On Fri, Nov 27, 2020, 6:01 PM Alex Smirnoff <arke...@gmail.com> wrote:
> Assuming poor software quality of typical TV firmware and codecs, DVB > should be pretty easy exploitable. However, I doubt a compromised TV could > do serious harm to your computer via HDMI. Speaking on your demo.. there is > a lot of factors to be involved. Chaining a Xen exploit to Chrome might be > possible.. but unprobable, for a multitude of reasons. > My reasoning about the WiFi was three fold. 1. TV's are often encoded to deliberately export use intelligence data to be utilized by the advertisers and ratings organizations. The camera and microphone, if installed, are actually designed and used to watch and listen to the family watching the programs. Zero privacy, and you may even have no way to disconnect it, so denying it any network access is your only hope to stop exfiltration. 2. Having a presence on any network leaves it open to external exploit where the above sensors are available for surveillance of the target family. 3. More recent sets are actually programmable, from the network, and can have software (e.g. android) apps or plugins installed by the adversary which that app then has complete access to all the features of the set including the display buffers, sensors, and network. Its a computer in its own right and should be treated as such. If the TV set programmers coded the it to auto connect to any available open WiFi then that set is actually dangerous, as it can give a foothold from which to attack other machines on that network. If its your own network that is doubly bad news. The question remaining is what can the adversary then do to communicate back through the video connection. Hdmi is bidirectional so buffer overflow exploits are clearly possible. But no matter what, one simply has to assume the adversary already has what is displayed on the screen. Denial of network access is the key to keeping *most* adversaries out. Testing the sets WiFi situation would be the absolute bare minimum to be sure you are safe (enough?). But if you think you are being targeted by some advanced adversary for some reason then I would simply not use one of these as a monitor. There are just too many ways to hack one. I can not discuss that specific demo I previously spoke about other than to say, I know exactly what they did, and they can not use that same trick today. I have worked with people quite capable of waltzing through your system and you wouldn't know they were there. They reverse engineer hardware and play a form of "capture the flag(the file contents stored on some chosen hardware/machine)" for fun and recognition, and the choice of hardware is often quite amusing. Spooks like to have fun too. I'm retired now, but the stories I could tell if I were only allowed to. I'll just say there is a reason I use qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDngisj%3Dk5phFVYhbO_89uK4grDDdDRb-xEbhYNyZYsswnw%40mail.gmail.com.