back to article Smart TVs riddled with DUMB security holes

It's been known for some time that “smart TVs” are dumb about security, but a German researcher has demonstrated that the stupidity goes so far as to enable remote snooping or even a takeover of the in-set computer. Nruns researcher Martin Herfurt has taken work begun at the Darmstadt University of Technology to demonstrate a …

COMMENTS

This topic is closed for new posts.
  1. Christian Berger

    That's actually much better than expected

    Since TVs today usually have a decent operating system kernel, we are now at that level. It's much worse for SCADA systems which sometimes just behave erratically when you portscan then.

    So of course DNS spoofing works, it works for everything, and I'd expect it to work as a feature not a bug. In fact the far bigger problem with those sets is that they don't seem to be decently configurable. Can you, for example, add your own playlist with video streams to it?

  2. Sir Runcible Spoon

    Sir

    Disable wi-fi, use a wire - is it that easy?

    1. Anonymous Coward
      Anonymous Coward

      Re: Sir

      Then channel a run in your wall, replaster run the cabling under the floorboards, up a flight a stairs and through a couple of walls.

      Jobs a good un.

      1. Cameron Colley

        @AC

        Yup, just like you do with cable TV, satellite TV and terrestrial TV signal cables. If your house isn't already wired for CAT6 then you might as well use it as an excuse to the wife. If you're in rented accommodation it could be more difficult but any landlord who doesn't allow CAT6 or cable ducting or another solution isn't doing themselves any favours.

        Yes, I do realise there are exceptions and the above is not a judgement if you haven't run CAT6.

    2. Daniel B.
      Boffin

      Re: Sir

      Yup. WiFi is for mobile devices, using WiFi for stuff that doesn't move often (desktop PC, TV, PS3/Xbox) is for lazy people.

    3. SleepGuy

      Re: Sir

      Yeah, but then it wouldn't be as interesting! These types of articles seem to presume that people at home give their TV's (or whatever device is so "insecure") a public IP address.

  3. teapot9999
    WTF?

    Not so smart

    I have a 'smart' Sony TV that once the picture appears still takes upto a minute before it will respond to the remote control as it is presumably booting up a whole load of cr*p that I will never use

    1. This Side Up
      Flame

      Re: Not so smart

      I have a dumb Sony HDD/DVD recorder that's just as bad. Also you have to push the TV/DVD button before sound comes out of the audio outputs, although there is a picture of sorts (jerky) on the HDMI output and some feint breakthrough of the sound straight away. Changing channels can take several seconds. It won't accept any commands while it's starting up. Sorry Sony, never again!

    2. Fatman
      FAIL

      Re: Not so smart

      SONY

      Did you say SONY???

      <snark>

      I know why it takes so dammed long - it is infected with their rootkit

      </snark>

  4. Captain Queeg
    Thumb Down

    Hmmm....

    > He suggests that TV manufacturers do more work to make the browsers secure and configurable by users.

    Oh, no. Can we not have one piece of equipment remaining that doesn't require endless configuration and represent a security threat - particularly something as generic and widely used as a TV.

    I doubt I'll be heading off for a Smart TV any time soon if it's yet another device to manage. :/

    1. Maharg

      Re: Hmmm....

      Totally agree, I can imagine in ten years’ time a similar article being written about ‘smart fridges’…

      Seriously, I have a phone, laptop and PC that all connect to the Internet, the TV is used for watching TV, I feel the same way about buying films to watch on my phone, When will I want to watch a film on my phone? If I have 3 hours to kill with nothing to do but look at my phone I am wasting my life, even trains have a bar, personally if I wanted to watch films with crap sound and on tiny screens I will sit further away from my TV and watch it through a pair of binoculars backwards while wearing earmuffs.

      1. pPPPP

        Re: Hmmm....

        That's if the battery lasts that long.

    2. Anonymous Coward
      Facepalm

      Re: Hmmm....

      "I doubt I'll be heading off for a Smart TV any time soon if it's yet another device to manage. :/"

      Why worry? I can't see the People's Liberation Army First Battalion, Socialist Hackers spending much time looking to get inside your TV or mine. But let's assume you offend them on El Reg, and they hunt you down through cyber space like a dog. What then? They turn off Corrie at a critical moment when the wife is watching? Or they lock your tuner to BGT, XFactor, The Voice and Big Brother, with occaisional punishment showings of Top Gear? I can't say I'm too frightened myself.

      This lack of security doesn't matter, and won't matter until your TV is the hub of something important. Even managing the ficrtious future "smart home" isn't a worthwhile target. It's only when the TV is a fully functioning computer that you routinely use for (eg) home banking, web browsing, email, and has the capacity to participate in botnet operations that it's a target. Judging by my "smart" TV we're about fifty years away from that.

