Hacker News new | past | comments | ask | show | jobs | submit login
Watch a Drone Take Over a Nearby Smart TV (wired.com)
65 points by Sodman 63 days ago | hide | past | web | favorite | 79 comments



I think the biggest problem with smart TVs is that manufacturers abandon models after only a few years. You might only get updates for < 3 years and after that, well tough - your TV reached the end of its supported period. No more new functionality and crucially no more security updates.

Most people will still use the TV and keep it connected to their network without realising the security risks.

And the above is for mainstream TV brands, imagine how bad it is for weird off-brands and store own-brands where the original software is of unknown provenance and the chances of any updates is nill.


What's really sad about smart TV's is they are essentially an all-in-one computer with no access to the computer part. For example inside an insignia smart TV I opened were three boards: power supply, LCD interface board, SoC/input board. The SoC board is pretty much a full motherboard as it had RAM, Flash, along with the Video and audio ports plus WiFi, Ethernet and USB.

It then struck me: "Has someone hacked a different OS onto one of these bad boys?" I couldn't find anything but some forum posts saying it's impossible as unfortunately the TV SoC's are all highly proprietary. Now just imagine if we could get access to those SoC's. Run linux, custom menus, remote mapping, control via ethernet/wifi, better settings management, run kodi on the tv, etc. It's massively frustrating.


There are alternatives for Samsung and LG, examples:

https://www.samygo.tv/

http://openlgtv.org.ru/wiki/index.php/LGMOD

Of course it depends from models and what not, so YMMV, but essentially they run a Linux of sorts without providing the source code of "key" parts and "locking it down" as much as they can, if someone manages to workaround these "locks" ...

Here is a thread about installing "full" Ubuntu/Debian on a Samsung, but it is from a few years ago, so likely this is only possible to "old" TV's:

https://forum.samygo.tv/viewtopic.php?t=7898


Meh, just hook a raspberry pi to your TV and that's it.


Of course this is the easiest way but honestly why create more waste? If there is a perfectly functional CPU/RAM/Storage in the TV then why not let us use it?


EU countries have consumer protection laws that cover manufacturing defects for a reasonable period of use.

Those laws need to be clarified to also cover security updates. If a TV that breaks due to bad capacitors after 3 years is covered for a refund, so should a TV that has known security holes that don't get patched. "Users don't care" you say - well the tabloids would have a field day with "GET A FREE NEW TV WITH THIS ONE SECRET TRICK" headlines getting people to return them.


I just hope they never start embedding mobile radios in TVs to circumvent people who know better than to connect their TV to their network.

I would imagine they can exfiltrate their tracking info with very little network traffic over LTE.


I just hope they never start embedding mobile radios in TVs to circumvent people who know better than to connect their TV to their network.

This is my concern with almost any "smart home", IoT type devices now.

As we've already seen with cars, it's entirely possible for a whole industry to shift towards anti-consumer measures like mandatory remote access, and for neither market competition nor laws and regulations to rein them in.

In other news, car theft was essentially a solved problem, where it had become so difficult to drive away that the most effective strategy was literally to break into someone's home/office and steal the real keys. Today, car theft is on the rise, and numerous researchers have demonstrated compromising the security of numerous models from entry-level to expensive prestige vehicles in a matter of seconds.

Not all remote control is good. Not all data sharing is good. Being permanently online is not always good. At some point, we as a society need to realise that and start regulating the products and services we use accordingly... Ideally before some mass hack breaches the privacy of millions of families with smart devices putting cameras and microphones in their homes, or causes every car of a certain model to suddenly accelerate to full speed in the middle of town or slam on the brakes on a high speed road, or otherwise causes some other kind of widespread damage that can't just be ignored or recovered afterwards.


Back in the late 90s when digital TV was being rolled out, RTÉ in Ireland developed a technology called WiNDS. You won't find much technical information about it online because it never moved beyond the prototype phase. WiNDS provided a return path for ordering PPV events and other interactivity by embedding a GSM data modem in your set top box. It would transmit back to base using your regular TV antenna.


Satellite boxes would have plugin modems for this.

Sometimes they’d give you a bit of credit, but others wouldn’t activate the program unless you phoned home.


This is honestly one of my biggest fears with 5G: that this will become economical


Why would we need 5G to do this? Is there something cheaper about it?

