Excuse me for being skeptical, but I read a rather peculiar story about a hacked smart TV this week.
The report (archived here for posterity in case it ever disappears), on the website of Indian news channel Zee News, claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website.
According to the report, porn lover Rajesh Kumar (the news report says his name has been changed to protect his privacy) found a video of himself and his wife on an X-rated website.
How did it get there? Well, according to the article, “cybersecurity experts” discovered that a hacker had hijacked control of the camera in Rajesh’s smart TV and captured footage of him as he “canoodled” with his wife on the sofa.
Then, for reasons best known to the hacker, the recording of the rumpy-pumpy was uploaded to a porn site.
Subsequent investigations revealed that because Rajesh used to visit porn sites, a hacker on one such site could have easily broken into the TV – just like computers are hacked into – and used the in- built camera remotely to capture the live feed. Because the TV was WiFi enabled, the recorded video was also uploaded online – all without the knowledge of Rajesh and his wife.
Hmm… I’m not sure I understand how someone’s frequent visits to a porn site would make it “easy” to break into a TV and capture live footage of a couple having sex (during a commercial break?).
Anyway, let’s start off by looking at what the news article doesn’t tell us:
- We don’t know the real name of the victim. Fair enough, he has a justifiable reason not to want to be embarrassed by this.
- We don’t know the make of the smart TV that was hacked and secretly recorded the couple’s coupling.
- We don’t know the name of the porn site to which the video was uploaded.
- We don’t know the name of the cybersecurity experts, or their company, who determined that the smart TV had been hacked, a furtive video taken, and the footage uploaded to an X-rated site.
- There are no quotes from anyone involved. No comments from the security experts, the victim, or the porn site. It’s surprising that no-one is quoted at all. You have to wonder how the journalist ever heard about the incident…
What we do know is that the article is written by someone called Nirmal Trivedi. As chance would have it, it’s currently the only article they have ever written for Zee News.
Is it possible that the incident described in this news report never actually happened? Is it possible that somebody made up the entire story?
If it was a made-up story, is it the work of a man who is desperately trying to explain to his wife why a private video of them ended up on a porn site and is using a cock-and-bull story about a smart TV hack?
Or is it the product of an imaginative journalist trying to get their first ever story for a news outlet a decent number of clicks?
I don’t know if the story is codswallop or not. But it’s certainly hard to take at face value.
Or… Is this just a warning of what may come.
Once a "Smart anything" is hooked up to your network cannot anyone with the skills view its accessories and possibly gain control of a microphone, camera, printer, etc?
In theory? Yes. But there are also better ways to warn against these types of things. 'warning of what may come' you say?
For instance the baby monitors that have been used to spy on and intimate a baby (maybe it's happened more than once in which case 'babies')?
Or the car(s?) that was shut off going on a motorway?
Or a skateboard(s?) that was compromised (vague not this one)?
Or a firearm(s)?
Or medical devices (definitely plural and some more than once)?
Or…
There are many many instances of these types of things and some of the collection of data is inadvertent but just as disturbing. I seem to recall that that the NSA inadvertently collected child pornography with their mass espionage. And on that note Snapchat has been caught in hot water too – numerous times if I recall – despite the myth that it disappearing after N seconds is going to prevent saving a picture.
You know Graham at the end of your list of questions/comments my immediate thought was 'maybe it's a publicity stunt' or something along those lines. Who can tell? The lack of information is phishy; if there's no information why is there the report in the first place? Certainly there is some sensationalism involved but let's all be honest. If they wanted more sensationalism they wouldn't have to try hard. I can think of numerous ways.
– Even if it hadn't happened they could claim it was on a site and then they had it removed in a timely manner.
– They could (and mind that I did not read the article) have described more about the act.
– They could have made many other types of things up for the sensation.
…and they could have done more than making things up too if they wanted more sensationalism.
If they did not and there's also no information that would allow any – I’m not even sure what to call it so I'll just say 'verification' – what is the point of this? Unless of course it's a way to show the dangers of the IoT but whether or no there are better ways to do it I am sceptical that's what they're doing here.
But on the latter part it still is worth remembering how horrible some of the so-called 'smart' devices are when it comes to privacy/security. The babies being spied on for one great example; the medical devices that allowed remote root logons over telnet without requiring authorisation is another great and scary example. But that doesn't mean that this article is an example.
https://www.dailymotion.com/video/x15sv7z
All those who are really skeptical should chek out this video & several other warning videos posted years ago by smart tv experts from the west.