Hackers lock TV and demands ransom..

[ErikTheNorwegian]

Hackers

[mikeselectricstuff]

Hackers lock TV and demands ransom..

Send it back under warranty

[ecat]

Hackers lock TV and demands ransom..

Send it back under warranty

Warranty void if signs of deliberate system/software modification are detected

Anyway...
http://arstechnica.com/security/2014/03/philips-smart-tvs-wide-open-to-gmail-cookie-theft-other-serious-hacks/

[SeanB]

Comes from manufacturers leaving default passwords on remote access ports and the TV sets being accessible through PNP on the routers. That and them being more concerned that the user will not have to remember a password and it being on all the time means a simple scan will find them.

Easy enough to fix just by reflashing the firmware like that which is done during initial assembly. But for the average consumer that is too difficult ( requires pressing buttons on the remote other than power, volume and channel) so they likely will either buy a new set and toss the old one, or call for a service callout, or pay up and have a regular Danegeld payment.

[free_electron]

So far for security in linux....

[SeanB]

Default passwords work well in Windows as well.......

[firewalker]

So far for security in linux....

I don't think it is something to do with GNU/Linux or Linux security.

Alexander.

[madires]

So far for security in linux....

If you're running bad software within the administrator's context no OS will protect you, neither any anti-virus. Therefore I'm pretty sure that the Internet of Things is going to be a security nightmare. But Android has an additional problem, it's always outdated, especially for mobile phones.

A high security door doesn't give you any benefit without a high security lock ;-)

[amyk]

Better to keep TVs dumb, and the smartness in the PC connected to it...

[mikeselectricstuff]

Hackers lock TV and demands ransom..

Send it back under warranty

Warranty void if signs of deliberate system/software modification are detected

Anyway...
http://arstechnica.com/security/2014/03/philips-smart-tvs-wide-open-to-gmail-cookie-theft-other-serious-hacks/

Nope. I bought it, it stopped working through no fault of mine. The fact that something like that is possible shows it's not fit for purpose. No different to if the PSU died on a supply brownout. 
Warranty claims are what would makers take security more seriously.
 

[SeanB]

Take back to retailer and demand fixing under consumer protection. As a single user you will not get much, but a big retailer calling the manufacturer with a complaint and a threat to not buy from them again gets attention.

[Monkeh]

So far for security in linux....

I don't think it is something to do with GNU/Linux or Linux security.

Alexander.

Neither does he, he's just trolling.

[zapta]

So far for security in linux....

I don't think it is something to do with GNU/Linux or Linux security.

Alexander.

Don't fall for the bait ...

;-)

[AlfBaz]

Neither does he, he's just trolling.

and to that end...

Just pay the ransom, hackers have to eat too!!

[echen1024]

When most of america doesn't know the difference between an electron and a proton, what do you expect?

[free_electron]

Neither does he, he's just trolling.

Nope i'm not trolling.

It's a TV. It doesn't need an operating system !

 And if the idiots designing the TV do insist on putting one in because of all the 'apps 'they want to install (net streamers and the likes, and usb playback of photo's) they better pick something that is secure and invest some time in properly building a system.

Just thinking 'its linux or android, so its secure' is a sure way to fail.

[lapm]

We recently got led tv from relative that got herself bigger one... And its running Linux, first tough of mine: don't trust manufacturer not screwing up, so no internet connection for this... Its just TV after all...

[madires]

Braun/OralB sells a electric toothbrush with bluetooth and a nice app for your smart phone. I'm not kidding! I don't want any smart fridge, toothbrush or TV. Makes the stuff just more complex, expensive and vulnerable to attacks from the outside. Dear Insurance Inspector, I turned off the stove. It must have been those damn script kiddies who turned in on and caused the fire. 

[free_electron]

Sheesh. Now tv's and toothbrushes have a boottime.

I'm already pissed at blu ray and dvd players.
I have an old daewoo dvd player. Vintage 2001. Powerup to ready is under a second. Pop in disc to first play is like 3 second. Its firmware is contained in a 27c020 eprom.

Now we have quad core driven blu ray players that take 30 seconds to boot and chew for another 30 seconds on a disc before you get the first image.  The software developers responsible for that should be tarred , feathered, andcprohibited from ever touching anything computerwise. Send them to north korea .

[SeanB]

Blame the companies that want DRM for that. And that your BD player will do a firmware upgrade with each new disk you insert, taking another 5 minutes, along with not working without an internet connection so they can check if the disk is valid in your region.

[Neverther]

Good old security holes




And they have access to firmware to reverse engineer some parts of it, even just searching strings might result in default passwords/access for the program running on top of the OS. Cheat the FW to run update from their own server with ransomware-firmware, there you go.
Or small program using the browser to show the site and locking other access out on startup command.

Same could be applied to routers, but routers are designed to connect to net and therefore they have thought about security issues on that front. Local hacks with serial interface/hw reflash are still possible.