I thought it was just faster, and generally only usable at closer rangers because of higher frequencies. And those higher frequencies make it less capable of penetrating into buildings.


My understanding was that 5G enables you to have a ton of low-bandwidth subscribers in a cell, in a way that LTE isn't able to.

Maybe i'm wrong, I'm no 5G expert


> Most people will still use the TV and keep it connected to their network without realising the security risks.

Conversely, most people won't even know the TV isn't being supported.



Awesome. Have you ever seen the movie The Recruit with Colin Farrell? There is a great scene where his character remotely "hacks" a TV at a job fair.


Nice


TVs seem like the last thing that needs to be smart. Why can't I buy just the panel that shows the image and then connect whatever Android TV box I want so I can display the video? Then I can make sure that's patched/upgraded/whatever without having to throw away the actually-expensive panel every time.

I guess that doesn't make people keep buying TVs...


> Why can't I buy just the panel that shows the image

You can, they sell "just dumb panels" for commercial signage applications. They cost way more. Smart TVs selling your eyeballs and your data make them cheaper than dumb panels. And since most consumers buy on price, they also get the advantage of scale. So they're more expensive and they do less, their only market is a handful of privacy geeks who aren't going to just not connect it to the internet - a tiny market.

https://www.businessinsider.com/smart-tv-data-collection-adv...

> A January interview on The Verge's podcast with Vizio's chief technology officer, Bill Baxter, did a great job illuminating how this works.

> "This is a cutthroat industry," Baxter said. "It's a 6% margin industry. The greater strategy is I really don't need to make money off of the TV. I need to cover my cost."

> "It's not just about data collection. It's about post-purchase monetization of the TV."

> "You sell some movies, you sell some TV shows, you sell some ads, you know," he said. "It's not really that different than the Verge website."


Oh, interesting. I guess I'll just keep never connecting the TV to wifi, then.


Good luck with that. It will simply connect to a neighbouring open WiFi and transmit your data anyway :)


What data? If the TV isn't online, then why would you enter any data on it? I guess you could always connect a Roku and then give your data to Roku, or a Chromecast since Google already has your data, or a FireTV stick, since Amazon already has your data. Well, at least Samsung/LG/Sony/Vizio/etc don't, reduce a little bit the attack surface.


What data? - you ask. Let's see:

- audio recordings (smart TVs have microphones)

- photos of your living room (smart TVs have cameras)

- still images of TV content

- SSIDs of neighbouring WiFi routers for geolocation

- data from scanning nearby smart devices Bluetooth

- daily/weekly usage data

- data from scanning USB devices plugged into the TV (e.g. list of filenames from your pendrive / USB HDD)


Still, if TV isn't online, you don't give it access to your network, that doesn't go anywhere.


Maybe remove the wifi card or antennas?


Nah, thank God for the GDPR.


I consider a lot of "smart" devices and IoT artifacts as pollution, as far as security and reliability are concerned.

Yes, let's take long-lived hardware and embed short-lived networked software in it, and do so in an environment where there are no economic or regulatory incentives to keep them patched over the expected life of the hardware. Thanks for the innovation, tech industry.


It's pollution in general.

The marketing shit getting people to buy 4K TVs when a 20 year old person struggles to see the difference from the other end of the room is literally producing unnecessary technology when the old stuff was just fine.

Add on artificial software breakage and it becomes even more extreme.


HDR and larger color gamut's nice. Deeper blacks are nice. Agree 4k's more useful for monitors than TVs, where it's bottom of the list of important modern upgrades to ordinary hi-def TV, IMO, unless you're rocking a legit home theater, as in projector and huge room and all. Semi-properly-set-up surround's way more important than 4k, though also expensive and very inconvenient in most people's TV spaces.


Yes, yes, for videophiles it matters.

The vast majority of people buy the shit because it's pushed on them. My grandmother doesn't bloody need 4K.


And they're pushing 8k now! I don't know who that's even for. The "actually benefits from 4K" slice of the market's already pretty damn small.


To a point I agree. I have a 1080 and my friend picked up just a 2k screen. His it’s like getting an eye massage while watching tv the picture is just so crisp.

I do dislike smart TVs however. Very thankful my dumb Samsung has lasted about 10 years and still going strong. Are there any dumb TVs left to buy?


I have a 4K Samsung Smart TV that I use as a monitor. It just doesn't get on the network.

