ARD TV-Show "hacking" smarttv camera and microphon

[arris69]

"it-security" and reporter uses SamyGO-Hacks.
http://www.heute.at/digital/multimedia/ ... 72,1158127
see copyright note
http://www.heute.at/storage/pic/bilder/ ... 1431279141

full video in german
http://www.daserste.de/information/wirt ... b-100.html

[zoelechat]

Excellent
Funny is that the guy injects the same lib resident twice, TV must have crashed
Production probably asked him to "fill the screen", or several takes were necessary. Another proof if it was needed that TV shows are only scheming...

Clipboard01.jpg

[juusso]

Yea, i saw this show some days before. Impressive. The goal was to show people the sammy`s are not safe. But for me this generated more questions than answers - guy had to access the local network. And he should have know there is ROOTED smart tv with camera.

btw, why youintube.so is nowhere released yet?

[arris69]

...
btw, why youintube.so is nowhere released yet?

guess it streams the data from the skype-library

[witwit]

guy had to access the local network

He did by faking the DVB-T stream to insert his server ip instead of the original hbbtv service. Probably he built a ssh tunnel (note his host name he is using). I captured some nice terminal lines for you guys. (but the board reduced the solution)

[beatfreak]

192.168.90.245 sounds like tunnel, i don't know any router make where this address is in the standard dhcp pool

but the concept of "rooting without touching" is quite interesting, sure the minority of users will be able to set up a faked DVB-T source...
on the other side, even if one finds a way to do it, there only will be stuid reporters who use it to scare dumb people...

what do you think are the blurred parts of his terminal output?

[rafaelscheel]

Rooting without touching shouldnt be a problem... at least not over dvb-t (dvb-t with hbbtv signals are super eazy to make with hw for less then 100$, no expirience at all with dvb-s, dvb-c should be the same as t, but you have to cut trough a cable or something eheheheh).
The old exeDSP is full of bugs / the new exeAPP probablie too. dont really see the difficulty in this.

Additionally you can upgrade the firmware in many models over dvb.... As shown in talks before (https://vimeo.com/113053663)

We dont see in this movie what he does exactly, tough this paper of him explains probably how: http://www.isti.tu-berlin.de/fileadmin/ ... c_2014.pdf

The user actually has to download the Media file...

First, the attacker places a
manipulated popular video file on the Internet or targets it
directly at a specific victim (1). The victim downloads and
places the file on storage connected to the TV (2). The TV
is compromised as the victim starts to play back the video
on the TV (3). Then the attacker?s payload is executed on the
TV, which, e.g., attacks other systems on the local network or
transmits data from the built-in camera and microphone (4).

additionally he talks about exeDSP which is only used in the old models... Comon, these models use gecko from 2012 ~ for theyer hbbtv browser... just send an hbbtv signal and use an drive by injection...

Are there any other remote attacks shown in the paper that i missed?

Sad the tv show either brings unpublished material and / or no background information, while there are many many eazy ways to do this...


and sorry for the bit salty comment hehehehe i just dont like it if tv shows make a statement but dont back it up at all