Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmSmart TV hack embeds attack code into broadcast signal—no access required | Ars Technica2017-04-06T20:48:33+00:00
https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/
jmThe proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue [DVB-T] signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
]]>dvb-t tv security exploits samsung smart-tvs broadcasthttps://pinboard.in/https://pinboard.in/u:jm/b:d67a366eb621/What Vizio was doing behind the TV screen | Federal Trade Commission2017-02-07T11:17:18+00:00
https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen
jmStarting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio even retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without clearly telling consumers or getting their consent.
What did Vizio know about what was going on in the privacy of consumers’ homes? On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.
Vizio then turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others. And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership. And Vizio permitted these companies to track and target its consumers across devices.
That’s what Vizio was up to behind the screen, but what was the company telling consumers? Not much, according to the complaint.
Vizio put its tracking functionality behind a setting called “Smart Interactivity.” But the FTC and New Jersey AG say that the generic way the company described that feature – for example, “enables program offers and suggestions” – didn’t give consumers the necessary heads-up to know that Vizio was tracking their TV’s every flicker. (Oh, and the “Smart Interactivity” feature didn’t even provide the promised “program offers and suggestions.”)]]>privacy ftc surveillance tv vizio ads advertising smart-tvshttps://pinboard.in/https://pinboard.in/u:jm/b:a03e23c9fba0/Samsung's smart TVs are inserting unwanted ads into users' own movies2015-02-12T12:41:41+00:00
http://www.theverge.com/2015/2/11/8017771/samsung-smart-tvs-inserting-unwanted-ads
jmadvertising tv samsung smart-tvs iot horrible adshttps://pinboard.in/https://pinboard.in/u:jm/b:2440d8103fc2/