The Evil Maid Strikes Again – Hacking a Smart TV

Ransomware attacks on hospitals

Hacking a Smart TV

Whether it is every so often or daily, you have likely attended a company presentation. And chances are, that presentation is displayed on a large smart TV to ensure everyone in the room can see the screen. But what if that smart TV displays the presentation elsewhere? They don’t call them smart for nothing…

Attack

Our latest video demonstrates an attack scenario that can occur within any organization – hacking a smart TV. In the video, an insider plugs a USB Rubber Ducky into the smart TV. Within less than a minute, a payload is executed that sets up a Wi-Fi network for data exfiltration (called Kitty 3) and instructs the TV to connect to it. The payload then uploads a utility that captures the screen before the insider removes the rogue device.

Sometime later, a company meeting takes place whereby a presentation containing sensitive information is displayed on the smart TV. The screen capture utility is screen recording the entire presentation and, after the meeting ends, saves the recording as a file on the TV. Through the pre-established Wi-Fi network (Kitty 3), the attacker connects to the TV and views and downloads the saved screen recording. Now, the bad actor has access to the confidential data.

Keep your enemies close

In this case, hacking a smart TV is carried out through a hardware-based attack, and such attacks require physical access – the Rogue Device must be installed by someone… And that “someone” was an insider. Moreover, the insider in question is an outsourced cleaner. She was manipulated into assisting in the attack through social engineering (a financial bribe). Outsourced workers can be valuable in such scenarios; as a staff member, she can gain physical access without raising security alarms, but she has less loyalty to the organization and is, therefore, easier to persuade. Outsourced staff pose a significant security threat to organizations. According to the 2020 Insider Threat Report, contractors, service providers, and temporary workers pose the greatest risk to 50% of organizations.

I spy with Wi-Fi (and a duck)

The Rubber Ducky is a Rogue Device that spoofs a legitimate HID. Gaps in device visibility mean the Rogue Device is not detected, but rather the legitimate device it is impersonating is. As a result, the Rogue Device raises no security alarms. In seconds, covertly hacks the smart TV, instructing it to connect to a specific Wi-Fi network – Kitty3, the attacker’s pre-established network. This connection is what provides the perpetrator with remote access to the organization after disconnecting the attack tool.

Outsmart your smart TV

Sepio Systems has developed the Hardware Access Control (HAC-1) solution to provide a panacea to the gap in device visibility. Furthermore, as the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects, and handles all peripherals; no device goes unmanaged. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. Such capabilities enable a Zero Trust Hardware Access approach, and when a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware. HAC-1 is deployed without any hardware, and there is no need for traffic monitoring.

A smart TV might be smart, but we are smarter – give us 24 hours to show you.

Leave a Reply