Norman Safeground Blogs

insight, opinion & information

 
 

In the News – Smart TVs, electronic signs and Fitness apps

Kristian Bognaes

In the News – June 2014

Kristian A. Bognaes, Director, Norman Safeground Development Center

– The month of June brought a couple of interesting stories that relate to hardware security from new angles. In addition, a very timely news item touching on privacy caught my eye – read on.

Smart TVs can be exploited

One product that has been going through many changes lately is the traditional living room TV. Not only are the TV manufacturers competing on providing the best and largest picture for the lowest price but also the TVs are getting ‘smart’. A trend now is to use a built-in computing platform to tie together the TV with the internet, and provide premium content through applications that run on the actual TV. Providers like Hulu, YouTube, Netflix and others are doing this. The traditional TV channel providers want to get in on the action and have introduced a system called ‘Hybrid Broadcast-Broadband Television’, or HbbTV for short. The idea is that the channels can provide digital interactive content to the viewer as part of the television program stream and the viewer can reply using the internet as an uplink. So far, it all sounds great. However, as a paper from researchers at the Columbia University Network Security Lab is showing, the television stream content may contain code that is executed by the television computer. The stream is not protected in any way, so an attacker can execute arbitrary code on the TV by replacing the data stream with his own using a transmitter and some easily available hardware. The paper will be presented at the USENIX symposium in August. Do not be surprised if your TV starts ‘liking’ YouTube videos on its own.

Electronic road signs

We have all seen the little portable information signs that road workers put up to tell you what’s up ahead. Those signs are sometimes messed with, and changing a display to warn of ‘zombies ahead’ can (apparently) be great fun. To do this, however, you would need physical access to the sign, which could sometimes be a challenge.
A news story in SecurityWeek this month talked about permanent road signs being changed along highways. Permanent signs do not have a local controller box that can be tampered with, so when these displays started showing silly messages, it was sign (no pun intended) that something more serious was going on. As it turns out, these signs are connected to private IP networks. The tampering was made possible by plain old port scanning, password cracking, and scripting. The perpetrator was located in a country far away. As with any other devices, the lesson is make sure to change any default passwords, close any unnecessary services, and implement strong authentication in your VPN. The traveling public needs a system they can trust, in case real zombies become a problem one day.

Fitness apps and privacy

Finally, a story about fitness apps appeared many places this month. Applications to keep track of your workouts, diet, age, weight etc. are abundant, many of them storing the data on central servers in ‘the cloud’. As it turns out, this data is often being shared with others. An official on patients’ privacy stated that these apps have the potential to be a ‘privacy nightmare’. Imagine how valuable such data would be to companies marketing health-related products, not to mention insurance companies. My recommendation this month is to use fitness apps that store data locally only. Also, make sure you read the license agreement before using such apps, to make sure that your health data is not being spread to others.

Tags: , , , , ,

One Response to In the News – Smart TVs, electronic signs and Fitness apps

  1. Greg Poulter says:

    Re “Smart TV’s.” LG have already been in hot water over security problems with their Smart TV’s.
    Re Road Signs. Imagine the chaos that could be caused by hacking into the traffic signal network in a major city!
    Hacking the traffic lights would cause serious injury and death and disruption! How secure are our traffic systems?
    Re Fitness Apps. These little devices can amass an incredible amount of data! Its only a matter of time before these devices are hacked to get at that data!
    How would such a device be protected?
    As you stated, this data would be priceless to health companies!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

 
Norman

The Author:

Business Bloggers

Norman Safeground Blogs Archive