Countermeasure 1: How long can these filenames be before they crash the LG servers? Can I embed a buffer-overflow attack in a filename on my USB drive?
Countermeasure 2: Place copyrighted material, e.g., song lyrics, in the filenames themselves, thus causing LG to commit copyright violations.
Countermeasure 3: Proxy the TV’s connection to the Internet. Replace their advertising images with actual midget porn. Photograph the TV with midget porn “advertising.” Profit?
And double-check that it isn’t an HDMI cable with ethernet, and a computer that ‘helpfully’ uPnPs the TV to the internet, yes?
And, with with basic GSM phones retailing for $12, no contract/bundle, quantity one, better sweep for unexpected GPRS chatter as well. (Only some data would be worth the transmission cost, in that case, since they can’t just piggyback on your internet; but if Amazon could do ‘whispernet’ a compressed summary of your viewing habits every X days could probably be done pretty cheaply).
Contemporary MEMs mics are god’s gift to paranoia. High sensitivity, omnidirectional, all ADC handled in-package for a nice low-pin-count digital output, 4x3 mm square, 1mm thick. Doesn’t use much power either, so good for battery powered applications. The ones that hand off analog functions can be even smaller (Mr. 2F17 045, in red, is the mic in those ubiquitous Apple earbuds-for-chattering-with, it even functions inside a fully enclosed plastic housing, no mic hole/grate/etc. Vendor/datasheet unknown, at least to me.)
@isomorphic Given the general shittiness of ‘SmartTV’ firmware, LG probably implicitly trusts all packets with the correct UA (or some other trivially spoofable ID) and validates them incompetently or not at all.
It’d be eleventy-billion felonies and all that; but I’d love to see a particularly displeased black-hat have a look. (On the minus side, the TVs probably implicitly trust all files called ‘LG_frm.img’, write them to boot flash, and restart, so it’d be the clueless users who are likely to get hit piecemeal…)
“No, your honor, I had no idea that naming my kid’s birthday party movie that way somehow resembled the ‘EICAR test pattern’ (as you call it) and that it would result in total chaos on LG’s LAN.”
“What’s your kid’s name?”
“Little Bobby Tables.”
Aside: My old, old Samsung TV can be upgraded with a simple USB stick with the right firmware files on it, and the resulting setup can actually damage your TV if it’s not configured properly.
Ah, that takes me back to the good old days when your X config (and this was xfree86, none of that Xorg, sonny) could drive your CRT out of spec to its eventual death. LCDs these day…
Countermeasure 5: set up a script to replicate the info sent to LG with random show and file names, run it on a few thousand computers, and flood their servers.
Interesting. Disturbing. This makes me want to dig a bunker and entertain myself with crochet and paper books, but that’s probably going to look suspicious to some government agency or another.
Old is relative. It’s “old” for an LCD TV, but not old for a TV. (It’s a 46" LCD that I paid more than $3K for, which is absurd given present prices.) The epithet was intended to convey that it isn’t “smart” in any way, shape, or form–although it can still be owned, badly, with a USB stick.
And you’d all probably freak about the (very large) softdrink manufacturer who was trying to have a self-serve soda fountain produced which had a built-in camera and facial recognition system in it.
I tried to imagine getting spied on in a KFC or 7-11…and what marketing idiot came up with this one.
