On 10/03/2017 15:14, Dave Plowman (News) wrote:
In article ,
Andrew Gabriel wrote:
In article ,
"Dave Plowman (News)" writes:
So first, you'd need to download and install special software to the TV to
get the LEDs to show what you want?

The TV downloads updates regularly. You'd just have to fool it into
loading some hacked update instead of the genuine thing.

Going to be a pretty major hack, I'd say. Have 'they' really got
programmers writing this new software for every single telly on the market?

They will target the widely adopted products - quite a large number of
smart TVs will share a limited number of code bases.

Note that they have custom firmware infecting code for all the common
hard drive controllers, so they can load malware onto a machine such
that its present before any OS loads, and a complete format and
reinstall does not clear it.

Odd how long it took them to get into a locked iPhone only a few months
ago.


That could
be done by poisening your DNS entries or intercepting the update
traffic. With good security, these things would be difficult (but
not impossible). However, such appliances are well known for appalling
security. Another way would be to exploit a buffer overrun or similar
in some the the media decoding software, and providing a hacked film
or whatever that causes execution of embedded code via this mechanism.

You are assuming it is possible to re-programme the device to do all the
things needed to turn it into a covert listening device. Makes you wonder
how so many makers can't write software so the device works as intended.
;-)

Different levels of resources and funding!


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/