becomes cheaper, the feature sets of Smart TVs will be available to the masses in the coming
years. It is likely that the next incident contributing to global triumph or heartbreak will be
viewed by millions of individuals on their Smart TVs.
Given that they plug into our WiFi networks, on which many of our other important com-
puting and IoT devices reside, it becomes important that we evaluate the secure design of the
Smart TV devices that are in the market currently. In this chapter, we will take a look at actual
research in the area of attack vectors against Smart TVs to understand how we can improve
them and securely enable an IoT future that is likely to continue to include these devices in
one way or another.
The TOCTTOU Attack
Many of the popular Smart TVs, particularly from Samsung, run the Linux operating system.
They are essentially similar in design to desktop or laptop computers, the only difference
being that their user interface design is tailored toward displaying video content from various
sources. Using a powerful operating system like Linux also gives Smart TVs the ability to run
various applications such as Skype and a web browser. We will discover details of the underly-
ing architecture as we analyze some well-publicized attacks against Smart TVs in this chapter.
Let’s start with a basic attack vector called Time-of-Check-to-Time-of-Use (TOCTTOU), publi-
cized by researchers Collin Mulliner and Benjamin Michéle.
The TOCTTOU attack targets one of the most basic security capabilities in consumer elec-
tronics: the ability for the device to ensure that a software update is legitimate and created by
the manufacturer or a trusted third party. This enables the manufacturer to protect its intellec-
tual property and secures the device against malware that can violate the integrity of the soft-
ware or compromise the privacy of the consumer. A good example is the jailbreak community
surrounding Apple’s iOS operating system, which powers the iPhone and the iPad. Apple con-
tinuously builds new security mechanisms to prevent others from being able to modify the
core functionality of its devices, to preserve ownership of the experience of the products and to
prevent malicious applications from infecting the devices. The jailbreak community, on the
other hand, strives to find loopholes in Apple’s security mechanisms so it can modify the
functionality of the devices to install customized tweaks and software not authorized by Apple.
In the case of Smart TVs, manufacturers want to protect their devices from running unau-
thorized code to protect their intellectual property, to avoid warranty issues caused by users
uploading buggy code, and to protect digital content such as online rental movies from being
recorded. Smart TV users, on the other hand, may want to break the security mechanisms
enforced by manufacturers so they can enable additional tweaks, fix software issues on devices
that are no longer supported by the manufacturer, and perhaps engage in theft by perma-
nently recording rental-based media content.
THE TOCTTOU ATTACK 123