It only makes sense that putting a TV online theoretically exposes it to hackers, but it’s now clear that those hacks don’t have to go through conventional internet pipelines. A team of Columbia University researchers has published details of a vulnerability in an interactive TV standard that lets evildoers hijack your smart TV and other devices in your home network so long as you tune into a specific over-the-air digital channel. Attacks can run undetected in the background, and the nature of the broadcasts makes it difficult or impossible to trace the culprit. Reportedly, the only surefire remedies are to cut off broadcast-based web content altogether, monitor for unusual spikes in network activity or notify users when apps launch.
It’s 9:30 p.m. on a Sunday in New York City. People in their apartments in the Inwood neighborhood of Manhattan have their air-conditioners blasting and don’t hear the slight whirr of the two drones hovering 35 stories in the air outside. They’re on the couch watching Family Guy, Duck Dynasty or the Good Wife on their new Web-connected flat-screen TVs. No one sees the hack coming. The drones, launched from the roof of a tall apartment building, have a clutch of electronic gear aboard that can capture incoming digital broadcasts, inject a bit of malicious code to the data portion of the stream, and send it back out on the same frequency. Within a minute or two, residents’ printers are spewing out unwanted coupons and phony Yelp reviews and Facebook posts are being created using their login credentials. Without any trace or sign of vandalism, an entire neighborhood’s smart TV sets have been compromised. The home owners don’t know it yet, but the hackers are already moving deeper into the home, sniffing for weakly or unprotected WiFi routers and PCs that may be attached. The hackers can lurk around as long as no one turns off the set or changes the channel, and when the hackers decide to go there’s no way to retrace their steps.