Last week you may have read a headline that blared "100 million TVs will be Web-connected by 2016." Regular readers of this blog know I'm always on the lookout for new threats, so the question naturally arises: Will Internet TVs will be hacked as successfully as previous generations of digital devices?
Of course they will!
[ Also on InfoWorld: No system is immune, as proven by the recent Mac malware attacks. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Nothing in a computer built into a TV makes it less attackable than a PC. Internet-connected TVs have IP addresses, always-on network interfaces, CPUs, storage, memory, and operating systems -- the details that have offered hackers a bounty of attack choices for the last three decades.
Can we make Internet TVs more secure than regular computers? Yes. Will we? Probably not. We never do the right things proactively. Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection.
I've successfully hacked Internet-connected TVs before. When I worked at Foundstone, my penetration-testing team got paid to try and break into the world's largest cable television provider's set-top box -- one of the first so-called IP TVs. Regular televisions were connected to set-top boxes, which were simply a custom personal computer appliance running a specialized version of BSD.
Our goal was to see if we could hack into the set-top box, steal customer personal information, pirate services, and incur denial-of-service conditions. Just for yucks, I added two more objectives: to see if we could steal porn (typically, one of the biggest revenue streams for cable companies) or force porn onto another television that was watching Disney content, with the idea that offended customers would drop their service.