Reporting from Black Hat: Your smart TV is probably spying on your family right now

burn your smart tv mr worst case scenario 08 02 2013 header

Mr. Worst Case Scenario is Digital Trends’ paranoid, squinty-gazed, perpetually on-edge security correspondent. And he’s prepared for anything to go wrong, dammit. This week, he’ll slither out of his underground bunker in Montana, don his tinfoil hat and attend DefCon 2013 in Las Vegas.

If you have a smart TV, burn it. Wheelbarrow that sucker into the gully, hose it down with some 92 octane, and toss on the match.

“No – I love my TV! I’m not going to catch it on fire!” you say? Completely understandable; television is a precious thing. But just shut up for a second, and let me ask you something: Do you love it so much that you’d let some grimy stranger watch your old lady prancing around the living room in her damned undies? Because that’s what’s going to happen if you don’t get it out of the house.

Pardon me for getting worked up. It has been a long day, and I am 99 percent certain that, against my better judgment, turning on my computer’s Wi-Fi to file this report has allowed some mowhawked hacker to have his way with my Guns & Ammo forums account. But that is a consequence I am willing to bear to fill you in on the nightmare I learned about during the final day of Black Hat on Thursday.

In addition to watching what you do, and listening to what you say, a smart TV hacker can even mess with your mind.

Here’s the quick version: A smart TV is easily the most dangerous thing in your house, according to not one, but three security researchers who spoke yesterday in Vegas.

We should have guessed as much. Any half-wit could have figured out that products with “smart” in the title are a patronizing corporate ploy. Little did we know that this particular Trojan horse would let an army of basement dwellers rape and pillage the sanctity of your home.

During the first smart TV talk of the day, iSEC Partners hackers-for-hire Aaron Grattafiori and Josh Yavor ran through a pile of technical details about how a smart TV is “really just a smartphone with a 50-inch screen.”

And by that, they mean it can be taken over from anywhere in the world, by anyone with enough evil computer genius running through their blood.

Grattafiori and Yavor found their way into Samsung’s 2012-model smart TVs by turning the Skype app into a weapon of mass invasion. But, according to Grattafiori, any Samsung smart TV app that you might use to communicate with the outside world has all the nuts and bolts necessary for a Class-A screwjob.

Smart TV hack “Bottom line is that, we’ve demonstrated that, on the applications, we can achieve remote-compromise,” says Grattafiori, “especially through the social media applications – anyplace where we can get remote content injected.”

Once they have access, anything is possible. Record video from the camera? No problem. Steal your username and passwords? You bet‘cha. Trick your browser into accessing virus-ridden websites as soon as it loads? But of course! Whatever hideous thing you can imagine they might do, they can do. And I, for one, can imagine nothing but hideous things.

“Basically, you can do anything you want on a smart TV because it is actually just a regular PC,” says SeungJin Lee, author of the second smart TV horror-talk on Thursday.

Lee agrees with Grattafiori and Yavor that a smart TV is just a giant smartphone, with one key stipulation: A smart TV is much better for spying on people. While it’s possible for a hacker to, say, tap into your smartphone’s cameras, the device spends most of its time in a pocket or purse. A smart TV, on the other hand, has a constant watch over whatever room it is in.

I am 99 percent certain that, against my better judgment, turning on my computer’s Wi-Fi to file this report has allowed some mowhawked hacker to have his way with my Guns & Ammo forums account.

 “Some people will say that surveillance on a smartphone is really critical, and very bad,” says Lee. But “most of the time,” he says, “your phone is on your desk or in your pocket,” so only “one percent” of the photos a hacker with remote access could take reveal anything at all. Plus, taking a bunch of photos quickly drains the battery.

“A smart TV is always connected to the power,” explains Lee. “Of course, a smart TV cannot move. But it takes very good photographs, so it can watch you very well.” 

To twist the knife even harder, says Lee, we place our smart TVs in the most intimate place in our lives – our living rooms, bedrooms, and man caves.

“Surveillance is not about me or you,” says Lee. “It is about your family. If your PC gets hacked, it’s mostly your problem. But if your smart TV gets hacked, it’s about your family and your girlfriend and stuff, so do not make TV see your bed.”

