktop computers.

“When computing power shifts from desktops to mobile devices and web-connected products, hackers will inevitably shift their focus,” said K. Scott Morrison, CTO at Layer 7 Technologies. “This is the new frontier for the hacking community.”

To counter these threats, security companies are developing new protection models. They are promoting technologies like fingerprint scanners and facial recognition, as well as tools that can disable a device or freeze its data if an attack occurs. However, these security measures have not yet become mainstream.

Enrique Salem, CEO of Symantec, noted that his company is unlikely to produce traditional antivirus software for all new devices. Such software demands significant computing power, which would overburden devices lacking the capability and battery life of traditional computers.

“The attacks on these devices are so new that they require a fresh approach,” Salem explained. “With Android, it’s a different type of threat, functioning differently.”

Symantec plans to focus on integrating fingerprint scanners and other personal identifiers into devices. They also aim to use device features to enhance security. For instance, if someone logs in from Florida but their phone’s location data shows it’s in Texas, an application might prompt a security question.

Another objective is to allow consumers to report security issues and remotely lock or erase their data until the problem is resolved. “You want the ability to wipe data if a device is lost,” Salem emphasized.

Intel’s recent $7.7 billion acquisition of McAfee, Symantec’s main rival, signals a push to embed security technology directly into chips for mobile phones and other devices.

While cellphones have been web-connected for years, they once had limited software and constraints, making them less attractive targets for hackers. Attackers found easier victims in PCs running Windows and other popular web software.

However, today’s smartphones are more capable, and their increasing shipments make them worthwhile targets for hackers. Apple, Google, Nokia, and others are racing to populate their online mobile app stores. Despite review mechanisms to catch malicious software, the sheer volume of new apps and hackers’ cunning make it challenging to intercept every threat.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.