Avast Reveals How Criminals Could Hack Smart TVs To Gain Control Of Homes

Security researchers at Avast have hacked a Vizio smart TV and gained access to the WiFi network the device connects to, exposing a weakness in the Internet of Things (IoT) with a basic ‘Man in the Middle’ (MITM) attack.

Avast researchers said their aim was to “show just how much a regular person can be affected by vulnerabilities within a smart device.”

Attack vectors

They experimented with a few different attacks, including a simulated MITM, the injection of an SSID, and the decoding of the device’s binary stream.

“In the end, we found that the smart TV we were inspecting actually broadcast fingerprints of users’ activities, whether they agreed to the device’s privacy policy and terms of services when first setting it up,” they said in a blog post.

“In addition, we uncovered a vulnerability within the device that could serve as a potential attack vector for an attacker attempting to access a user’s home network. Since this all sounds pretty creepy, it’s important to note that Vizio successfully resolved these issues upon being notified of our findings.”

Gaining control of a WiFi network via a Smart TV attack could be accomplished by hijacking DNS and serving malicious control data to the TV. “As the TV calls out to a control server by default and does not verify the authenticity of the control server, it allows an attacker in without the need for any incoming ports to be opened,” the researchers explained.

How much do you know about IoT? Take our quiz!