Smart TVs will soon be targeted by hackers using radio frequency transmitters costing as little as $250, according to computer scientists from Columbia University in New York.
Hybrid broadcast-broadband televisions (HbbTVs), common throughout Europe and increasingly bought in the US, are vulnerable to having malicious scripts injected into webpages embedded in the broadcast stream, the academics said.
Post-doctoral research scholar Yossef Oren and associate professor Angelos Keromytis added: "The essence of the problem we address lies in that the hybrid TV now connects the broadcast domain, which has no authentication or protection infrastructure, to the broadband Internet domain.
"This allows the attacker to craft a set of attacks which uniquely do not attack the TV itself, but instead attack through the TV."
The hack can take place without the knowledge of the viewer, desisting only when the channel is changed or the set is turned off. If a user has previously logged on to a website the hacker can also use it in their stead.
As attackers make use of a digital terrestrial television transmitter no traceable signal is left in the form of an IP address or domain name systems (DNS) record. Though several car-mounted receivers can triangulate the source of an attack, in practice this is expensive.
Oren and Keromytis said that possible attacks that could take place on smart TVs include distributed-denial-of-service (DDoS), defrauding of online polls, generating forum spam, hack viewers' social media accounts, and even phishing.
"The attacks described in this paper are of high significance, not only because of the very large amount of devices which are vulnerable to them, but because they exemplify the complexity of securing systems-of-systems which combine both Internet and non-Internet interfaces," they added.
"Similar cyber-physical systems will become increasingly more prevalent in the future Internet of Things, making it especially important to analyze the weaknesses in this system, as well as the limitations of its proposed countermeasures."