A new hack that targets smart televisions using over-the-air broadcasts has been discovered that allows hackers to take complete control of a targeted device.

The proof-of-concept exploit uses a transmitter to embed malicious commands into a rogue TV signal. The signal, which is broadcast to nearby devices, exploits two known security flaws in the web browsers running in the background of most smart television sets, giving the attacker highly privileged root access to the device.

According to Ars Technica, a demonstration from security consultant Rafael Scheel saw two fully updated Samsung smart TVs being successfully hijacked and taken over using the method and the technique would likely work on a much wider range of TVs.

“Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways,” Scheel told Ars. “Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.”

The hack relies on the ability to add data to a digital video broadcasting terrestrial transmission, a standard that is used by digital television sets outside of North America. Although at this stage the hack has not been used in the wild, the fact that it’s possible once again highlights the ongoing risks associated with Internet of Things devices.

“This research is significant because TVs are used by a fundamentally different demographic than computers,” security researcher Yossef Oren told Ars. “People who use TVs don’t know/care about security, they aren’t used to getting security prompts from their TVs, they don’t have the discipline of installing security updates, and so on.”

Picture: jeepersmedia/Flick