[Sionyn]

something like this happened recently to a grandmothers AT&T box
http://www.vg.no/forbruker/teknologi/teknologi/ny-hackertrend-laaser-tv-en-din-og-krever-loesepenger/a/10138623/

[Mysion]

I really don't get all this smart TV hate. They are genuinely useful.  In my home we have a FreeNas server(soon to be ESXI) with movies on it.
Both smart TV's in the house can watch movies off of it and it's a nice way to organize the movie library. We can watch netflix on it as well, better than getting a separate PC just for the TV. The majority of the time it works like a normal TV, it's not intrusive at all.

These security issues is just bad implementation/engineering not an inherent fault of the smart TV. The default password issue is solvable and version handles it nicely. The modem/router combos they ship have a decently long  password printed on a label on the box it's self and it defaults to that password even if it's reset.

I'm not saying even with a good pass word that they are unhackable but with the threat of warranty claims hopefully manufactures will keep them up to date.

[madires]

It's not just about the security issues, it's also about user tracking. Have you ever heard of HbbTV? European TV stations include some  HbbTV information for smart TVs, one is a URL. The smart TVs supporting HbbTV will connect to the given URL and send some data. That way a TV station is able to track viewers. Each time you select such a TV channel the TV station will know. No april fools!

[Bored@Work]

I really don't get all this smart TV hate. They are genuinely useful.  In my home we have a FreeNas server(soon to be ESXI) with movies on it.

You know that one smart TV manufacturer, LG, was caught reading the file names of the files on connected storage and did send it to LG? They did that on top of the "usual" tracking of user behavior. And while there was a menu item to turn off the tracking of user behavior, that menu item didn't turn off the snooping of your media content.

One caught, likely more to find. Mind you, that was all on top of the "usual" user tracking all smart TVs do.

If you add the fact to it that smart TV manufacturers are adding cameras an microphones to TVs - for skype video chat, ha, ha, ha - you start to get an idea what is wrong with them. Edit: Samsung's and Sony's implementation are so unsecure that they are already hacked, and people seeing the mess asked themselves if someone can really be that incompetent or if the implementations were deliberately insecure <insert your favorite conspiracy theory here>.

Manufacturers who you can't trust, incompetent engineers who don't know how to spell the word security, and all sorts of shady figures interested in getting the data, a device typically always powered and placed in a central room or private areas. Yes, the disadvantages outweigh the advantages.

[madires]

Philips just added a new security hole: http://vimeo.com/m/90138302

[Bored@Work]

Sure, but it doesn't follow that because one does it they all do it.

Ah, the "isolated incident" defense. Well ...

Evidence? Considering that smart TVs have come under heavy scrutiny

What heavy scrutiny? A few nerds looking at them, while the unwashed masses just want their entertainment.

Can you say specifically what the "usual" user tracking my Panasonic TV does is?

The already mention HbbTV. A standard feature in Europe. Panasonic added it as a feature to VIERA Connect.

[madires]

I agree that we need to be very careful, especially in light of all the NSA/GCHQ criminality, but wild accusations without evidence are still unjustified. I have studied the Panasonic system, it's based on NetBSD and seems to be quite securely locked down. No open ports apart from when you enable its DLNA server, and no known exploits. It doesn't send any data out without my command, except for background firmware update checks that include a unique identifier and can be disabled (and yes, they do in fact stop).

I've done my homework, what about you?

Does it support IPv6? Currently there's no IPv6 capable system without security issues in the IP stack. Have you heard of covert channels? Are you monitoring the traffic of your TV? The problem is that you can only estimate a probability of your TV being secure. If you aren't an expert in network security you have to trust the vendor and we've seen too much examples of bad security and privacy issues so far, i.e. there's no vendor you can trust. The vendors have no intention to fix security issues for older TVs because that would decrease their profit. It's more important to sell new TV models.

[SeanB]

You do realise that using Chrome feeds every URL to Google for DNS and anti malware " for your protection" and to improve the ad experience.

[BravoV]

No IPv6 support. I monitored the traffic coming from the TV, it does DHCP to get an address, checks for firmware updates (if enabled) and that's it. No other traffic unless I take some specific action to generate some.

It's true that I can't be 100% sure it is secure or not spying, but Bored@Work claimed LG like monitoring and security vulnerabilities. I presented some evidence that his first claim is false, and asked for some proof of his second claim to which he has offered nothing. The onus is on him to substantiate his claims.

+1 for LG, although this is not a bullet proof statement like NSA stuff. Own a late 2013 LG smart tv here too, there was an incident that it was leaking tons of infos to the net, and it was blew up in the press world wide while ago. But now they've fixed it, and the fix was released & delivered really fast since it was discovered. I think in the matter of days if I'm not mistaken.

I own a sniffer running at 24/7, and from the log its now "fixed" as mojo-chan's.