  5. Anonymous Coward
    Windows

    Sigh**

    Another day, another security issue.

    But on the grand scheme of things, its a pretty miserly one.

    I have a smart TV (samsung) and think it's great, but some of the most basic functionality is missing.

    IE, being able to delete the kids channel app!! I DONT HAVE KIDS, i hate the little noise makers so WHY do i want a kids app? I dont, but can i remove it!!! No, course not.

    Frankly, i'd prefer to see money spent on making the thing user configurable BEFORE farting around with a supposed (and frankly) tiny potential threat....

    1. Wize

      Re: Sigh**

      Its only a 'tiny' threat till it gets exploited.

      Imagine one of your friends wanting to use your wifi at your house on their phone/tablet (could be just to check in on the office as they are on call). Your TV could be infected if their phone is compromised. Then you'll have an almost permanently infected device the wrong side of your firewall.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sigh**

        "Imagine one of your friends wanting to use your wifi at your house on their phone/tablet (could be just to check in on the office as they are on call). Your TV could be infected if their phone is compromised. Then you'll have an almost permanently infected device the wrong side of your firewall."

        This is the reason I have 2 networks, an "internal" network with all the PCs hard-wired to and WAP for my trusted WiFi devices all behind a server/firewall/gateway connected an "external" network for untrusted/guest access with wireless isolation turned on (devices can only connect to the router and not other devices on the network).

        Granted with this setup the TV would need to be wired to be able to access the media server, but as a poster above mentioned, non-movable devices should be wired anyway.

      2. Anonymous Coward
        Windows

        Re: Sigh**

        I have no friends!!!

        On a more serious note, you raise valid points but the risk is so tiny (at the moment) and i suspect that most serious vulnerabilities will be **nailed pretty quickly as bad press about such an issue will only reflect badly on the manufacturers involved..

        **in an ideal world of course, where consumers come before profit....

        Ohh, sorry, wrong universe.........

  6. pewpie
    Thumb Up

    Smart X

    Seems that as with phones - the only truly smart option is to buy a dumb model. (still rocking my Mockya 6600)

    1. Anonymous Coward
      Anonymous Coward

      Re: Smart X

      6600, keep your new fangled rubbish, I'll keep my 6310i !

  7. Dodgy Geezer Silver badge
    Alert

    Where are the attacks...?

    And yes, those attacks include Bitcoin mining – although The Register presumes you'd need a lot of televisions to get anywhere..

    Not many items out there - it's not worth attacking.

    But wait until ALL TVs are smart, and then you'll see the attacks.

    PS - I use the OPERA browser for the above reason...

    1. AGR
      Coat

      Evil Genius Charter

      "But wait until ALL TVs are smart, and then you'll see the attacks."

      Thus paving the way for various Dr. Evils to take over our sets simultaneously so that they can tell us of their plans for world domination…

      Mine has the furry white cat in the pocket...

      1. edge_e
        Alert

        Re: Evil Genius Charter

        I can't see Dr Evil being bothered with this.

        What you will see though, is every "smart" set in the country tuning to 4music whenever they show a rick gastly video.

        That really is a reason not to buy one.

    2. Nigel 11

      Re: Where are the attacks...?

      Just as long as it's not SO smart that one can't simply "forget" to connect it to the internet.

      Of course, that's kind of begging the question of how much longer broadcast TV will exist. I suspect Digital TV may go the way of analogue TV within a couple of decades. Internet TV or no TV thereafter.

    3. Anonymous Coward
      FAIL

      Re: Where are the attacks...?

      PS - I use the OPERA browser for the above reason...

      Remind me again how using Opera prevents packet sniffing and data injection?

      1. Anonymous Coward
        Anonymous Coward

        Re: Where are the attacks...? @Lost all faith

        "Remind me again how using Opera prevents packet sniffing and data injection?"

        It might have been a joke about Opera having so few users it's not a target for anything. Hope so - it'd be nice to see someone being able to joke about their browser choice around here :)

  8. Kaltern
    FAIL

    I always found the whole Smart TV idea a bit odd. After all, I already have a device that uses a large screen to access the internet, use apps, play games.

    It's called a PC.

    1. JediHomer
      FAIL

      And more importantly...

      ... has a keyboard...

      I tried once to send a tweet from my smart TV... very painfull..

      1. Captain Scarlet Silver badge
        Facepalm

        Re: And more importantly...

        I connected my Samsung Blu Ray once and was about to watch a film, an hour later it finished updating the os and all the apps that I wasn't bothered about.

