Computer scientists say 'red button attack' leaves millions of smart TVs vulnerable

Flaw in the HbbTV standard gives hackers a way in to home networks

James Vincent
Monday 09 June 2014 17:51 BST
An exhibitor demonstrates a Samsung Smart TV at the IFA consumer electronics fair in Berlin, August 31, 2011.
An exhibitor demonstrates a Samsung Smart TV at the IFA consumer electronics fair in Berlin, August 31, 2011. (Reuters)

Support truly
independent journalism

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas


Computer scientists from Columbia University have warned of a critical vulnerability in smart TVs that lets hackers quickly and anonymously hijack home networks.

In a recently-published paper Yossi Oren and Angelos Keromytis say the so-called ‘red button attack’ (named after the button on remote controls that bring up interactive content) allows hackers to post spam through users' social networks, launch attacks against other computers and even hijack the microphones and cameras built into some TVs.

The attack affects any device that is compatible with the HbbTV industry standard (it's short for hybrid broadcast-broadband) which the researchers says is deeply flawed, essentially offering an open network to any individual with a cheap radio amplifier and a few lines of code.

Oren and Keromytis say that with a £260 device a hacker in an urban area could target “more than 20,000 devices in a single attack”. They could do this without being identified, taking control of any online accounts accessed through the TV as well as looking for vulnerable devices on the same network.

Oren and Keromytis told Forbes magazine that they had warned the body responsible for the standard only to be told the attack wasn’t severe enough to merit any action. HbbTV has been adopted in many European countries including France, Germany and Spain – although the standard is not widespread in the UK and has not been introduced to North America.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in