Remotely Get Root On Most Smart TVs With Radio Signals

[Rafael Scheel] a security consultant has found that hacking smart TVs takes nothing much more than an inexpensive DVB-T transmitter, The transmitter has to be in range of the target TV and some malicious signals. The hack works by exploiting hybrid broadcast broadband TV signals and widely known about bugs in web browsers commonly run on smart TVs, which seem run in the background almost all the time.

Scheel was commissioned by Cyber security company Oneconsult, to create the exploit which once deployed, gave full root privileges enabling the attacker to setup and SSH into the TV taking complete control of the device from anywhere in the world. Once exploited the rogue code is even unaffected by device reboots and factory resets.

Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways, Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. – Rafael Scheel

Smart TV’s seem to be suffering from  IoT security problems. Turning your TV into an all-seeing, all-hearing surveillance device reporting back to it’s master is straight out of 1984.

A video of a talk about the exploit along with all the details is embedded below.
Continue reading “Remotely Get Root On Most Smart TVs With Radio Signals”

Hackaday Prize Entry: Bypassing TV broadcasting restrictions

It’s a common problem faced by TV viewers, the programming they want to watch is being broadcast, but not to their location. TV content has traditionally been licensed for transmission by geography, and this has sometimes put viewers at odds with broadcasters.

The viewing public have not always taken this restriction of their programming choice lying down, and have adopted a variety of inventive solutions with varying degrees of legality and success. Many years ago you might have seen extreme-length UHF antennas to catch faraway transmitters, more recently these efforts have been in the digital domain. It was said in the 1990s that Sky’s Videocrypt satellite TV smart cards were cracked because German Star Trek Next Generation fans were unable to buy subscriptions for non-UK addresses, for example. You can argue in the comments over whether [Patrick Stewart] et al being indirectly responsible for a decryption coup is an urban legend, but it is undeniable that serial smart card emulators and dodgy DOS software for Sky decryption were sold all over Europe at the time.

Modern-day efforts to break the geographic wall on TV broadcasting have turned to the Internet. Services such as the ill-fated Aereo and the Slingbox set-top streaming products have taken the TV broadcast in a particular area and transported it to other locations for viewing online. But they are not the only Internet self-streaming option, if the idea of paying a subscription or tying yourself to a commercial service does not appeal then you can build an off-air streamer for yourself.

[Solenoid]’s project is an off-air streamer using a Raspberry Pi 3 with a USB DVB-T tuner. It uses Tvheadend to power the streaming, and OpenVPN to provide security. His build logs detail his efforts to ensure that power consumption is not too high and that the Pi is not running too hot, and provides instructions on how to set up and use the software. It’s not an overly complex piece of hardware, but it could provide a useful service for any of you who wish to keep up-to-date with your home TV when you are off on your travels.

Why You Should Care About Software Defined Radio

It hasn’t become a household term yet, but Software-Defined Radio (SDR) is a major player on the developing technology front. Whether you’re building products for mass consumption, or just playing around for fun, SDR is worth knowing something about and I’ll prove it to you.

Continue reading “Why You Should Care About Software Defined Radio”

From vacuum cleaner hacking to weather station reverse engineering

spectrum

[Spock] wanted to do a little reverse engineering of his Miele brand remote control vacuum cleaner, so he broke out his DVB-T SDR dongle to use as a spectrum analyser. Sure enough, he found a 433.83Mhz signal that his vacuum cleaner remote control was using, but to his surprise, he found a stray QAM256 signal when he expected an ASK  only one.

After a little detective work, [Spock] eventually tracked it down to a cheap weather station he had forgotten about. The protocol for the weather station was too compelling for him to go back to his vacuum cleaner, though. After downloading an rc-switch Arduino library and making a quick stop at his local radio shack to get a 433.92 radio receiver to decode the signal, he reverse engineered the weather station so he could digitally record the temperature output. The Arduino rc-switch library proved unable to decode the signal, but some Python work helped him get to the bottom of it.

With software defined radio becoming more accessible and common place, hacks like these are a nice reminder just how wired our houses are becoming.