Someone wrote in [personal profile] mjg59 2017-03-08 01:00 pm (UTC)

RCE through MPEG

For [2], a natural place to start looking for bugs would probably be HbbTv; most modern smart TVs accept an extra MPEG elementary stream with a URL that they go download and display as an overlay through some extra magic (so yes, anything you change channels, your TV tells the channel provider you just did that). This means you can run arbitrary JavaScript code in a probably-not-very-well-hardened browser directly on the TV.

/* Steinar */
(18 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.