Security News

Smart TVs are spying on everyone
2024-10-09 22:15

Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Smart TVs are watching their viewers and harvesting their data to benefit brokers...

LG smart TVs may be taken over by remote attackers
2024-04-09 17:50

Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted access to the devices. The number of potentially exploitable internet-connected devices is likely smaller, as LG has patched the vulnerabilities on March 22, 2023, and some of the users have either applied the updates or have set their TVs to perform updates automatically.

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
2024-04-09 13:05

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

Over 90,000 LG Smart TVs may be exposed to remote attacks
2024-04-09 13:00

Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, including authorization bypasses, privilege escalation, and command injection. The potential attacks hinge on the ability to create arbitrary accounts on the device using a service that runs on ports 3000/3001, which is available for smartphone connectivity, using a PIN. Bitdefender explains that although the vulnerable LG WebOS service is supposed to be used only in local area networks settings, Shodan internet scans show 91,000 exposed devices that are potentially vulnerable to the flaws.

Vast botnet hijacks smart TVs for prime-time cybercrime
2024-01-18 10:15

Security researchers have pinned a DDoS botnet that's infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi. "The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability," said researchers at Chinese security biz Qianxin.

Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign
2023-10-09 01:27

Infosec in brief Bot defense software vendor Human Security last week detailed an attack that "Sold off-brand mobile and Connected TV devices on popular online retailers and resale sites preloaded with a known malware called Triada." Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human's researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX. Analysis of infected devices yielded intel on an ad fraud module Human's researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android.

Careful: 'Smart TV remote' Android app on Google Play is malware
2021-11-11 07:45

Two Android apps available on the Google Play store have been found to contain malware this week. Smart TV remote app packs 'Joker' malware.

Massive Android Botnet Hits Smart TV Ad Ecosystem
2021-04-22 00:16

Security researchers at Human Security have discovered a massive botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem. The sophisticated mobile botnet, dubbed Pareto, is made up on nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices.

Authentication Bug Opens Android Smart-TV Box to Data Theft
2020-10-13 16:36

The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more. A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control.

Who watches the watchers? Samsung does so it can fling ads at owners of its smart TVs
2020-09-30 16:15

Samsung brags to advertisers that "First screen ads", seen by all users of its Smart TVs when they turn on, are 100 per cent viewable, audience targeted, and seen 400 times per TV per month. "Dear Samsung, why are you showing Ads on my Smart TV without my consent? I didn't agree to this in the privacy settings but I keep on getting this, why?" said a user on Samsung's TV forum, adding last week that "There is no mention of advertising on any of their brand new boxes".