        Sometimes the smart functions are just overkill when you just want to you know play a movie (Same with pc games I play maybe once a month)

      2. Mark .

        Re: And more importantly...

        Yes - it's about as painful as trying to use a PC to watch videos on your TV. It's awkward using a remote control to type a tweet on a TV, and it's awkward having to get up and use a mouse to control your TV.

        That's the point, by making a TV a computer, there's a lot more ways you can now easily watch TV (on-demand, downloaded content, etc).

        1. Kevin 6

          Re: And more importantly...

          "and it's awkward having to get up and use a mouse to control your TV."

          If you are using a PC on the TV most people would have invested in a wireless mouse(and keyboard) as they are not that expensive. On my PC I used to have hooked up to the TV I used to use a wireless presenter mouse (looked a lot like a remote control), and it did a bang up job.

          Stopped using the PC on the TV cause we replaced it with a smart TV that can play avi, and mkv's straight off a USB hard drive better then the pc I had hooked up could(original atom board)

          1. Mark .

            Re: And more importantly...

            True, but then I think you can get wireless keyboards to tweet on a smart TV :)

            But yes, both ways have their pros and cons. Like you I used to use the PC method a lot for playing video files, but now the smart TV method is just a bit easier most the time.

            1. Cameron Colley

              Re: And more importantly...

              Mouse and keyboard to control video from my PC? Why would I do that when I've a perfectly good iPad that makes a good trumped-up remote control (and not much else)?

    2. Mark .

      Well, I think the "You can play games, 'apps' and read Facebook on your TV" is a bit ridiculous[*], but the features do help for watching TV. Even though I have a PC connected to the TV, it's easier to just use the TV remote to play a video file over the wireless network, than it is to switch to the PC input, then walk over and faff with the mouse to play the file.

      If I want to play content from my laptop/phone/etc, I can send it straight to the TV without having to get up and plug it in with cables.

      If I want to watch something on iplayer, Youtube etc, I can do it without going through the PC.

      And having functionality that's included as standard is probably easier for most than setting up and connecting a computer. The point is that different ways work for different people (e.g., some will say they don't need a PC if they do it through a console; others make a smart TV with an external box instead of it being built in). Yes, if "smart TV" didn't exist, there'd be other ways of achieving the same thing, but it's still a useful easy addition to the ways that we can now do those things.

      [*] Especially as the same media/adverts tell me I should be watching TV on a laptop/tablet. It's like backwards world.

  9. Anonymous Coward
    Anonymous Coward

    Useful

    It would be nice to be able to modify the TV and take some of the junk off the menus, and block "sponsored partner of the day" apps completely.

    So: how do I use this info to get a command line on my Samsung?

  10. DrXym

    Smart TVs are dumb full stop

    All that fancy smart code in a "smart" TV will be bitrotten and broken in 3 or 4 years as backends are turned off, deprecated, frozen or whatever. Why even bother paying a premium for it? For less money you could buy a separate STB and if / when that suffers the same consequence you can replace the box instead of the whole TV.

    1. Joseph Lord

      Re: Smart TVs are dumb full stop

      If you need a new TV the additional cost for an internet capable one (I'm not keen on "Smart" either) is zero as all except the super budget ones now have it and you probably wouldn't want them for other reasons. The hardware cost of a non-wifi internet TV is negligible as an Ethernet adapter costs only pennies.

      When it no longer meets your needs THEN buy a STB that does. Or if you don't want/need an new TV then certainly just buy the STB.

    2. Mark .

      Re: Smart TVs are dumb full stop

      Not true - above a certain point, smart TV is standard. It would have cost me more to buy an equivalent smartless TV with a separate box. (It's the same with 3D - I thought there's no point paying a premium for a rarely used gimick, but the TVs I was wanting to get all had it as standard anyway.)

      Some smart TVs are actually now done as having upgradeable parts.

      Whilst it might be that online TV services stop supporting older smart TVs, I would seriously hope they couldn't disable functionality such as DLNA or web access - if they did, they'd risk a lawsuit. Anyhow, if it's out of date for new online services in a few years, big deal, I'm still free to buy whatever box I like.

      And really, this is like saying "Freeview is dumb, you're better off buying a separate Freeview box" - well, that's still Freeview. And whether it's better to get it built in, or in a separate box, depends on the circumstances. For existing TVs, a separate box is better, but it would be mad to go out of your way to avoid Freeview in a new TV, in the belief you'd save money with a separate box. Indeed, I never use Freeview, but my TV still does it - I don't think it would be realistic to get one that didn't, unless it was a low end one. How many people in the UK do you know with recent TVs that don't do Freeview, whether or not they use it?

