"Purdue Researchers Uncover Vulnerabilities in Smart TVs"

Researchers from Purdue University have discovered vulnerabilities in Smart TVs that can allow attackers to take control of the devices and steal any data stored on them. Google has acknowledged a vulnerability, tracked as CVE-2021-0889, in its Android TV platform and has made modifications to address it. Professor of electrical and computer engineering and computer science at Purdue Saurabh Bagchi and his team have developed technology to understand the security of smart Internet of Things (IoT) devices over the past five years. In addition to finding vulnerabilities, their work defines the security properties of virtual remote devices, allowing for the secure development of future devices, according to co-investigator Aravind Machiry. The research team discovered the flaw in the Wi-Fi remote protocol and demonstrated that an attack involving its exploitation targets the four most popular Over The Top (OTT) digital streaming platforms. To put this theory into practice, the team created and demonstrated the feasibility of Spook, which is a piece of malware packaged in an Android smartphone that can take control of an Android TV device. The team designed and implemented an ARM TrustZone-based defense that ensures a human is initiating the pairing. This defense prevents Spook and any User Interface (UI) injection-based attack on Smart TVs through a secure version of the Wi-Fi remote protocol. This article continues to discuss the discovery of vulnerabilities in Smart TVs and the mitigation developed by researchers at Purdue University. 

Purdue University reports "Purdue Researchers Uncover Vulnerabilities in Smart TVs"