News

Smart TVs are Vulnerable: Codenomicon Crashes Home Entertainment

OULU, FINLAND and SARATOGA, CA, USA, June 21, 2012 -- Codenomicon, the leading vendor of proactive security solutions, warns consumers about the poor stability of name-brand smart TVs. Based on Codenomicon's robustness test results using smart model-based fuzzing tools, all of the tested units failed in multiple test suites against critical communication protocols.

"It was disappointing to discover that so many of name-brand TVs crashed with video and DVB protocols, when those are the core functionalities in the TVs", says Rikke Kuipers, the leading security specialist. "The potential for vulnerabilities in these devices is relatively high, and the threat scenarios increase as the smart TVs become more and more popular in regular households", he continues.

Codenomicon Labs robustness tested six well-known TV manufacturers' top model smart TVs. The bad news is that none of them cleared all of the tests, where critical communications protocols were scrutinized. More details, the research results and their implications can be found in the published research report titled 'Smart TV Hacking: Crash Testing Your Home Entertainment'.

The research is part of a series of publications in testing embedded devices used by home consumers. Devices tested by researchers at Codenomicon Labs include home routers, storage devices, smart-tv:s and printers. The purpose of the research is to illustrate the quality and security of widely used consumer electronics.

Codenomicon will not disclose any details of the vulnerabilities in order to protect the users of those devices.

What are Smart TVs?

Smart TVs refer to modern television devices which are connected to the Internet. They have become increasingly popular among the general public due to their rich media content. These features, however, expose them to similar threats commonly found in other networked devices.

What is Fuzzing?

Fuzzing is a functional black-box testing technique, in which unexpected, abnormal inputs are generated and then fed to the system under test and the behavior of the device is monitored. If the SUT crashes, then there is a bug in the software. The main benefit of fuzzing is its unparalleled ability to find unknown zero-day vulnerabilities.

More information and download the white paper at:
http://www.codenomicon.com/resources/whitepapers/2012-smart-tv-hacking.shtml

More information on fuzzing:
http://www.codenomicon.com/products/buzz-on-fuzzing.shtml

About Codenomicon Ltd

Codenomicon finds security vulnerabilities others can't find. Companies rely on Codenomicon's solutions to discover zero-day vulnerabilities that cause Denial of Service (DoS) and data leakage if exploited by hackers -- the unknown vulnerabilities Advanced Persistent Threats (APTs) use to break into systems. Codenomicon's customers include Alcatel-Lucent, AT&T, Cisco Systems, Microsoft, Motorola, Google, Verizon, Nokia Siemens Networks, Huawei, and T-Systems.