      (And before you say Freeview is a standard - I suspect it won't be long before broadcast TV is entirely replaced by Internet playing.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Smart TVs are dumb full stop

        "(And before you say Freeview is a standard - I suspect it won't be long before broadcast TV is entirely replaced by Internet playing.)"

        OFCOM agree. So you might want to reconsider your opinion, since they've never been right about anything.

        The death of broadcast TV is over-hyped. On demand viewing may be a growing part of the future, but that doesn't mean that scheduled playing of new or repeat content disappears. At the moment VOD is such a minority interest that it has no marginal cost. But the cost of universal VOD hugely greater than mass broadcast if everybody does it (bandwidth & contention). And scheduled broadcast is a good way of launching and arranging new content. If you're into CSI or similar, would you look forward to all of the next series being block released like a boxed set - fill your boots over the next weekend, then wait years for the next series? Then there's the advertisers. You can force a bit of "locked" advertising into VOD, but not much. How will you cope with a world where you've got to pay extra to make the margins that are demanded?

  11. John Smith 19 Gold badge
    WTF?

    So putting an internet connected PC inside a TV set is not a very good idea.

    Who knew?

    Here's a hint TV & STB mfgs (if there are any left)

    I want to channel surf. That means switching digital channels as fast as I could switch analogue channels (about 1-2 secs, not 5+) 1 picture of a 2nd channel is good. 4 would be better. I have short span of attention.

    STB's are basically Linux PCs with 1 drive (or maybe a 2nd slot for the high end models) in them. They have virtually no UI to speak of. WTF is inside them that takes 20secs to boot? Updating the printer database?

    Sponsored apps, installable apps, instant social media. My internet connection failed 4 times int he last hour. Who needs your s**t? Why don't you ask your customers (the end users) how much they use this cruft and wheather they'd pay the same for a TV without it but that started in secs and switched channels as fast as they could punch the button.

    1. kevjs
      FAIL

      Re: So putting an internet connected PC inside a TV set is not a very good idea.

      I always find it odd that dedicated hardware is now so rubbish and PCs running open source software perform so much better (it was the reverse ten years ago).

      My TV takes forever to change channel (wtf does it take 3 seconds to change DVB channel (4 seconds for analogue, and a further 2 before NICAM kicked in) and 7 seconds to switch from SCART to HDMI?) but my media centre is instant (same multiplex) and near instant (cross multiplex). Little slower when the channel is cross multiplex on DSAT (about a 1.5 seconds at worse when switching cross multiplex and cross satellite (e.g. RTL to Chart Show Dance) but still pretty quick (and sound comes in even faster).

      My PVR takes about 15 minutes from booting (from standby) to being usable (two minutes for the picture to come out then it's really unresponsive while it loads the EPG from disk) - My media centre on the other hand takes less than 2 minutes to boot up (from cold) and the TV is usable within a further 30 seconds. when left on, but no video running, it still draws less power than my PVR does in standby so I just leave it on (i.e. it's instant) and it's a darn sight more flexible (Freeview, Freesat, and the German channels (i.e. RTL for the F1) all in one EPG :) ).

    2. Joseph Lord
      Boffin

      Re: So putting an internet connected PC inside a TV set is not a very good idea.

      Ex TV product planner (and engineer before that) here.

      Channel surfing speed isn't just up to the manufacturer but mostly the broadcaster. The GOP length of the encoding has a major impact as does the the repeating frequency of various tables (when changing MUXes). Having said that my Sony TV changes between HD channels (on the same mux) in under 5 seconds and to SD channels in about 2 seconds in some cases. At least at Sony great efforts were gone to to optimise this (and startup time) but there are real limits on what is possible (without massive cost significant additional power usage to include and run multiple tuners and video decoders a predicting most likely channel changes to allocate to these decoders). Likewise showing multiple channels also requires more hardware to receive and decode the other multiplexes and would be quite a significant additional cost.

      The STBs are basically Linux PCs and may be running with only a 400Mhz processor.

      The TV manufacturers are all (hard to tell about Samsung as their accounts aren't clearly broken down) making loses. They hope to build content platforms big enough to be attractive and profitable to actually subsidise the hardware loses so I don't think that they add any cost.

      1. John Smith 19 Gold badge
        Happy

        @Joseph Lord

        Most instructive.

        I can understand the limits to some extent. I asked about this on the article about H264 and how frequently the frames that re-synchronize the picture are sent, as that seemed to be the limiting factor.

        I think what especially annoys me is that my remote has a button to cycle between 2 channels and it takes as long to switch those channels as any channel I select at random despite the fact I'm probably watching that other channel using the P-in-P function.

