"The spy in your living room " Your TV

[Frederick]

Now this is scary ! Hackers can get into your smart TV,s  skpye camera and microphone .

http://arstechnica.com/security/2012/12/how-an-internet-connected-samsung-tv-can-spill-your-deepest-secrets/

[Quillan]

What a load of old rollocks. The giveaway to what he was doing is at the end of the article when he mentions routers. Every home user uses a router to attach to the Internet and they all use DMZ'z and translation tables which is why they all have IP addresses of 192.168 which can't be hacked because they don't exist unless you are also connected to the 'user' side of the router. Doesn't matter anyway as the bug will be fixed in Jan.

[Jako]

Not entirely true. Using UPnP the 'smart' device might conveniently open a port on the router and invite an external party. The same applies to 'smart' scanners , printers, nas storage devices, security cam's etc. There is a whole world of devices on the internet publicly soliciting for a connection.

[Quillan]

[quote user="Jako"]Not entirely true. Using UPnP the 'smart' device might conveniently open a port on the router and invite an external party. The same applies to 'smart' scanners , printers, nas storage devices, security cam's etc. There is a whole world of devices on the internet publicly soliciting for a connection.
[/quote]

Give an example please, something I can connect to?

[Rabbie]

Paranoia is a disease not a hobby. Why would anybody want to spy on the likes of us. I don't flatter myself I do anything that people would want to spy on. Just another boring respectable oldish person.

No power, no influence, no interest to anyone who isn't friend or family so no worries about being spied on

[Quillan]

[quote user="Rabbie"]

Paranoia is a disease not a hobby. Why would anybody want to spy on the likes of us. I don't flatter myself I do anything that people would want to spy on. Just another boring respectable oldish person.

No power, no influence, no interest to anyone who isn't friend or family so no worries about being spied on

[/quote]

Exactly, and the effort (and expense) that would be involved to even try and hack in to your TV to do what, "make the TV go in to a continuous reset cycle loop", what a load of old rollocks.

All these people who as you say are to the point of paranoia about their computer security are made that way by the companies that want to sell them products either directly or indirectly. Routers have a hardware Firewall they also have a DMZ so actually there is no need for any Firewall on your computer at all if your running at home through a router. As to Spyware around 98% of it is tracking for adverts and popups. The only way you can get a keystroke logger, which is something else again, is if you open a file attached to an email from somebody you don't know or you visit a website should probably shouldn't be visiting in the first place.

[Jako]

Do you know what a DMZ is/does? Placing a device in the DMZ connects it directly to the internet, bypassing the firewall. UPnP bypasses any router setting, that is the purpose of the protocol: to make things easy. It can do that because it is initiated from within your network, but it opens your router for external connections. Handy, but dangerous. More info: http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/

Who would like to spy on you?-thieves would. Nowadays this is a very easy and popular way to get to know your habits and enter your house/business when you are away. It is not even hacking, many devices simply announce their presence on the internet using the default settings the owner never bothered to change. Some devices even provide 'help' when you do not have the password, just click 'help' and the device hands you the password. (iomega)

[Quillan]

[quote user="Jako"]Do you know what a DMZ is/does?

[/quote]

Having been a Certified CISCO Engineer and network designer with both Novell and Microsoft products as well for many years I would like to think that the answer is yes. [;-)]

Putting equipment inside a DMZ is not normally anything a home user would do and in this case the TV would definitely not be inside the DMZ. Such things that would be inside a DMZ would be a DNS server, Web-server and Email server because if you were creating such a system you would have fixed IP address's for the 'external' side of your router to enable your employees to connect and for the Web and email servers to be found. Sure if you are a home user and have a Web-server you might use a dynamic DNS package but a company won't, it will used a fixed IP address.

Having removed that issue from the subject when referring to home users then much of what the article you gave a link to is correct although I would like to draw your attention to the fact that is say things like "may", "possibly" and "might" as opposed to definite.

I have a media server and if anyone tried to connect to it I get a message asking me if it is OK and to give them permission. I also have Windows Media Centre on my computer and whilst there is nothing in it I know when somebody finds it because I get the same question again. What I am saying is that unless I change the default settings, something a home user is not likely to do, people can't have access unless I know and allow them.

As I said and your article confirms you can only get 'caught out' if you download a Trojan or visit a website that contains code (like the flash program) and run it. To breach the DMZ with UPnP it has to be done from inside the home network normally. The most important thing, which most people know but never actually do, is to change your default router password. It should be the first thing that you do when you first install it. I have always told manufactures in the past that some of this is their fault especially if the router comes with a setup program. It would be s simple to add a few lines of code to force you to change the password when you install the router yet for some reason they never do. A classic is Orange in France, if you use their install program (which people recommend you don't do) it will not ask you to change the router password (well it didn't a few years ago).

So in sort people will not just hack in to your home network, it is too much effort for possibly little reward. What they do is use Trojans and a good quality AV software will pick these up most of the time and with Windows a patch is very quickly sent out (which is why you should have Automatic Updates ON) that will block any security black holes. If somebody does get one of these Trojans then 99.9% of the time it is down to them doing something stupid like opening an attachment that came with an unsolicited email or going on some dodgy website.

I can get more technical if you want but I don't see the point and probably people are already yawning half way through this post.

[Jako]

Well, then you might know what you are doing, but most people do not.

(e.g 'breach DMZ' sounds funny because there is nothing to breach, a dmz is by definition fully exposed to the internet)

But even you still do not seem to grasp the true problem: an internal device opens a port and forwards it to the device using UPnP without the users knowledge or consent. The router allows this assuming you know what you are doing because the request is made from inside your network.

With internal device I mean like all HP e-printers currently sold, all iomega NAS, most security cams etc. They all default with this setting out-of-the-box and the customer has to either close it or change the default username and password. But most people simply install the device, are happy that it works, and never check the security settings. This exposes the device to the internet, for everybody to use. In this case the router provides no security at all, unless UPnP is disabled.

It works great, now you can use your HP e-printer/scanner at home from the entire world, but so can everybody else. Just forget to remove your passport after scanning once and someone else will scan it again from the other side of the world and use it for identity theft.

[Quillan]

Firstly HP printers don't use UPnP for remote connectivity via the Internet. E-print uses a special email address, you can only print or have somebody scan at home or office and send the file to you. Nobody can access your HP printer unless you give them the IP address and email address. If you know the part number of a printer that uses E-print you can look up the manual on the HP website and it will explain how it works and how you set it up. To suggest somebody can just connect to your HP all in one printer across the Internet and get a copy of whatever is on the scan bed is ridiculous unless either the owner of the printer has given them the details, a Trojan has been used or the remote device has been stollen. Iomega systems use UPnP for remote access but you have to load a client on the device, there are clients for Windows, Apple and Unix. The device and the NAS have to be paired prior to the device being used remotely. Security Cameras need to be setup and paired before you can access them via the Internet. Sure they use ports but if the device has not been paired and a login and password have not been created on the local device you might see the device if your very lucky but unless you know the login and password you won't be able to access it. Normally the remote device starts a link by a https URL connecting via port 433 and that will get you to the local device and allow you to login but of course you need to know what the https address is to get there. Normally the client software on the remote device stores this information and the login internally so for the user they simply click on a button then enter their password. Looks simple to them but there is a lot going on in the background that they never see.