Your Smart TV Does 4K, Surround Sound, Denial-of-service…

Any reader who has bought a TV in recent years will know that it’s now almost impossible to buy one that’s just a TV. Instead they are all “smart” TVs, with an on-board computer running a custom OS with a pile of streaming apps installed. It fits an age in which linear broadcast TV is looking increasingly archaic, but it brings with it a host of new challenges.

Normally you’d expect us to launch into a story of privacy invasion from a TV manufacturer at this point, but instead we’ve got [Priscilla]’s experience, in which her HiSense Android TV executed a denial of service on the computers on her network.

The root of the problem appears to be the TV running continuous network discovery attempts using random UUIDs, which when happening every few minutes for a year or more, overloads the key caches on other networked machines. The PC which brought the problem to light was a Windows machine, which leaves us sincerely hoping that our Linux boxen might be immune.

It’s fair to place this story more under the heading of bugs than of malicious intent, but even so it’s something that should never have made it to production. The linked story advises nobody to buy a HiSense TV, but to that we’d have to doubt that other manufactures wouldn’t be similarly affected.

Header: William Hook, CC-BY-SA 2.0.

Thanks [Concretedog] for the tip.

A Single Board Computer From A TV

It is an annoyance for some members of our community, that it has become almost impossible to buy a TV that’s not a so-called “smart” TV. These units contain a computer as well as the display, and it boots into a locked-down OS with a user interface and a load of streaming apps. Can anything be done with them other than what their manufacturers intended? [Nina Kalinina] has managed it, taking the mainboard from a discarded LCD TV and liberating the ARM Linux board within.

On the board are all the inputs you’d expect from a TV, along with Ethernet, and a couple of extra USB ports hidden in the WiFi interface. There’s a UART available on the SCART connector, and accessing the U-boot menu is achieved by the unusual means of sending a character to the infrared port using a Palm Pilot. Surprisingly the device tree in the Flash was editable, so with the Linux OS accessed, the board was revealed as having a dual-core Novatek SoC.

This is reminiscent of the days when the new hotness was dragging a Linux box out of a home router, and just as those were quickly eclipsed by inexpensive boards such as the Raspberry Pi, so might these TV boards meet the same fate. If, however, they can be made to drive a screen with something more useful than the TV interface then that might change, as who wouldn’t want to make an old smart TV a bit more useful?

Mockup of an LG SmartTV, showing the webOS logo, saying "debug status: DEBUG, SIGN Key: PRODKEY, Access USB Status: 0/100(C)", and showing a console prompt on the bottom.

What’s That AccessUSB Menu In My LG SmartTV?

One boring evening, [XenRE] was looking through service menus on their LG Smart TV (Russian, Google Translate), such menus accessible through use of undocumented IR remote codes. In other words, a fairly regular evening. They noticed an “Access USB Status” entry and thought the “Access USB” part looked peculiar. A few service manuals hinted that there’s a service mode you could access with an adapter made out of two back-to-back PL2303 USB-UART adapters – a few female-female jumper wires later, serial prompt greeted our hacker, and entering ‘debug’ into the prompt responded with some text, among it, “Access USB is NOT opened!!!”.

[XenRE] found the WebOS firmware for the TV online, encrypted and compressed into a proprietary LG .epk format, but liberated with an open-source tool. A few modules referred to AccessUSB there, and one detour into investigating and explaining WebOS USB vendor lock-in implementation later, they programmed an STM32 with the same VID and PID as the mythical AccessUSB device found in relevant WebOS modules decompiled with IDA. By this point, AccessUSB could safely be assumed to be a service mode dongle. The TV didn’t quite start beeping in a different pattern as we’d expect in a sci-fi movie, but it did notify about a “new USB device” – and started asking for a 6-symbol service menu password instead of a 4-symbol one. Continue reading “What’s That AccessUSB Menu In My LG SmartTV?”