        A 400 Mhz processor is no excuse for an STB. Building implementations for embedded systems that boot in <1sec has become something of a sport for Linux devs. Quite a lot of it seems to be as simple as hard coding some parameters onto the Linux kernel startup line. Things that will never change throughout the life of the product (who overclocks the processor on their STB motherboard?).

        How much decoding of DVB is done by STBs in software ? My guess is not much. Their job is a)read the remote control/front panel buttons

        b)If one is pressed look up what to do

        c)Stuff the relevant registers on the decoder hardware with the parameters to get it done or

        d) Generate a file name and route datastream to it to record a programme.

        My instinct is the heaviest lifting gets done when the "menu" option is selected and it has to run a UI,a nd even that's mostly reading the keys on the remote. BTW I was wrong. My STB take 30 secs from standby to watching a programme, not 20. And it still feels stupidly long for that its doing.

        1. Joseph Lord

          Re: @Joseph Lord

          I wasn't aware of any digital TVs with P-in-P function. They should have the hardware to quickly swap those screens but perhaps they didn't optimise that path and just use a general change channel method.

          MPEG GOP length is one fundamental limit but in the typical case you first need to actually tune to the frequency, start demodulating, access the PAT (been a while I might have the wrong table) that will inform you the PID for the audio and video of the channel you need, listen to those PIDs and pass the data to the video decoder. And I've probably missed several steps as I haven't had my head in the DVB standards for at least 4 years.

          Regarding boot time maybe it is possible to do better. I know at Sony significant effort was put in to getting picture up immediately and other functions as quickly as possible. There are a number of applications to get going as quickly as possible including EPG data gathering, network connectivity sequence (DHCP etc.), starting subtitle processing, starting MHEG (or HbbTV or MHP), checking the signalling to identify channel list changes and possibly jumping to the HD version of the current service if signalled.. At some point, possibly later there will be checks for software updates (both from broadcast and Internet), if the tuner is not in use there may a channel scan in the background.

          All the video and audio decoding will be in hardware but processing all the DVB tables, setting tuning parameters, controlling the demux is all done in software so the CPU isn't completely idle.

          My Sony TV goes from a full off to TV picture in about 6 seconds, channel change is available a few seconds later and input selection shortly after that although access to the full menu isn't really possible until about 30 seconds after switch off and the menu is fully populated (including network services) by a little after 40s. This is on a pre-2011 version of Linux when I'm not certain that it was as optimised for fast booting.

          I'm not saying that it can't be done any better but that it is at least considered and there is rather more going on than you might a first think processing DVB video.

          1. John Smith 19 Gold badge

            Re: @Joseph Lord

            "I wasn't aware of any digital TVs with P-in-P function. They should have the hardware to quickly swap those screens but perhaps they didn't optimise that path and just use a general change channel method."

            That's my guess. Which makes it an even more stupid way to work as it's an obvious improvement (swapping the outputs from the decoders to the output, rather than forcing a channel switch).

            "MPEG GOP length is one fundamental limit but in the typical case you first need to actually tune to the frequency, start demodulating, access the PAT (been a while I might have the wrong table) that will inform you the PID for the audio and video of the channel you need, listen to those PIDs and pass the data to the video decoder. And I've probably missed several steps as I haven't had my head in the DVB standards for at least 4 years."

            I'm seeing a figure of about 16 frames between I-frames which suggests less than 1/2 second should be possible. I'm thinking the problem is (insofar as it resembles anything) starting up a GPS receiver. Lots of processing to get a start, then you download data tables to get the rest of the constellation. But there are various strategies you can take to speed things up, from caching old data to parallel processing to extract all codes for all satellites simultaneously (developed by Inmos to do this on a Transputer).

            "My Sony TV goes from a full off to TV picture in about 6 seconds, channel change is available a few seconds later and input selection shortly after that although access to the full menu isn't really possible until about 30 seconds after switch off and the menu is fully populated (including network services) by a little after 40s. This is on a pre-2011 version of Linux when I'm not certain that it was as optimised for fast booting."

            That's pretty impressive. I'm actually running an old Toshiba flat screen with a Sagem STB. 4-5 secs a channel switch and 30secs to warm boot from standby. Looking over the Sony embedded Linux work IIRC one of their still frame cameras had a 1 sec boot time by (essentially) cold booting at the factory and taking a snapshot of it into flash.

          2. Vic

            Re: @Joseph Lord

            All the video and audio decoding will be in hardware but processing all the DVB tables, setting tuning parameters, controlling the demux is all done in software

            *Partly* done in software.

            Typically, the demux will all happen in hardware, with various fragments pushed out to the CPU to deal with in software - so, for example, PCR recovery is a software task. but none of that really taxes the processor.

