Demo: using malicious media files to compromise the security and privacy of smart TVs

In this demo we show a practical attack against the built-in media player feature of Smart TVs. We created a malicious media file that will compromise the target TV during playback. This gives a remote attacker full, permanent control over the device, including all of its peripherals. The victim, however, cannot detect the attack, as the media file is being played back as expected. Furthermore, we show how to stealthily tap into the built-in camera and microphone. The captured audio and video stream is sent to the attacker over the Internet, enabling real-time surveillance. Again, the victim is unaware of the attack, because the TV???s camera and microphone remain fully functional.