Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart TV security


  • Please log in to reply
5 replies to this topic

#1 bludshot

bludshot

  • Members
  • 657 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 16 April 2014 - 10:30 PM

What can I do to secure my smart TV? Any way I can probe it for vulnerabilities or anything?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:55 PM

Posted 17 April 2014 - 06:24 AM

Forget smartphones, it's smart TVs that we should be worried about

...a smart TV is the most dangerous item in your house. Why?...a smart TV is really just a smartphone with a big screen...it can be compromised by anyone in the world with enough knowledge to do so...


Smart TV: Like A Web App Riddled With Vulnerabilities

...the more TVs start to look like computers, the more they are becoming subject to the same underlying code vulnerabilities that have caused headaches and heartache in the PC space...


Hacking threats to big screen smart TVs

...Eavesdropping and denial of service attacks are possible; so is stealing sensitive personal or financial information stored by TV apps. By 2016, 100 million TVs are expected to be connected to the Internet. While smart TVs are not a low hanging fruit yet, in time it may become profitable for malware writers to hone in on these devices...

.
 

What is a smart TV and what are the associated risks?

The simplest way to make sure that your smart TV isnt spying on you? Disconnect it from your home network. But if you want access to some of the perks of smart technology, avoid TVs with built-in webcams. If you already have a TV with a webcam, go for the low-tech but effective way of blocking it: a sticky note covering the lens except for when youre actively using it.


Should I be protecting my smart TV?

...At the moment, though, the threat is very low and you can easily avoid it becoming a problem simply by not using your Smart TVs Internet connection for anything that involves personal or private information, banking and on-line transactions or any secure site that requires PINs or passwords for access...


How to protect your Smart TV from savvy hackers

...know how to secure your WiFi network...Know whats in your home...Keep up-to-date...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 17 April 2014 - 12:40 PM

What can I do to secure my smart TV? Any way I can probe it for vulnerabilities or anything?

 

How familiar are you with networking and exploring networks? For example, have you ever used nmap?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 bludshot

bludshot
  • Topic Starter

  • Members
  • 657 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 17 April 2014 - 05:57 PM

I'm a bit familiar but I haven't used nmap. I'll look into it and see what I can find about the tv. If you have any advice I'm all ears.

 

 

Certainly keeping my tv disconnected from the network would secure it... but the whole point of the tv is for it to use the internet, so that's not an option in my case. (It would be a great option for someone who only wanted to use it as a TV. They really should have just bought a non smart tv then though, but yeah.)

 

Not using the smart tv for any personal stuff is a good idea, I wasn't really going to, but its good to have a specific policy to intentionally not do it. My network is fairly secure but I guess there's a couple things I could do to make it more secure (that is, if not broadcasting ssid actually makes it more secure?).

 

And the idea of having a new router that has an isolated guest channel that can't see other devices on the network sounds cool but I can't afford that right now, plus I probably want to see network shares.



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 18 April 2014 - 05:17 AM

nmap can tell you what ports are open, and also fingerprint the services behind the open ports.

 

execute "nmap 192.168.X.X" to see what popular ports are open.

execute "nmap -sV 192.168.X.X" to fingerprint the services.

execute "nmap -p0-65335 192.168.X.X" to scan all ports.

execute "nmap -p0-65335 -sV 192.168.X.X" to fingerprint all open ports.

 

replace 192.168.X.X with the IP address of your Smart TV. Be sure to do this in your LAN, not over the Internet, or you might trigger an IDS.

 

These commands can take several minutes, especially the lasts 2 scanning all ports.

 

If you find open ports like 22 (ssh), 80 (http), 443 (https), try to connect to them (ssh client, browser) and see if you need to authenticate.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 18 April 2014 - 05:24 AM

 

(that is, if not broadcasting ssid actually makes it more secure?).

 

No, it just prevents people from accidentally connecting to your wireless network, which shouldn't be an issue if your wireless network is encrypted (e.g. you need a password to connect to it).


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users