A New Vulnerability Could Leave Smart TVs Exposed

Illustration for article titled A New Vulnerability Could Leave Smart TVs Exposed

A new hack that requires little more than a $250 1-watt amplifier could leave your smart TV vulnerable to a man-in-the-middle attack. It's called the "Red Button" attack, after the red button on your remote that allows you to control the interactive features of your smart TV, and was discovered by two researchers at the Columbia University Network Security Lab.


Forbes has a great explanation about how it works:

Red Button can best be thought of as a classic "man-in-the-middle" attack, or a particularly insidious descendant of the signal injections of the early days of cable TV.

[...] What also makes Red Button insidious is that the malware would run automatically when a viewer tunes into a compromised channel and runs completely in the background without the knowledge or consent of the TV set owner. And the attack is untraceable, because the hacker never presents himself on the Internet with a source IP address or DNS server. The only way for law enforcement to find a rogue broadcast is to send out multiple vehicle-mounted antennas to triangulate the signal. A hacker could be long gone before those trucks ever hit the streets.

Between this and the fact that that most smart TVs are kings of the clunky interface, we've never wanted a dumb TV more. [Forbes]


I still don't like the idea of Smart TVs when you have perfectly capable smart boxes that you can add-on for $30-$100. Why upgrade your Smart TV after 3 years because Samsung decided to stop updating your software? I'd rather have that TV for 10 years and upgrade my smart box every few years.