Remotely Get Root On Most Smart TVs With Radio Signals

[Rafael Scheel] a security consultant has found that hacking smart TVs takes nothing much more than an inexpensive DVB-T transmitter, The transmitter has to be in range of the target TV and some malicious signals. The hack works by exploiting hybrid broadcast broadband TV signals and widely known about bugs in web browsers commonly run on smart TVs, which seem run in the background almost all the time.

Scheel was commissioned by Cyber security company Oneconsult, to create the exploit which once deployed, gave full root privileges enabling the attacker to setup and SSH into the TV taking complete control of the device from anywhere in the world. Once exploited the rogue code is even unaffected by device reboots and factory resets.

Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways, Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. – Rafael Scheel

Smart TV’s seem to be suffering from  IoT security problems. Turning your TV into an all-seeing, all-hearing surveillance device reporting back to it’s master is straight out of 1984.

A video of a talk about the exploit along with all the details is embedded below.
Continue reading “Remotely Get Root On Most Smart TVs With Radio Signals”

Linux-Fu: Applications on the Web

Did you know you can run remote Linux GUI programs in a browser with HTML5 support? It’s even secure because you can use SSH tunneling and that little trick means you don’t even need to open additional ports. If this sounds like gibberish, read on, it’s actually pretty easy to get up and running.

I recently was a guest on a Houston-based podcast, and the hosts asked me if the best thing about writing for Hackaday was getting to work with the other Hackaday staff. I told them that was really good, but what I like best was interacting with people (well, most people) in the comments. That sometimes you’d post an article and someone would bring a topic up in comments that would really knock your socks off. This is how I wound up with this nearly ideal remote access solution, that requires nothing on the remote side but a web browser.

A while back I posted about keeping programs running after log off on a Linux box. The post was mostly about non-GUI programs but you could use NX or VNC to handle it. In the comments, someone mentioned how unhappy they’d been with recent copies of NX and another commenter called [Screen for X11] posted about a tool called xpra.

Continue reading “Linux-Fu: Applications on the Web”

A Red Teamer’s Guide to Pivoting

What is hacking and what is network engineering? We’re not sure where exactly to draw the lines, but [Artem]’s writeup of pivoting is distinctly written from the (paid) hacker’s perspective.

Once you’re inside a network, the question is what to do next. “Pivoting” is how you get from where you are currently to where you want to be, or even just find out what’s available. And that means using all of the networking tricks available. These aren’t just useful for breaking into other people’s networks, though. We’ve used half of these tools at one time or another just running things at home. The other half? Getting to know them would make a rainy-day project.

Is there anything that ssh and socat can’t do? Maybe not, but there are other tools (3proxy and Rpivot) that will let you do it easier. You know how clients behind a NAT firewall can reach out, but can’t be reached from outside? ssh -D will forward a port to the inside of the network. Need to get data out? There’s the old standby iodine to route arbitrary data over DNS queries, but [Artem] says dnscat2 works without root permissions. (And this code does the same on an ESP8266.)

Once you’ve set up proxies inside, the tremendously useful proxychains will let you tunnel whatever you’d like across them. Python’s pty shell makes things easier to use, and tsh will get you a small shell on the inside, complete with file-transfer capabilities.

Again, this writeup is geared toward the pen-testing professional, but you might find any one of these tools useful in your own home network. We used to stream MP3s from home to work with some (ab)use of netcat and ssh. We keep our home IoT devices inside our own network, and launching reverse-proxies lets us check up on things from far away without permanently leaving the doors open. One hacker’s encrypted tunnel is another man’s VPN. Once you know the tools, you’ll find plenty of uses for them. What’s your favorite?

Thanks [nootrope] for the indirect tip!

Giving Linux the Remote Boot

A lot of embedded systems are running Linux on platforms like Raspberry Pi. Since Linux is fully functional from a command line and fully network-capable, it is possible to run servers that you’ve never had physical access to.

There are a few problems, though. Sometimes you really need to reboot the box physically. You also need to be at the console to do things like totally install a new operating system. Or do you? Over on GitHub, user [marcan] has a C program and a shell script that allows you to take over a running system without using any software on the root filesystem. It starts an ssh server and you can remotely unmount the main drive, do any maintenance you want and –presumably–reboot into a new operating system.

Continue reading “Giving Linux the Remote Boot”

Grant Anyone Temporary Permissions to Your Computer with SSH

This is a super cute hack for you Linux users out there. If you have played around with SSH, you know it’s the most amazing thing since sliced bread. For tunneling in, tunneling out, or even just to open up a shell safely, it’s the bees knees. If you work on multiple computers, do you know about ssh-copy-id? We had been using SSH for years before stumbling on that winner.

Anyway, [Felipe Lavratti]’s ssh-allow-friend script is simplicity itself, but the feature it adds is easily worth the cost of admission. All it does is look up your friend’s public key (at the moment only from GitHub) and add it temporarily to your authorized_keys file. When you hit ctrl-C to quit the script, it removes the keys. As long as your friend has the secret key that corresponds to the public key, he or she will be able to log in as your user account.

Continue reading “Grant Anyone Temporary Permissions to Your Computer with SSH”

SSH Enters the Mosh Pit

With so many systems depending on Linux, the secure shell SSH has become a staple for many developers. If you are connected to your Raspberry Pi via a cable or a wireless router a few feet away, SSH can provide you with an encrypted connection straight to the box. However, if you have a system out in a swamp somewhere with intermittent slow network access, SSH can be a real pain. When your IP address can change (for example, roaming on a cellular network), SSH has problems, too.

To combat these and other problems, you might consider an open source program called Mosh (mobile shell). There’s two parts to Mosh. One part works as a server while the other is the client application. Neither of these require root access. You can see a video about Mosh below.

Continue reading “SSH Enters the Mosh Pit”

When Your Screen Breaks In The Himalayas

If you’ve ever had the screen break on your laptop, you’ll know it can be rather annoying to have to use an external monitor for a while as you either wait for a replacement panel to arrive from the other side of the world, or wait for that new laptop you were just desperate for an excuse to upgrade to.

Spare a thought, then, for [tom bh] whose laptop screen broke while he was in Ladakh, Northern India. Two days bus ride from the nearest city in which he could hope to source a replacement part, he had to make do with the resources in front of him. A laptop with a broken screen, and his Android phone.

He was fortunate in that a few lines at the top of the screen still worked intermittently. So after logging in blind and finding himself in a shell, he could execute commands and then scroll the results up to the point at which they were visible. He first enabled an SSH server, then connected his phone via USB. A bit of work to find the laptop’s IP address, and he could get himself a laptop shell on his phone with an Android SSH client. He goes into detail about how he was able to use the laptop’s keyboard to emulate a Bluetooth device which he connected to the phone. He could then run a VNC server on the laptop and connect to it with a VNC client on the phone, resulting in a phone-sized laptop display using the laptop’s keyboard as input. Not a perfect physical terminal by any means, but enough for him to continue working.

His writeup is an especially interesting read for its side-by-side evaluation of the various different application choices he made, and contains some useful suggestions as to how anyone might prepare themselves for a dead screen related emergency.

We’ve featured a dead-screen laptop connected as a serial terminal with an Arduino in the past, but unlike this one that only gave its owner a prompt.

Via Hacker News.