Your TV as a Beachhead

The Internet of Things is moving apace and consumers are increasingly purchasing Internet-connected devices for their homes. In the case of SmartTVs it appears that manufacturers’ poor security design(s) could pose a direct threat to the network the TV is integrated with:

Since the well-known Javascript object XmlHttpRequest is available within the DAE, not only the TV is the target of possible attacks but also other networked devices in the user’s home network.

Using a timing-based approach, attackers are able to scan the user’s home network from the TV for other devices that are behind the user’s firewall and would not directly be visible from the internet. This could be used for user profiling and for finding further attack targets.

The next step for the attackers could be the reconfiguration of components in the local area network in order to facilitate further attacks via different vectors. For example the home router – which in many cases has no password protection when accessed from the LAN – could be reconfigured by the attacker to have no protection against attacks from the internet.

In order to gain personal information, attackers could access well-known services like UPnP or http in the user’s network via the connected TV. For example IP cameras or printers could be compromised using this technique.

Also using the XmlHttpRequest object, attackers can transfer all of the gained information to arbitrary Internet drop-zones, which would also expose the victim’s IP address.

As a lot of these attacks have been publicized in the context of browser hacking, there is a lot of available code on the Internet that might be used for also compromising Smart TVs.

While the researcher who’s done this work is presently posing SmartTVs as potential – rather than necessary, or actual – threats, now that the cat’s out of the bag it’s almost guaranteed that more people will be working on weaponizing your TV. Isn’t the pervasive connection of equipment to the Internet just great?