Has never been updated but it's airgapped so who cares.

Of course if it gets on some open WiFi or has a sim card in it I'm knackered. Doh. Should probably crack it open and remove the antenna.


The antenna isn't the part to be concerned with, it's the microphone that makes me hate the smart TV. Besides, if you watch network television, you'll be amazed at how much better the picture looks from the over-the-air broadcast compared to the atrociously compressed version your cable provider gives you.

Edit: just realized you meant the wifi antenna.


There are TVs without microphones. For example, Sony TVs have a microphone in the touchpad remote but not in the TV itself or in the standard remote. If you don't want to be listened to, just remove the batteries from the touchpad remote (if it even comes with your TV - some only have the one standard remote.)


Yeah, the wifi antenna. I don't watch TV. It was just less than half the price of an equivalent monitor at the time.


Unless you read the code and flashed the TV yourself, you have no idea if it periodically checks for unsecured wifi networks to connect to.

So yes, I would remove the antenna.

Someone somewhere probably thought, "Hey, let's help out our customers that may be too lazy or not smart enough to figure out how to connect, and do it automatically for them!"


Surreptitiously connecting to a network that you don’t own or have permission to use seems like it would fall afoul of the CFAA.


Exfiltrating surveillance data probably falls foul of some law as well, that's not the point.

People who remove antennae from their devices are doing so because the law is cold comfort after the fact. This is like telling a farmer they don't need guns because 911 will be there quickly enough. Nope.

It also seems unlikely that connecting to an unsecured access point can be said to be "unauthorized access". That would make like, free wifi essentially anywhere (hotels, fast food places, airports, coffee shops, libraries) illegal to access unless you like, asked someone first. It's in direct contrast with how probably 99% of people use WiFi.


You agree to terms before connecting to free Wi-Fi.


Uninformed consent makes a mockery of the very concept of consent. Anybody suggesting otherwise should be ashamed with themselves.


You must be talking about someone else, then, since I'm certainly not suggesting otherwise.


Er, no you don't? You don't even know what the terms are.

Maybe you're talking about captive portals. Not all free wifi even has terms.


Well then you're violating the CFAA. You're a horrible person who deserves to go to jail for what you did. (I never said I agreed with the how the CFAA is written…)


That doesn't mean that the person who makes that decision knows about the law or even cares.

Laws don't stop crimes, they just allow crimes to be prosecuted.

(Otherwise there would be no more murders, drunk drivers, etc.)


Radio piracy isn’t actually a vulnerability though.


I don't think that matters. The Act has verbiage along the lines of accessing a computer without authorization, which is what you're doing by hopping on the network.


You can buy dumb 4k TVs online, though there aren't many. One such TV is the BOLVA 55BL00H7 55" 4K Ultra HD UHDTV


I've got a dumb smart TV from Sony (no Android TV). Best of both worlds ;)


TV business has gotten so competitive the margins are incredibly thin.

Manufacturers want larger margins for their shareholders.

Manufacturers see the data whoring, privacy violating business.

Manufacturers put in "smart" oses into TVs so they can begin recording what you are watching, saying (they have mics and you agree to the TOS they cna record your living room!) or even doing so they can whore out for more profit than they made on you buying the tv.


Smart TV's have very little marginal cost to the manufacturer: A modern TV needs a beefy CPU anyways.

There's nothing stopping you from treating a smart TV like a dumb TV. Just don't configure the network.


> Just don't configure the network.

I've read, but never confirmed that some smart TVs will queue data and then attempt to connect to unsecured networks to upload to the mothership.


Rip out the wifi antenna! Or put it inside some Faraday cage.


> Or put it inside some Faraday cage.

...your TV? Are you going to hang out inside the cage with it? Or maybe watch it through the screen door? There's a use case for 4K, it has enough pixels so that even looking through the Faraday cage you still get 1080p.


The antenna, not the whole tv


Don't take your tv out for a walk then.


> TVs seem like the last thing that needs to be smart. Why can't I buy just the panel that shows the image and then connect whatever Android TV box I want so I can display the video?

You can still buy "non-smart" TVs and do this.

But I think most people want this functionality built in to the TV, for 2 reasons:

1. Aesthetics. For example, my TV is wall mounted, and I don't want a box strapped on the side of it with wires hanging out.