            There are inherent ptoblems with rapid-retuning of digital TV; primarily, the various SI and PSI tables are only transmitted periodically, so you need to wait for that to come around. It should be possible to retune within a TS fairly rapidly - but that doesn't get you very far, as that typically will only give you a handful of channels at most (and often only one).

            As soon as you start trying to cache all the info across all streams in the mutiplex, your workload goes up significantly, and almost certainly needs new hardware. And you've still only got a handful of transport streams in a single multiplex.

            As soon as you start wanting to fast-tune between multiplexes, you're SOL. You need a physically separate tuner for each one. That simply doesn't scale...

            And all of the above is before you get near the tendency of dev teams to write application code in nice easy, abstracted high-level languages without worrying about the run-time impact of their decisions...

            Vic.

      2. Anonymous Coward
        Devil

        Re: So putting an internet connected PC inside a TV set is not a very good idea.

        "The TV manufacturers are all ... making loses. They hope to build content platforms big enough to be attractive and profitable to actually subsidise the hardware loses so I don't think that they add any cost."

        And they haven't noticed the failure of other crappy "me too!" content stores? Most mobile networks have their own cruft and tumbleweed infested "platforms", which undoubtedly cost more to run that they raise in revenue. The same goes for most mobile handset makers.

        The only people with any credible platform are software houses that own the relevant OS - Android/Google Play, Apple/iTunes, Nokia/OVI (before Elop); Microsoft might yet get there. The TV makers need to recognise that they are pure hardware houses - to create a revenue earning platform they'd need to become a software house, with considerably greater penetration than any one TV maker's market share, or a proposition so compelling that they can command and maintain premium prices.

        The best the TV makers can hope for is to build margins through product excellence, make the best of mobile devices as fancy and effective remote controls, and offer far better content integration with home PCs, mobiles and cloud services. They could do that now, but I've yet to see any cross-device integration with TV's that my parents could and would use. I want to use my Nexus 7 to be an instantaneous, advanced remote for my Samsung telly. I want to be able to fling tablet content onto the TV screen quickly and easily. I want to be able to quickly access my photo collection on Drive (or Dropbox, or Skydrive, or whatever). And so on.

        Basically, I want my TV to be a fully functioning HTPC that plays easily with all my other devices, not some crappy maker-specific "platform" that is primarily a third rate app store. Why can't the TV makers work this out, and make it happen?

        1. Joseph Lord

          Re: So putting an internet connected PC inside a TV set is not a very good idea.

          Fair enough but I think you underestimate Samsung's scale. They have the possibility of a viable platform. Sony may do too if they Playstations can support the same platform but I wouldn't bet on it.

          I don't like what I have seen so far of the Samsung Smart TV system (although I haven't had a close look recently so it may be improved) which had far too much emphasis on interaction and games rather than just being access to content. I would ideally remove all interface from the TV screen to a tablet device and leave the screen to the content, many of the manufacturers offer apps but I don't think any of them have yet reached the ideal yet.

          All the Sony Internet TVs (and probably most of the others too) support DLNA which should enable mobile devices to send content to them but while it is getting slicker it isn't yet slick enough yet in most case. I use my TV to play content recorded on my MythTV box which works well as the video decoding is better than on the PC.

  12. joylessdave
    WTF?

    main issue with smart TVs

    main problem with smart tvs is are they going to get longterm software support unlike smart phones which get changed every 12-24 months under contract people tend to keep their tv's for >5years

    if the manufactures keep bringing out new models are they really going to keep supporting a model from 5 years ago.

    if you want a smarttv buy a dumb tv and connect a pc or one of those android hdmi thumb devices probably be cheaper in the long run

    1. BigAndos

      Re: main issue with smart TVs

      I bought a Samsung "smart" blu-ray player last year and they have already deprecated the Netflix app, one of the main reasons I chose that model. Samsung blame Netflix, Netflix blame Samsung. Back to plugging in my laptop it is then!

    2. Anonymous Coward
      Anonymous Coward

      Re: main issue with smart TVs

      "if you want a smarttv buy a dumb tv and connect a pc or one of those android hdmi thumb devices probably be cheaper in the long run"

      This has always been my view. A TV should be no more than a display device with appropriate inputs and basic channel selection. All other tasks should be left to a separate device that uses the TV as the output. This way the TV gets a full life and the input device can be replaced/upgraded as is needed.

      At the very least, the a smart TV should have a slot-in "Smart Unit" that can then be replaced in a few years with another slot-in unit with updated functionality for a tiny fraction of the cost of the display itself.

