At the beginning TV were just supposed to be TV. They were used to make people's life happier. Nowadays, TV are fully-featured PC, having a proper OS, camera, microphone, web browser, and applications. They still make people happy. Especially the malicious ones. This talk will detail the current status of Smart TV, exploring their attack surface, detailing possible areas of interest, and demonstrating some issues the speakers found while assessing the security of Smart TV from different vendors.
Authors: Donato Ferrante, Luigi Auriemma
Prior to founding ReVuln Ltd., Donato was a Security Researcher for Research In Motion (Blackberry), where his daily job was performing security research and vulnerability assessments of RIM authored code, products and services including infrastructure, devices, and QNX operating system. Before moving to RIM Donato analyzed and reversed several rootkits, malware, mobile malware and exploits for Sophos Antivirus. He presented one of his research projects on Java malware and Java Virtual Machine exploits (inREVERSE) during the CARO workshop in Prague. Donato found several vulnerabilities in well-known commercial products and open source software and his first public disclosed security advisory was released in 2003.
Luigi has been in the security field for more than a decade, as an Independent Security Researcher (aluigi.org) he is a world recognized expert in this field and discovered more than 2000 vulnerabilities in widely used software. The following are some key points of Luigi's work. Highest number of security vulnerabilities disclosed in SCADA/HMI software: General Electric, Siemens, ABB, Rockwell, Invensys, Schneider, InduSoft, CoDeSys and many others. Most known server-side Microsoft vulnerabilities found by him: ms12-020, ms11-035. Research on Smart TV vulnerabilities. Security vulnerabilities affecting the most diffused multiplayer game engines, libraries, middleware and games.