‘Smart’ televisions with built-in microphones could be used as bugging devices by corrupting them with malware, according to software specialists NCC Group, as reported by The Register.
An attacker would not even need physical access to the television to launch an attack, security experts from the group warned.
Fooling a user into installing a malicious app is one way to gain control of the microphone - but models of televisions with built-in storage and microphones can be set to auto-update, so an attacker could feasibly create an app, then release an update containing it.
Software escrow specialists NCC recently released a white paper examining potential solutions for the problems posed by so-called “Internet of Things” devices.
‘Smart TVs’ seem to have been particularly soft targets. LG admitted that one of its models had been sending information during shows watched by their owners without informing them. After a successful hack of a Samsung Smart TV, Senator Charles E Schumer, a Democrat from New York addressed a letter to television manufacturers urging them to improve security.
“Many of these smart televisions are vulnerable to hackers who can spy on you while you’re watching TV in your living room. You expect to watch TV, but you don’t want the TV watching you.”
The latest hack was demonstrated by NCC near the Infosec conference in London last week, with journalists from The Register shown how Smart TVs can be hacked in much the same way as using a malicious app against an Android phone.
"Malicious apps could be downloaded from the manufacturer’s app store. The TV does have the option for auto-updating, so releasing a legitimate app, then releasing a malicious update, is another attack vector,” a researcher said.
"The devices contain microphones and cameras that can be utilised by applications, Skype and similar apps being good examples.”
"The TV has a fairly large amount of storage, so would be able to hold more than 30 seconds of audio – we only captured short snippets for demonstrations purposes. A more sophisticated attack could store more audio locally and only upload it at certain times, or could even stream it directly to a server, bypassing the need to use any of the device’s storage.”