IFA 2012: Cyber Criminals Focusing on Smart TVs

With Smart TVs,  the behaviour of the Internet community could fundamentally change: where notebooks or tablet PCs were once used for surfing on the couch, Smart TVs might be the device of choice in the future. The tablet or smartphone is only used as the control or handy keyboard. This means enormous customer potential for shopping portals and providers of paid services, such as video on demand services. Potential which according to G Data Security Evangelist Eddy Willems is bound to attract cyber criminals as well.

"The boundaries between smartphone, PC and television are being increasingly blurred. You can watch TV on smartphones and you can surf the net with a Smart TV. Internet television offers potential targets for attack, which malware authors will try to exploit," warns Eddy Willems. He notes that if perpetrators succeeded in introducing infected apps into the providers' marketplaces or infecting Smart TVs through drive-by downloads, the consequences would be hard to predict. "In the future, it is possible that home TVs could be abused for DDoS attacks on companies, industrial installations or hacking passwords. We think that cyber criminals are already using the freely available software development kits from the TV manufacturers to discover opportunities for attack. We expect the first proofs of concept to be published soon."

Why are Smart TVs attractive to attackers?

• -    New target group: Smart TVs enable perpetrators to tap a whole new target group: people who have not used computers at home for Internet access in the past are now online. That is, the number of web-enabled devices multiplies just like the online time of the individual users.
• -    Paid services: Many Smart TV users could soon use the television instead of the computer for shopping online and leave the computer turned off. As with PCs and smartphones, the personal access data of the owners, such as the login data for paid services or email accounts, are a lucrative target for cyber criminals.
• -    Attacks through Smart TVs: The graphics processors in the TVs are very powerful and well-suited to brute force attacks on passwords. A corresponding botnet consisting of televisions could provide the "hack passwords" service cheaply and quickly.
• -    Personal data targeted: Many manufacturers already equip devices with an integrated camera and Skype. This means that people could become media stars against their will if criminals manage to get control of the TV. In addition to invading people's privacy, cyber criminals could also make information about the furnishings of the house available to other criminals with the consequence that burglars could easily check out a house before deciding whether it's worth breaking into.

What can we expect in the future?
"Smart TVs are only one example of the increasing blurring of past device boundaries. The networking of a wide range of different devices and the connection to the Internet offer many opportunities – but also new attack vectors for cyber criminals. The IT security industry can rapidly respond to new threats. However, many users of Smart TVs still have to realise that they are exposed to the same threats as other Internet computers," forecasts Eddy Willems. It remains to be seen when the first malware for Smart TVs will reach the lounge rooms.