Samsung Smart TVs' Loose Security Open for Exploits

written by: Richard Kastelein

Share this Article

The intersection of the Internet and TV looks like it's not going to get off without some of the problems one associated with the Internet but not with TV.

Luigi Auriemma from Malta-based Revuln has told Ars Technica that he has uncovered a vulnerability in most Samsung Smart TV models that makes it easy for him to locate IP address on the Internet and from there, he can remotely access the device and exercise the same control someone in the same room would have... including gaining root access and installing malicious software. The attack allegedly exploits bugs in features that allow end users to install Skype, Pandora, and other types of apps and TVs can be controlled using smartphone and tablet apps and in some cases by voice commands.

{vimeo width="500" height="400"}55174958{/vimeo} 

From Auriemma's site:

All the NET-i ware services are affected by an endless loop caused by the wrong handling of negative 32bit size fields. The services will no longer respond and so will be completely unusable.

 And more:

All the current Samsung TV and BD systems can be controlled remotely via iPad, Android and other software/devices supporting the protocol used on TCP port 55000. The vulnerabilities require only the Ethernet/wi-fi network connected to be exploited so anyone with access to that network can do it. I have not tested if there are limitations on Internet or in big WANs. The remote controller feature is enabled by default like all the other services (over 40 TCP ports opened on the TV).

From an email he wrote to Ars Technica:

"At this point the attacker has complete control over the device... So we are talking about applying custom firmwares, spying on the victim if camera and microphone are available, stealing any credential and account stored... on the device, using his own certificates when accessing https websites, and tracking any activity of the victim (movies, photos, music, and websites seen) and so on. You become the TV."

It's not the first time Auriemma has hacked the Internet-facing controls of a Samsung TV. In April he disclosed a bug in a Samsung D6000 model belonging to his brother. It allowed him to send it into an endless restart mode that persisted even after unplugging the device and turning it back on. He said at the time he wouldn't be surprised if he could carry out more serious attacks against the device even when he didn't have access to the local network it was connected to.

Auriemma's research raises the possibility that owners of Internet-connected consumer devices may soon be exposed to the same kinds of security threats confronting users of Windows and Mac computers. Air-conditioning units, lighting systems, and TVs that offer networking features typically use bare-bones operating systems that don't include the kinds of exploit defenses Microsoft and Apple have spent years developing.

And from The Register in the UK:

Exploits developed by ReVuln appear to allow it to access remote files and information (including viewing history) as well as the ability to siphon off data on USB drives attached to a compromised TV.

"This specific vulnerability affects almost all the Samsung televisions of the latest generations, so multiple models," Auriemma told El Reg.

"We plan to invest more time and effort on the home devices security in the near future testing the products of many other vendors (we chose Samsung because it's the current market leader in this sector) and moreover finding new types of attacks and ways to use such vulnerabilities. The televisions are just the beginning," he added.

 

 

 

 

Other Sites

Social Media

News

About Us

TV Hackfest London 2013
TV Hackfest San Francisco 2014
M2M Hackfest 2013

Hackfest Twitter
TV App Market Facebook
TV App Market Linkedin
TV App Market Google+

Developer News
Enterprise Apps News

Digital Marketing News
Telecoms News
Cloud Computing News

This email address is being protected from spambots. You need JavaScript enabled to view it.
About us
Advertise
Write for TV App Market