Here’s a fun story about Smart TVs, if your definition of fun includes hacked gadgets:
A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them.
The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
I promise, this won’t devolve into a running commentary of the latest IoT hacks. But as with last week’s case with the Miele Dishwasher, it shows the increasing complexity of IT Security.
And as opposed to the Miele vulnerability, Samsung is a player that should by now have learned how to do IoT security (but of course, as its Android history shows, isn’t quite as up to the challenge as you’d want them to be.)
Either way, it’s patently obvious that something’s gotta give. Not regulating IoT security seems implausible. To that end, Stiftung Neue Verantwortung, with whom I work on the Future of Energy Markets, published a white paper on strategic principles for IoT security. Alas, it’s only available in German so far…