Samsung Bricks Smart TVs

Earlier this Fall, a Samsung warehouse in South Africa was robbed and the thieves got away with a quantity of smart televisions. Samsung proceeded to implement a little-known feature called “TV Block” which is installed on all of their TV products. The serial numbers of the stolen TV sets are flagged in their servers, and if one of these sets tries to connect the internet in the future, it will recognize that it is stolen and proceed to brick itself, disabling all television functionality.

So while this real-life scenario makes sense, it is a bit alarming to realize the implication of such a feature — the manufacturer can reach into your TV and disable it from afar. One can assume that Samsung won’t abuse this capability, because acting otherwise would harm their reputation. In a press release, Samsung announced that any consumers whose sets were incorrectly bricked can have their sets un-bricked after demonstrating proper ownership.

Despite such good intentions, the mere existence of such a feature is worrisome. What someone hacks the system and begins bricking TVs all over the world willy-nilly? If you are concerned about this possibility, one option of course is to never connect your TV set to the internet. But in that case, it might be better to just buy a “dumb” television set instead.

Anti-theft immobilizers are not new — one system was patented over 100 years ago to thwart car thieves. Car stereo systems have also long featured technology that renders them unusable when stolen. Although this robbery brought Samsung’s “TV Block” to consumers’ attention, we wonder if other manufacturers have similar anti-theft systems which aren’t well publicized. If you know of any, please share in the comments below.

Vizio In Hot Water Over Smart TV GPL Violations

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

magicBlueSmoke-piStick-featured

How Do You Make A Raspberry Pi On A Stick?

We agree with [magic-blue-smoke] that one of the only things more fun than a standard Raspberry Pi 4 is the Compute Module form factor. If they are not destined to be embedded in a system, these need a breakout board to be useful. Each can be customized with a myriad board shapes and ports, and that’s where the real fun starts. We’ve already seen projects that include custom carrier boards in everything from a 3D Printer to a NAS and one that shows we can build a single-sided board at home complete with high-speed ports.

[magic blue smoke] used this ability to customize the breakout board as an opportunity to create a hackable media player “stick” with the Raspberry Pi built-in. We love that this Raspberry Pi CM4 TV Stick eliminates all the adapters and cables usually required to connect a Pi’s fiddly micro HDMI ports to a display and has heat sinks and an IR receiver to boot. Like a consumer media player HDMI stick, all you need to add is power. Continue reading “How Do You Make A Raspberry Pi On A Stick?”

Roku TV Hacked To Run Philips Ambilight Setup

Roku TVs are interesting beasts, which use automatic content recognition on whatever you happen to be watching in order to market online streaming services direct to your loungeroom. [Ammar Askar] realised that this technology could instead be used to feed data to a computer to run a Philips Ambilight setup natively from whatever the TV displays. 

The core of the hack came about because [Ammar’s] TV doesn’t work natively with Philips Ambilight technology. Most off-the-shelf solutions involve feeding sources, like Chromecasts or game consoles, to a HDMI splitter and then to a PC running the Ambilight software, but it gets messy real quick. Instead, [Ammar] realised that the Roku-enabled TV should be more than capable of working with the Ambilight system, given the capability of its inbuilt hardware.

The hack consists of a custom app running on the Roku hardware, which uses the in-built Roku libraries to capture frames of whatever is being displayed on the TV. It then breaks up the screen into sections and averages the color in each area. This data is then passed to a laptop, which displays the relevant colors on its own screen, where the standard Philips Hue Sync app handles the Ambilight duties.

It’s a great hack and [Ammar] doesn’t skimp on the granular fine details of what it took to get this custom code running on the Roku TV. We’d love to see more hacks of this calibre done on smart TVs; after all, there’s plenty of horsepower under the hood in many cases. Alternatively, you could always follow the CIA’s example and turn your Samsung TV into a covert listening device. Video after the break.

Continue reading “Roku TV Hacked To Run Philips Ambilight Setup”