Definitely agree...

by JCitizen - 12/21/12 10:52 PM

In Reply to: Not Now...But Never Say Never by ajtrek

I remember when Dish TV tried to say they never got viruses - but I was seeing "direct" evidence that the were indeed under attack. Most sets were connected by dial up at the time. The thing is, that because one standard operating system is in use by millions of viewers world wide, and connected to the internet; you have to ask yourself why a criminal WOULDN'T take advantage of that opportunity. Information is worth money, and if they just knew what you liked to watch they could sell that to the highest bidder! However, I'd suspect most of them would simply use it as another source for bot net zombies. With the regular bot nets under attack by law enforcement authorities, they will be looking for other sources that are numerous enough to become a likely target.

I had many Dish TV and Direct TV clients that had desktop units that acted just like a zombie farm, and would access the internet constantly, outside the normal data gathering by the satellite company. Many of these units just had to be replaced, because the perplexed support personnel were just not equipped to handle even the remotest chance of an actual Linux virus!! Neither company would admit whether they ever even tried putting a firewall on the dial-up connection! Now that many of these units are designed to work on your local home LAN, I suspect the problem will get even worse!

The kind of target a criminal will look for:

1. Standardized hardware/software/firmware so they only have to write certain code to attack millions of machines - or even billions in today's world market!

2. Would have a method of writing to a hard drive to influence the host OS. No problem with DVR set tops.

3. Perhaps even a method of flashing the firmware that controls the CPU in such devices not unlike many mobile devices.

4. A vulnerable application like Netflix(silverlight) or especially Skype - since many smart TVs use Skype with an on board camera for video VOIP. Crooks are already taking advantage of this for various schemes of surreptitious data gathering of consumer habits to just plain old personal ID theft!

I don't have a doubt that the criminals are already assessing how they can monetize this market, or have plans to do so in the very near future( if they haven't already)