Your 'Smart' TV is Absurdly, Ridiculously, Insecure
So if you hadn't noticed by now, most "internet of things" devices fall well short when it comes to both privacy and security, vendors making it abundantly clear they prioritized connecting devices to the internet without worrying much about what happens next. In the case of many of these devices, what happens next is they're quickly compromised by hackers, who have begun utilizing these connected devices for use in botnets, resulting in some of the worst DDoS attacks we've ever seen. Doorbells, smart home hubs, and thermostats have all created new attack vectors into the home network.And smart TVs may just be the least secure of the bunch.Presenting at Kaspersky Lab's Security Analyst Summit, Israeli researcher Amihai Neiderman stated that Samsung's Tizen OS -- at the heart of the company's smart televisions, smart home devices and some phones, was among the "worst code" he'd "ever seen" -- so riddled with serious security vulnerabilities it's relatively trivial for a hacker to take control of Tizen-powered devices."Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It's like taking an undergraduate and letting him program your software."Not only is the software riddled with vulnerabilities, the software automatically grants full administrative rights to effectively any passers by. The uniform availability of the code means that crafting malware is relatively easy, and the slow pace of firmware updates from smart television vendors means that security updates and fixes are slow in coming -- if they ever come at all."You can update a Tizen system with any malicious code you want," Neiderman tells Motherboard.CIA documents recently leaked by Wikileaks indicate that intelligence agencies take full advantage of such vulnerabilities for surveillance purposes. The document dump included details on a government program dubbed "Weeping Angel," which lets an agent use a malware-laden USB drive to install malicious software, turning some models of Samsung televisions into on-demand listening devices.But it's not just Samsung TVs that are the problem, and some other security researchers have noted that taking control of these televisions can often be done remotely.Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, recently revealed that around 90% of smart televisions are vulnerable to a remote attack using rogue DVB-T (Digital Video Broadcasting - Terrestrial) signals. By abusing the Hybrid Broadcast Broadband TV (HbbTV) standard, a hacker could take remote control of the majority of smart televisions using rogue DVB-T signals transmitted via $50 to $150 in hardware attached to a local utility pole or even a drone.Scheel says he's already developed two exploits to take advantage of the vulnerabilities. Better yet (for hackers or intelligence agencies, anyway), because the DVB-T signals are entirely unidirectional, tracking the origins of the attack is largely impossible.All told, the "smart" option when it comes to modern internet of things devices, may just be older or simpler "dumb" alternatives if privacy and security are a priority.