Will Samsungs Smart Tv Security hole stop you from buying them? - AVS Forum
Forum Jump: 
 
Thread Tools
post #1 of 2 Old 12-13-2012, 08:07 AM - Thread Starter
Member
 
Ebucel's Avatar
 
Join Date: Jun 2007
Posts: 26
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
From Techdirt:
http://www.techdirt.com/articles/20121212/10482321363/smart-tv-exploit-means-hackers-can-watch-you-watch-tv.shtml

Smart TV Exploit Means Hackers Can Watch You Watch TV
from the i-spy-with-my-little-eye dept

Remember all the hubbub (now there's a word I never thought I'd use; thanks a lot, aging process) over Comcast's kind of, maybe plan to spy on subscribers through their cable box as they watch TV, fold their laundry, or engage in coitus? There was quite an outcry at the time, even as Comcast said that the plan was only to have the cameras be able to recognize when different types or numbers of people were watching the tube. People just didn't feel comfortable with corporations being able to spy on them. As a result, Comcast backed away from the plan -- the people had defeated the corporation.

All, apparently, so that hackers could spy on them instead. At least, that's what some reports are saying about Samsung Smart TVs and an exploit that would allow hackers to snatch social media credentials, access any files or devices connected to the smart TV...oh, and to use the built in cameras to spy the hell out of people as they do whatever they do while watching television.

In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ("zero day") hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.

The group that reportedly discovered the vulnerability, ReVuln, proudly stated that they would not publish any information about what they'd uncovered except to paying subscribers because screw everyone else (not an actual quote). They also have a company policy, apparently, that would prevent them from working with Samsung directly on a fix or even to disclose the hole, leading me to reach the logical conclusion that Dr. Evil is apparently running that company.

Even more fun, thanks to how Samsung designed the product, chances are any fix that could be produced would be difficult to implement.

Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can't be patched without "voiding the device's warranty and using other exploits," ReVuln said.

The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.

In other words, customers get to wait around until Samsung can figure this thing out on their own, since ReVuln won't help them out by company policy, or risk voiding their warranty on their smart TV that has a complete lack of security features. Nicely done, everyone involved.
Ebucel is offline  
Sponsored Links
Advertisement
 
post #2 of 2 Old 12-17-2012, 08:23 PM
Member
 
PGHammer21A's Avatar
 
Join Date: Oct 2011
Posts: 20
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Not any more than a similar issue involving WDS caused issues with how I set up PCs - it simply changes how a smart device is used. (I normally dislike using social media - any social media, including IM clients - over a wireless connection secured by anything less than WPA2 - which is the default for any router I install. The issue that Revuln points out did NOT involve a WPA2 wireless-secured connection, but one using the older, and less secure, WPA-PSK - which is the default on a LOT of home networks, and has a frighteningly large number of holes itself. Samsung's smart HDTVs are perfectly capable of using WPA2; Mom has one (UN40EH5003F), and our network *only* accepts WPA2.PSK clients.
PGHammer21A is offline  
Reply OLED Technology and Flat Panels General

User Tag List

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off