Computer scientists say 'red button attack' leaves millions of smart TVs vulnerable

Flaw in the HbbTV standard gives hackers a way in to home networks

Click to follow
The Independent Tech

Computer scientists from Columbia University have warned of a critical vulnerability in smart TVs that lets hackers quickly and anonymously hijack home networks.

In a recently-published paper Yossi Oren and Angelos Keromytis say the so-called ‘red button attack’ (named after the button on remote controls that bring up interactive content) allows hackers to post spam through users' social networks, launch attacks against other computers and even hijack the microphones and cameras built into some TVs.  

The attack affects any device that is compatible with the HbbTV industry standard (it's short for hybrid broadcast-broadband) which the researchers says is deeply flawed, essentially offering an open network to any individual with a cheap radio amplifier and a few lines of code.

Oren and Keromytis say that with a £260 device a hacker in an urban area could target “more than 20,000 devices in a single attack”. They could do this without being identified, taking control of any online accounts accessed through the TV as well as looking for vulnerable devices on the same network.

Oren and Keromytis told Forbes magazine that they had warned the body responsible for the standard only to be told the attack wasn’t severe enough to merit any action. HbbTV has been adopted in many European countries including France, Germany and Spain – although the standard is not widespread in the UK and has not been introduced to North America.