Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wow, others have said it but they really missed the point. Most of it is just kind of annoying because they're missing the point, but this sentence really stuck out to me (snipped to only show the important parts, there's a bunch of stuff in the middle that's also annoying): "By connecting to the internet [you get] security and features updates". Did they seriously argue that you need to connect to internet, otherwise how will you keep the internet connection secure? Everything else was annoying, that made me want to throw things.


There are other attack vectors of a TV. For example, most TVs have a usb.

Imagine an attack in which an attacker gains physical access to your TV and loads malware onto your TV via USB. Now the infected TV is communicating with a nearby WIFI hotspot to upload the audio recordings from the TV's microphone (that exists for voice commands).

I think the TV is malware out-of-the-book if connected to a network connection. Either way it's actually a huge vulnerability.


If your threat model involves people hijacking your TV to spy on you, and one of these attackers managed to enter your home, you are already toast no matter what.


1. There's no defense against an attacker with physical access

2. The malware you're describing is the main argument against smart TVs. It's installed by the manufacturer, at the factory, and receives regular updates. No third party attacker required.


The idea is that if the TV does not have WiFI or microphone capabilities, none of these are security issues.


Exactly. The attack vector that matters in practice is having an internet connection and a bunch of unnecessary built-in spy devices and protecting against that is as easy as not having them and allowing people to make their own choices from different vendors about what will be most secure if they do want them (it's easier to replace a Roku or whatever than an entire TV if it stops getting security updates or is found to have a bad privacy record or whatever).


In this theoretical scenario where there’s an evil person in my house that wants to record what I say, it would be way easier for them to just put a microphone behind one of my paintings


And cut the eyes out so they could also watch


But… the tv isn't connected to wifi so how would it communicate to the nearby wifi?


>Imagine an attack in which an attacker gains physical access to your TV and loads malware onto your TV via USB

My threat model doesn’t include attackers that surreptitiously gain access to my home and execute a physical attack against my devices.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: