via engadget.com
Jon Fingas
04.01.17

Worries that someone could hijack your TV with a broadcast have been present for decades (ever see The Outer Limits?), and it’s clear that they’re not going away any time soon. Oneconsult security researcher Rafael Scheel has outlined an attack that can control smart TVs by embedding code into digital (specifically, DVB-T) over-the-air broadcasts. The intrusion takes advantage of flaws in a set’s web browser to get root-level access and issue virtually any command. You only need to have a transmission powerful enough to reach compatible TVs, and at least one attack will work without revealing that something is wrong.

The technique is known to work on at least two recent Samsung models, and it’s possible to alter the code to compromise other web-enabled TVs.

If there’s a saving grace, it’s the specificity of the attack. Only some countries use DVB-T, and fewer still support the hybrid broadcast broadband TV format (HbbTV) needed to make this work. The victim also needs to both be tuned into a DVB-T channel and have the TV connected to the internet. North Americans watching ATSC broadcasts have nothing to worry about right now, in other words, and you’re also safe if you use a game console or media hub for your living room entertainment.

Read More