Now, I try to avoid sex at all cost. It drains a man of his essence, and dulls the senses. But I can see how this particular fact might put a damper on some of your lives.

In addition to watching what you do, and listening to what you say, a smart TV hacker can even mess with your mind, says Lee. Say, for example, that you’re watching local news; a skilled smart TV hacker could pull up a fake graphic on your smart TV that says “BREAKING NEWS: The president has been shot.” And then what happens? All hell breaks loose.

Consider yourself warned.

Over and out.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Computing

Facebook’s Libra could be dead on arrival, if India stands by its proposed ban

The government of India has announced that it is considering a ban on Facebook's new cryptocurrency, Libra. Without this key market, the success of the burgeoning cryptocurrency is in serious doubt.
Home Theater

How Amazon and Google’s streaming feud helped make Roku the streaming king

Amazon and Google are finally playing nice when it comes to streaming, with YouTube now available on Fire TV devices, and Amazon Prime Video available on Chromecast. Here's how remaining agnostic helped Roku leap ahead of the pack.
Home Theater

Netflix built a TV empire without ads. Here’s why it’s time to consider them

In an increasingly compacted and complex streaming landscape, Netflix is going to have to once again innovate to stay at the head of the pack. While adding commercials would be met with controversy, it could just be a saving grace.
Mobile

No, the Pixel 4’s bezels are not a major crime against smartphone design

Leaks have shown us what the Google Pixel may look like from the front, and the bezels around the screen have sent the masses into a panic, claiming the design is outdated and ugly. Except it's not, and here's why.
Computing

Why recent hacks show Apple’s security strength, not its weakness

It may sound strange, but the recent stories about vulnerabilities in Apple’s security could be good news for the firm. That’s because they went a long way to highlighting its strengths -- and the strengths it has traditionally had over…
Movies & TV

The new 007 is a woman. What does this mean for James Bond’s future?

According to the latest rumors, the new 007 will be played by Lashana Lynch, a black woman, in Bond 25, but don't worry. Ian Fleming's macho, womanizing superspy isn't going anywhere.
Movies & TV

Cringeworthy Cats trailer reminds us we’re not out of the Uncanny Valley yet

The first Cats trailer offers a disturbing reminder of how easy it still is for films that rely heavily on CG effects blended with human performances to slip into the Uncanny Valley of troubling visual elements.
Opinion

Enough is enough: It’s time to break up big tech companies

Antitrust investigations are needed when a business’ sheer bulk is abused, when innovative smaller companies are squashed, and when consumers are impacted. And frankly, that’s a very real problem in the tech world today.
Gaming

The Nintendo Switch Lite may not impress you, but that’s not the point

The Nintendo Switch Lite is a portable-only version of the Nintendo Switch that is missing several of its features. It won't appeal to hardcore Switch players, but that doesn't matter.
Mobile

With voice and gestures, Google’s Pixel 4 takes us closer to a hands-free future

If we combine the features, we know are coming in the Pixel 4 -- gestures, face unlock, and better voice commands – we can clearly see that Google is leading the way towards a hands-free future. But how will it get there?
Mobile

Here are 10 ways your cell phone carrier is screwing you

If you want to use your smartphone then you have little choice but to sign up to a service plan with a cell phone carrier. Sadly, carriers are adept at ripping us off, unnecessarily blocking features, throttling data speeds, and more.
Movies & TV

The Replacements: How Mighty Thor shows superhero swaps are the MCU’s future

Chris Evans, Robert Downey Jr., and others are finished with Marvel, but there's no reason why Captain America, Iron Man, and the rest can't live on. Here's how Mighty Thor proves superhero swaps are key to the MCU's future.
Computing

What’s the best way to stick it to Equifax? Make them work for you

If you're among those whose data was compromised by the Equifax data breach, you're probably not going to get the $125 promised by the FTC settlement. If you want to make Equifax pay, you're better off choosing free credit monitoring.
Opinion

Is it still coming? The Samsung Galaxy Home has an uphill battle

The absence of the Samsung Galaxy Home during Samsung's Unpacked event for the Note 10 makes you wonder more about the future of this Bixby powered smart speaker. Samsung says they're continuing to refine and enhance the Galaxy Home prior…