undefined | Better HN

0 pointspwdisswordfish94y ago0 comments

What do you need security updates for if you don’t connect it to the Internet?

0 comments

3 comments · 1 top-level

tomnipotent4y ago· 2 in thread

Updates include more than just security fixes.

Yes but to nitpick he already mentioned bugfixes and file format support alongside security fixes (which he wouldn't/shouldn't need). :)

yholio4y ago

I disagree. You can have security bugs in non-connected devices, for example crafted file formats or metadata that can carry executable payload, worms that force their way in though some insecure Bluetooth receiver, or even by infecting the myriad data channels embedded in modern broadcasting; access to such a broadcast stream might be very lucrative since it will give you access to tens of thousands to tens of millions of devices.

I agree that the target is low value and that the attacker will most likely not bother infecting Android TVs; he would need to force them to connect to WiFi to exfiltrate any data, a very complex and unlikely attack if your TV is not used to monitor uranium centrifuge data.

j / k navigate · click thread line to collapse