      1. Vic

        Re: main issue with smart TVs

        > At the very least, the a smart TV should have a slot-in "Smart Unit"

        All it actually needs is a USB slave port that implements a HID model. You can then plug in any PC-type kit you like, and it sees the telly (with remote control etc.) as a keyboard. Not massively integrated, but good enough for rock and roll...

        Vic.

  13. Arachnoid
    Stop

    Wait till smart TVs get camera and audio

    Connectivity then it will be a snoopers paradise to see into a major amount of homes either to see whats going on or on the reverse of the coin to ensure no one is home whilst you enter clandestinely [or not] and pilfer goods.

  14. Cliff

    Security isn't a 'feature'

    A 'feature' is what appears on the 4 bullet points on the shelf edge price ticket in Dixons. 4k, dodecatronic sound, 3d/4d/5d etc - all 'features', pointless gimmicks to draw punters as opposed to something everyone rather assumes is on by default in the current age.

  15. Andrew Jones 2

    *sigh*

    And the day approaches where yet another device that should never need a virus scanner installed..... needs a virus scanner installed.....

  16. This Side Up
    Coat

    Rouge content

    I like the idea of "streaming rouge content" (see linked article). I'd be more concerned about bleu content!

  17. Anonymous Coward
    Anonymous Coward

    Where's Eadong? surely this is another article he could twist and blame Microsoft for?

    Open source isn't necessarily more secure, it requires good skills and knowledge to design a secure system so as not to fall fowl of common security flaws.

    Greater freedom comes with greater responsibility.

  18. Anonymous Coward
    Anonymous Coward

    Samsung SmartTV

    I bought a Samsung TV with SmartTV. Not because I wanted SmartTV but because the TV had the best picture for the money (imo) I had to spend (after changing the picture settings from their super saturated, super bright telly-tubbies version of reality).

    The computer inside takes about 20 secs to boot first time after TV switch on - and then instantaneous. I only use it for the LoveFilm Instant app (max 720p) - and I will cancel that subscription soon unless they get some more titles. The iPlayer app has a volume control which is either too loud or too quiet - so no use. I haven't found any use for all the other apps. For everything else I watch (regular TV, catch-up TV, etc.) I use Sky+HD.

    Is Samsung SmartTV worth it? If I could get the same or better TV picture without SmartTV for less money, I would.

  19. taxman

    Smart TV?

    I'm still waiting to be convinced of the need to have a TV of any type.

    1. This post has been deleted by its author

  20. Mark Allread
    Happy

    Call me paranoid but..

    A friend of mine and his wife have a Samsung TV in their bedroom. I did point out that it's connected to the internet and it has a camera on it pointing at the bed. He didn't seem to concerned that he might be releasing his own sex tape soon. Perhaps he just doesn't get lucky very often...

    1. Darryl

      Re: Call me paranoid but..

      Well, he IS married, so probably not very often at all

  21. Anonymous Coward
    Anonymous Coward

    I think this guy missed the point: "He suggests that TV manufacturers do more work to make the browsers secure and configurable by users."

    - A TV should require no configuration except maybe the user pressing an 'auto setup' button when they first turn it on. People do not want a configurable PC sat in the corner of the room - they want a TV. A TV gives you what you want with 2 or 3 clicks of a button after turning it on.

    I think Apple need to lead the way here - as I see no evidence that the other vendors understand this.

    1. Mark .

      But they do understand it - they do work without needing to be configured. This guy thinks they should be configurable. You, I, and the existing manufacturers, don't.

      And ah yes, it's the "Apple are better" with a product that *doesn't even exist*. And the new AmigaBoxTV would be better still. (Well actually it does - Apple TV. Remember that? Exactly.)

  22. Gordon861

    We Don't Need Smart TVs

    Instead what we need are Smart boxes that connect to the HDMI socket with a pass through so you don't waste the slot.

    If you can get the Smart boxes down to a reasonable price there is no reason people won't replace them each year as a newer (hopefully better) version is released.

    TV companies should concentrate on producing very good screens that will accept various external inputs and leave the Smart stuff to the people that understand it.

  23. Grimthorpe
    WTF?

    Overblown

    If you are in a position to poison DNS lookups or even insert the relevant data into the AIT tables in the DVB (broadcast!) stream then these 'security holes' are the least of your worries.

    I agree being able to work out when someone changes the channel and what to is a privacy hole, but all the other holes listed apply to any other web browser on any other device.

    The only issue I see here is the broadcasters not using https:// in their embedded URLs, which is not the fault of the TV.

    Oh, and XmlHttpRequest objects are limited to original source only requests, so good luck with that attack.

