A new hack that requires little more than a $US250 1-watt amplifier could leave your smart TV vulnerable to a man-in-the-middle attack. It’s called the “Red Button” attack, after the red button on your remote that allows you to control the interactive features of your smart TV, and was discovered by two researchers at the Columbia University Network Security Lab.
Forbes has a great explanation about how it works:
Red Button can best be thought of as a classic “man-in-the-middle” attack, or a particularly insidious descendant of the signal injections of the early days of cable TV.
[…] What also makes Red Button insidious is that the malware would run automatically when a viewer tunes into a compromised channel and runs completely in the background without the knowledge or consent of the TV set owner. And the attack is untraceable, because the hacker never presents himself on the Internet with a source IP address or DNS server. The only way for law enforcement to find a rogue broadcast is to send out multiple vehicle-mounted antennas to triangulate the signal. A hacker could be long gone before those trucks ever hit the streets.
Between this and the fact that that most smart TVs are kings of the clunky interface, we’ve never wanted a dumb TV more. [Forbes]