Consumer electronics such as HDTVs and other products that were previously offline-only devices are now facing new challenges as they are connected to the Internet. Security research firm Mocana has discovered a security vulnerability that opens up some Web-connected HDTVs to data theft.
The vulnerability was found in the HDTV's Internet browser that was used to display Web pages on screen. Specifically, a maliciously crafted JavaScript page was found to be able to exploit HDTVs that don't verify script safety before executing the files. Hackers using this technique can intercept transmissions, modify data in transmissions and even trick users into providing credit card numbers or other sensitive information.
"Consumer electronics makers as a class seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana CEO. "I can tell you for a fact that the design teams at these companies have not put enough thought into security."
Mocana didn't publicly disclose which HDTV models they were able to compromise, and said attacks are still hypothetical, but these examples provide a realistic glimpse of future threats.
Another security issue was found that is related to unencrypted information that could allow HDTV owners to watch pay-per-view content and other material without paying. This is a very pressing issue because broadcasters and investors want to ensure everyone watching a given video stream is rightfully paying for that content.
The full Mocana report is available here (PDF).
Connected HDTVs and other electronics should significantly grow in 2011, so it’s important that vulnerabilities like this are fixed when discovered. HDTV makers and software companies also want content and Web access in the living room to be secure, so these discoveries could help force the issue in 2011. I expect manufacturers to work with security companies to better lock down their devices and take a more proactive approach to security on web connected devices in the future.
