Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Hacktivists Interrupt UAE TV Streams With a Message About Gaza

The root cause may lie in set-top boxes run by a questionable service provider.

3 Min Read
A television set with static on the screen
Source: Yuen Man Cheung via Alamy Stock Photo

On Sunday night in the United Arab Emirates (UAE), hackers took over television streams around the country to broadcast an AI-delivered message about the war in Gaza.

According to the Khaleej Times, the attack affected "European live channels" streaming on the HK1 RBOX, an Android-based set-top box. Emiratis watching the BBC, quiz shows, and more around 10:30 p.m. local time were jolted by sudden graphics and messages decrying the events taking place 1,500 miles northwest.

Though shocking in effect, to Ken Munro, partner at Pen Test Partners, the actual method of attack isn't surprising.

"A poorly secured streaming service provider wouldn’t be hard to compromise," he says, flatly. "Pushing compromised content wouldn't be hard either."

Hackers Interrupt UAE TV

"I was watching BBC News around 10:30 PM when the programme was abruptly disrupted," one UAE resident told Khaleej Times, "and instead, harrowing visuals from Palestine appeared on my screen. I watched transfixed as my screen froze, and a message from the hacker popped up in all caps against a green background."

The message read: "We [have] no choice but to hack to deliver this message to you."

Message from hackers:

Another viewer recalled a "strange whirring noise" that preceded the interruption. And following the initial all-caps message, "I found myself watching a bespectacled AI anchor discussing the atrocities, accompanied by a ticker displaying the number of Palestinians killed and wounded so far."

"The videos were quite graphic," she added, "and I had children around. I didn't want them exposed to it, but we were caught unprepared. Every channel we switched to displayed the same content."

How It May Have Happened

The long line of television hackers in history, from the mysterious Max Headroom figure to Anonymous during the Ukraine invasion, typically have interrupted specific stations by jamming broadcast signals.

If eyewitness reports are to be believed, Sunday's case spanned multiple channels, leading to speculation that the root cause lay in a streaming device: the HK1 RBOX. RBOX provides Internet Protocol television (IPTV) service, which may potentially involve unlicensed streaming of live and on-demand shows via the Internet.

Munro, for his part, isn't jumping to this conclusion. "I don't think this was the source of the problem," he says of the box. "That said, it's possible, based on our knowledge of consumer routers. OS and related security updates for these cheap Android-based streaming devices are pretty infrequent and they often end up out of support after a couple of years.

"There's limited incentive for the company to invest in their services, to ensure that the streaming servers and service are suitably secure."

He adds that even if a box in one's living room were disrupted by hackers, it wouldn't necessarily be a cause for further Internet of Things (IoT)-based concern.

"It wouldn't be easy to pivot from the streaming service on to the set-top box and then on to the consumers home network," Munro says. "Even if this was achieved, it would still take a further compromise of the consumer's ISP router to achieve anything of significance. Even default passwords on most reasonably recent consumer routers are generally suitably random nowadays."

About the Author

Nate Nelson, Contributing Writer

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights