Home entertainment has expanded beyond the traditional television. Modern TV sets are very similar to a desktop computer: they have a processor, memory, a hard disk and some sort of an operating system running. They are now constantly connected to the Internet and offer a wide range of online services such as videos, music, online shopping and various web services. All these connections use communication protocols, which need to be tested and proofed in order for them to be secure. In this paper, we will discuss how unknown vulnerabilities are found in Smart TVs and what are their implications. First we map the attack surface of a wide range of TVs, then conduct fuzz testing, and finally discuss the test results.
In this research we used Defensics from Synopsys, which is a powerful set of fuzzing tools based on deep protocol models. The test cases were created automatically and sent to the system under test, or SUT for short. The TVs’ firmware was updated to the latest available version via the manufacturers’ website or the devices’ own update functionality. All available services in the TVs were enabled in order to get the maximum test coverage. The TV was then scanned for open ports and services to find the attack surfaces. Download this whitepaper to learn more about the results of our research.