    1. Anonymous Coward
      Anonymous Coward

      Re: Overblown

      Exactly right. The title is, to say the least, disingenuous.

      It's not the TVs that are full of security holes. It's the entire HbbTV ecosystem, most of which is just regular web technology anyway. You can hardly blame TV manufacturers if broadcasters are operating servers without the latest software, or if MAC addresses aren't encrypted on wireless networks.

      The only TV-specific hack involved creating a spoof multiplex containing a DSM-CC carousel with malicious URLs in it. You'd need a modulator and a transmitter plus some way of persuading the TV to tune to the fake broadcast. Definitely do-able, but unlikely to topple existing hacks techniques as a popular way of making money.

      I call FUD, personally.

  24. The Jase

    Bitcoin

    "Bitcoin mining "

    You mean Bitcoin processing.

  25. Robert Carnegie Silver badge

    So that's how they did it!

    "We control the horizontal and the vertical", etc...

    ......anybody? hello?

  26. This post has been deleted by its author

  27. Will Godfrey Silver badge
    Meh

    Smart people can use dumb TVs

    That's all.

  28. Dan Paul
    Devil

    There are some good reasons to have "Smart" media devices

    I have a Samsung "Smart" TV and Bluray player and I like the smart features and can understand why people want them. Both are wired ethernet versus built in WiFi.

    The primary attraction for me is the fact that asswipes like George Lucas infected their media with DRM that no other bluray player had installed when the whole Star Wars catalog came out in one package on Bluray.

    Samsung had the DRM update out in a couple of weeks after release of the movies saving me having a coronary over having already opened the box to play disc one.

    The Bluray has had many updates, yes, mostly for the "apps" but several have fixed other issues like sound and DRM updates.

    The TV has had few updates, again mostly for the apps and little effect on DRM or other technical issues.

    If somone did not have a home theater PC, many of the apps would be of some benefit.

    Pandora, Hulu, Netflx, etc , etc are all nice services to have if you don't have a PC to operate them through.

    If there was a way to get the same TV for 25% less without all the "Smart" app stuff I would have done so but that's the feature set that ALL TV manufacturers are offering today.

  29. zb42

    amusing smart TV hack

    Travis Goodspeed described an amusing smart TV hack in one of talks (it's on youtube).

    The TV can load firmware updates from a USB stick. It only accepts updates signed by the manufacturer. It reads the file once to check the signature then again to load it into the TV. A little microcontroller board emulating a USB stick that sends different data the second time makes it possible to load alternative firmware.

    Personally I feel no desire to buy a TV anytime soon.

  30. Anonymous Coward
    Anonymous Coward

    "It's been known for some time that “smart TVs” are dumb about security"...

    ....How about Dumb about Everything...? Sorry to be flippant. But they are so overpriced and over-hyped. Its far cheaper to buy a large-screen Plasma, and then just connect a cheap netbook or raspberry Pi or Chinese device via . My pal bought one recently and it has Skype, but we can't chat because it needs a custom microphone and webcam-- that's not right! Plus I feel there may be privacy issues here too. How often do these things phone home?

  31. mark l 2 Silver badge

    Best option it to just take a normal dumb TV and plug in one of those £40 Android dongles, the downside is you need 2 remotes so It would be nice if the Android dongle could be connected into the TV so you can use your TV remote to control it.

    Then when a newer better dongle comes out you can just upgrade a £40 part rather than have to change a £300 TV

  32. Herby

    Isn't this by design?

    TV's you know rot on the vine, and need to be replaced every few years. Isn't that why we had the big push to digital TV a few years ago. Fast forward a few years, and we have to get something obsolete to generate more sales of newer, better things.

    Me? I still have 5 CRT based TVs at home, and they work just fine. Thank you very much.

    P.S. CRT TVs still have the BEST contract ratio of any display technology!

    1. Vic

      Re: Isn't this by design?

      > CRT TVs still have the BEST contract ratio of any display technology!

      My main TV is a CRT. I got an LCD to replace it a few weeks back.

      I put the pair of them side-by-side. The difference was stunning.

      The LCD is now powered off. I'm mighty glad I didn't pay for it...

      Vic.

  33. Anonymous Coward
    Anonymous Coward

    Time required for maintaining new devices....?

    Do we really need more devices that have to be maintained? There's already a dozen devices in our home... I'd rather share a laptop via HDMI & wireless keyboard that's already set-up to match my families preferences. Must I deal with another appliance that must be configured, requires frequent patching and constant updates and security blocks to stop it phoning home? That's a 2nd job! I'd much rather the money went to screen size. i.e. 80-100" TV for gaming once the cost doesn't equal a family car!

This topic is closed for new posts.

Other stories you might like