2. Ease of use. Most people want to plug it in and have it just work


You could just buy a monitor.

Not sure if that would meet your requirements? But it sounds like it would. Just might be a bit more pricey depending on features.


It's not the same, (as far as I know) they don't make monitors that have the specs of TVs at the same price point.


My current "Smart TV" setup is a 10 year old 42" dumb tv with an Amazon Fire TV stick plugged into the back. I don't know what I'll do when it dies (it's dying).

I wish you could just buy modern TVs that are essentially just monitors.


Serious question, why do you need a giant TV? Why not just use a personal device like a computer, tablet, or phone to watch whatever?

I imagine you'll say something about watching TV with other people, which seems fair, but in my experience people don't watch TV "together". The TV is on, maybe one person is paying attention to it, most are just on their phone, or talking to eachother.

Maybe my experience is an outlier here.


I'm staring at a screen 50cm away for 8 hours a day already... it's nice to give my eyes a break and stare at one 3m away for my remaining awake time. ;)


No one needs a giant TV, but a lot of people 'like' a bigger screen. A lot of media is just better on a big screen. It's the whole reason a great many people enjoy or even prefer watching movies on a theater screen.

I don't think there's much more a reason that, nor do folk need more reason than that.


The main reason is I have kids.

In the past, I mainly just used a tablet to watch video.


You can. Just use DVB-C or HDMI instead. Don't connect it with ethernet or WLAN to the Internet. That way, it becomes a "dumb TV". We do pay for the whole package, unfortunately.

Also, you might want to opt out of using an Amazon or Google HDMI dongle for privacy reasons. Another thing to consider is that dumb TVs traditionally have IR which has its pros and cons.


Buy film studio monitors. They can get ugly and expensive though. Although, considering how big TVs are these days maybe there isn't a professional equivalent.


So they can collect your viewing history and sell it to providers. Wasn’t the samsung tv trying to spy on users via its camera to track viewing activity ?


You can buy a pc monitor with various input methods. There are no SMART pc monitors im aware of


Sounds great! But lets sell then together in a clean package with no setup.

Seems obvious to me why they sell.


washers and dryers are the last things that need to be smart. But TVs sure are up there.


They still make dumb panels, eg.

https://smile.amazon.com/gp/product/B01LW4G71Y/

I did precisely what you suggest: buy a TV and hook a streaming box to it.


Same. I'm running an NEC E-series. The 'smart' features it has are an honest-to-god serial port for plugging it into automation. It's been a decent display to me. The only thing I would warn consumers about them is that you generally can't go see them in a showroom, so you've got to take some chances.


Did he actually 'take over' the TV or just overpower the OTA broadcast? If the latter then the 'Smart' part is irrelevant (and so is the drone for that matter). A yagi with 50 watt UHF amplifier would likely do just as well from the ground.

A tempest attack on a display, on the other hand, would be more interesting and the drone might actually be useful for that. Add a gimbal for a directional antenna and you'd be golden. https://github.com/martinmarinov/TempestSDR


> Did he actually 'take over' the TV or just overpower the OTA broadcast? If the latter then the 'Smart' part is irrelevant (and so is the drone for that matter). A yagi with 50 watt UHF amplifier would likely do just as well from the ground.

He overpowered the OTA broadcast, the drone is unneccessary and it can be done with an amp and a directional antenna. How do I know it? It says so right in the article.


I didn’t make it that far. The obviously oversold attack depleted my interest.


If you watch the demo video closely it's just a poorly tracked overlay stuck into the TV frame. I'm not sure what I was supposed to get from that 'demonstration'.


Reminder that most tvs are smart, because their price is subsidized by selling your data. The extra cost for a 'dumb tv'/monitor is payin for your privacy.


I have a Samsung Smart Plasma TV. 1080p

It is fast, 3D capable. I actually have hooked it up to my computer to do real high end CAD (NX) in 3D. Frankly, it is amazing. I probably am the only one in North America who does it. Spiffy, and I really am sad plasma displays are no longer produced. Might just score another one while I can.

Nothing beats glowing phosphorus in glass man!

I did update it for newer codecs to play movies on USB, but that is it.

Totally unsupported now.

I like to buy the Smart models on clearance. I got this one, and it is huge, for like 800 bucks. Ignoring the smart part can be a cost savings if one looks.


Watch Dogs




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: