Hacking, Surveilling, and Deceiving victims on Smart TV

Presented at Black Hat USA 2013, Aug. 1, 2013, 3:30 p.m. (60 minutes).

Smart TVs sold over 80,000,000 units around the world in 2012. This next generation "smart" platform is becoming more and more popular. On the other hand, we hardly see security research on Smart TVs. This presentation will cover vulnerabilities we've found on the platform.

You can imagine that Smart TVs have almost the exact same attack vectors that PC and Smart Phones have. Also, Smart TVs have interesting new attack surface such as the remote controller. We'll talk about attack points for Smart TV platform and cover security bugs we discovered. This talk will mostly focus on what attackers can do on a hacked Smart TV.

For example, expensive Smart TVs have many hardware devices like a Camera or Mic which, if remotely controlled, means bad guys can spy remotely without you knowing. Even more, it is possible to make Smart TVs monitor you 24/7 even though users turn off their TV, meaning #1984 could be done.

In addition, we'll point out a difference of viewpoint on leaked information type among PC, Smart Phone and Smart TV. Lastly, we'll give demo of live remote surveillance cam, which is sent to attacker's server at this talk.

This talk is an extended version of one, which I gave at CANSECWEST. It will demonstrate a spoofed news story on a hacked Smart TV and possibly TVshing (Smart TV edition of phishing.)


Presenters:

  • SeungJin 'Beist' Lee - Korea University
    Beist has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests such as SECUINSIDE in Korea. Also, he has given talks at SYSCAN, CANSECWEST, AVTOKYO, HITCON and TROOPERS. Hunting bugs and exploiting them are his main interest. He does consulting for big companies and is now a graduate student at CIST IAS LAB, Korea University.

Links:

Similar Presentations: