On Fri, Nov 27, 2020, 6:01 PM Alex Smirnoff <arke...@gmail.com> wrote:

> Assuming poor software quality of typical TV firmware and codecs, DVB
> should be pretty easy exploitable. However, I doubt a compromised TV could
> do serious harm to your computer via HDMI. Speaking on your demo.. there is
> a lot of factors to be involved. Chaining a Xen exploit to Chrome might be
> possible.. but unprobable, for a multitude of reasons.

My reasoning about the WiFi was three fold.

1. TV's are often encoded to deliberately export use intelligence data to
be utilized by the advertisers and ratings organizations. The camera and
microphone, if installed, are actually designed and used to watch and
listen to the family watching the programs. Zero privacy, and you may even
have no way to disconnect it, so denying it any network access is your only
hope to stop exfiltration.
2. Having a presence on any network leaves it open to external exploit
where the above sensors are available for surveillance of the target family.
3. More recent sets are actually programmable, from the network, and can
have software (e.g. android) apps or plugins installed by the adversary
which that app then has complete access to all the features of the set
including the display buffers,  sensors, and network. Its a computer in its
own right and should be treated as such.

If the TV set programmers coded the it to auto connect to any available
open WiFi then that set is actually dangerous, as it can give a foothold
from which to attack other machines on that network. If its your own
network that is doubly bad news.

The question remaining is what can the adversary then do to communicate
back through the video connection. Hdmi is bidirectional so buffer overflow
exploits are clearly possible. But no matter what, one simply has to assume
the adversary already has what is displayed on the screen.

Denial of network access is the key to keeping *most* adversaries out.
Testing the sets WiFi situation would be the absolute bare minimum to be
sure you are safe (enough?). But if you think you are being targeted by
some advanced adversary for some reason then I would simply not use one of
these as a monitor. There are just too many ways to hack one.

I can not discuss that specific demo I previously spoke about other than to
say, I know exactly what they did, and they can not use that same trick
today. I have worked with people quite capable of waltzing through your
system and you wouldn't know they were there. They reverse engineer
hardware and play a form of "capture the flag(the file contents stored on
some chosen hardware/machine)" for fun and recognition, and the choice of
hardware is often quite amusing. Spooks like to have fun too. I'm retired
now, but the stories I could tell if I were only allowed to.

I'll just say there is a reason I use qubes.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to