The global and independent platform for the SAP community.

Money makes the world go round...

Do you know this too? Your predictions come true and you still can't be happy? In this specific case, it's about smart TVs.
Raimund Genes, Trend Micro
June 30, 2016
Security
avatar
This text has been automatically translated from German to English.

A few years ago, when smart TVs were slowly starting to catch on, I explored the potential for abuse - it's definitely there.

On the one hand, there was the technical feasibility: the use of known technologies - in which there had already been gaps in the past and further gaps could be statistically expected - made attacks likely.

On the opposite side, however, the economic sense: It simply made smart TVs uninteresting as a target of attack: Factors such as the still low penetration, the fragmented platform landscape, and a lack of a business model played the decisive role here.

At the time, we were still joking among colleagues about a possible business model: displaying a blocking message ("Dear viewer, against payment of an amount XY you can continue to watch the game") during the final match of the European Football Championship, for example...

Fun turned serious

Unfortunately, this joke has been caught up with reality. There is now malware for Android-based smart TVs, for normal computers it would be called an extortion Trojan.

It locks the TV and displays an alleged message from the "US Cyber Police". In the message, the viewer is accused of a crime that he has not committed, of course - and from which he can buy his way out by paying iTunes gift cards worth around 200 US dollars.

Exactly the same modus operandi infested PC users not so long ago in the form of the so-called "BKA Trojan".

So why now "all of a sudden after all" smart TVs?

While there were many different platforms in the early days of smart TVs, Android has now become widely accepted. This means that from the cybercriminals' point of view, the ratio of development effort to the number of possible victims is "better".

In addition, they have perfected the development of malware for mobile devices - and thus the learning curve for smart TVs is comparatively low.

And because smart TVs have now sold en masse, the number of potential victims has naturally also increased.

This case illustrates an important lesson with cybercriminals: Not everything that is technically feasible will be done. Just because a system is vulnerable does not necessarily mean that legions of cybercriminals will pounce on it.

From a marketing perspective, the mere existence of a risk is of course reason enough to enter this breach. The decisive aspect is the probability of occurrence! In the case of "normal" attacks, it depends on the possible profit.

We have seen this development many times in the past: Spam, phishing, Trojans, security breaches, personal data. It was only when there was money to be made from it that - to put it casually - things took off.

It was therefore clear from the very beginning of smart TVs that attacks would come as soon as a business model developed or became profitable.

Does this mean that risks whose business model is not yet viable can be ignored?

From the point of view of risk assessment: No! However, the probability of occurrence must be adjusted. So you have to keep an eye on the risk, but you must not make any panic snapshots.

We just need to be aware that sooner or later many endangered technologies will be abused on a large scale. This is also accompanied by the question of "cleanup" that is floating around in many people's heads.

And this is where it gets absolutely unpleasant at the latest. With the smart TV, you might just not be able to watch TV anymore. But while a PC, a mobile device or even a TV might still be able to be restored to a clean state with a reasonable amount of effort, it is becoming increasingly difficult with more and more embedded devices.

On the one hand, these often have neither an interface with which you can still do something, nor is there physical access to them. Just imagine a small generic device that reads sensors and operates actuators - without an interface and deeply integrated into many products.

From the cybercriminals' point of view, this is perhaps paradise. Technically, perhaps only with great effort to compromise - but if successful, priceless!

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.