Innovative Systems Design and Engineering

During the course of its research, the security firmware of the TV's Internet interface failed to confirm script integrity before scripts were run. The attacker could intercept transmissions from the television to the network using common DNS, DHCP server, and TCP session hijacking techniques. The code could then be injected into the normal DataStream, allowing attackers to obtain total control over the device's Internet functionality. This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer's permission. More importantly, however, this same mechanism could be used to extract sensitive credentials from the TV's memory, or prompt the user to fill out fake online forms to capture credit card information.

Additionally, Hackers were able to recover the manufacturer's private third-party developer keys†from the television, because in many cases, these keys were transmitted unencrypted and in the clear. Many third-party searches, music, video and photo-sharing services delivered over the Internet require such keys, and a big TV Manufacturer often purchases high-volume special access privileges to these service provider's networks. A hacker could potentially employ these keys, for example, to access these high-volume services at no charge. This paper describes the new Authentication mechanism for online transaction payment for more secured service and, analyzing network managed challenge to avoid the vulnerabilities.