A Study on Security in Internet Enabled TV
During the course of its research, the security firmware of the TV's Internet interface failed to confirm script integrity before scripts were run. The attacker could intercept transmissions from the television to the network using common DNS, DHCP server, and TCP session hijacking techniques. The code could then be injected into the normal DataStream, allowing attackers to obtain total control over the device's Internet functionality. This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission. More importantly, however, this same mechanism could be used to extract sensitive credentials from the TV's memory, or prompt the user to fill out fake online forms to capture credit card information.