True to my promise to my friends at techece I am restarting my posting on the blogosphere.
To start off, I decided to touch upon a topic that is kind of related to my work viz security for connected devices. Home networking is the way things are headed in the consumer electronics world. It is already happening and pretty soon seamless content sharing and networking of all electronic home devices will be the norm. In this aspect I have wondered earlier whether the devices in your home including your TV and other infotainment devices are secure enough when compared to a PC/Laptop at your home. Well, looks like my thoughts were not entirely unfounded.
According to an article on the New York Times the vulnerability of such devices is indeed high. Quoting from the article,
Given the high profile launches of Google TV this holiday season in the US, this is most likely a TV from one of the few to launch Google TV viz Sony, Logitech or LG.
A further visit to the Mocana website yielded the research paper on "Vulnerability Assement of XYZ Internet Connected HDTVs".
Quoting from the paper, the key groupings under which the security aspects that were studied are,
To start off, I decided to touch upon a topic that is kind of related to my work viz security for connected devices. Home networking is the way things are headed in the consumer electronics world. It is already happening and pretty soon seamless content sharing and networking of all electronic home devices will be the norm. In this aspect I have wondered earlier whether the devices in your home including your TV and other infotainment devices are secure enough when compared to a PC/Laptop at your home. Well, looks like my thoughts were not entirely unfounded.
According to an article on the New York Times the vulnerability of such devices is indeed high. Quoting from the article,
Researchers at Mocana, a security technology company in San Francisco, recently discovered they could hack into a best-selling Internet-ready HDTV model with unsettling ease.
They found a hole in the software that helps display Web sites on the TV and leveraged that flaw to control information being sent to the television. They could put up a fake screen for a site like Amazon.com and then request credit card billing details for a purchase. They could also monitor data being sent from the TV to sites.
Given the high profile launches of Google TV this holiday season in the US, this is most likely a TV from one of the few to launch Google TV viz Sony, Logitech or LG.
A further visit to the Mocana website yielded the research paper on "Vulnerability Assement of XYZ Internet Connected HDTVs".
Quoting from the paper, the key groupings under which the security aspects that were studied are,
- Review of the base operating system (OS).
- Review of the firmware updating process.
- Review of media parsing functionality.
- Review of protocol handling functionality.
- Review of third-party “Apps.”
Being from the industry, I concur with some of the the findings of the report.
The OS vulnerabilities itself are something that is of lower priority given that most OS are found across industries and a fair amount research has been done in this direction.
The firmware updating process too should not be a major issue given that most of the formats for the firmware are proprietary and closely guarded. Additionally the firmware delivery and authentication mechanisms are fairly robust. The same is true for protocol handling.
However, the support for third party Apps and media parsing are something that need to be further reviewed. Especially the third party Apps due to the fact that many a times vulnerabilities of third party apps ( in the PC world ) expose the chinks in the system and the amount of activity that goes in this space ( both in mobile phones and other CE devices ) is a cause for concern.
The entire report can be found here.
Image Courtesy: www.faqs.org