Feeds

Samsung: Smart TV security hole is so minor we'll fix it immediately

Tellies leak private info to hackers, nothing to see here

Internet Security Threat Report 2014

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January.

Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, among other exploits.

ReVuln published a video clip to back up its assertions, and warned the security flaw grants hackers access to personal information and allows to them to plant malware or even change channels on vulnerable sets. Lisa Vaas of Sophos has listed all the possibilities here.

Luigi Auriemma of ReVuln told El Reg that the vulnerability "affects almost all the Samsung televisions of the latest generations", meaning that multiple models are affected.

ReVuln sold information about the flaw to its customers rather than report it to Samsung, which is consistent with its general policy of non-disclosure. Although ReVuln did not go into details about the hole, Samsung said in a statement that it has isolated the problem:

We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TV’s (sic) are safe to use.

We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.

Adam Gowdiak, a Polish researcher who uncovered a possible mechanism for infecting set-top boxes with malware earlier this year, said the vulnerability discovered by ReVuln bears the hallmarks of a Universal Plug and Play (UPnP) bug.

"We haven't looked into Samsung SmartTVs, the YouTube video gives little information, but it looks like UPnP or DLNA [Digital Living Network Alliance] issue to us," said Gowdiak, whose Security Explorations firm is one of the few consultancies probing the emerging world of TV security in any depth.

A Samsung Smart TV can be used to browse the internet, post updates to social networks, purchase movies and perform many other tasks. These next-generation tellies are commonly, but wrongly, thought to be immune from malware and hacking attacks. In reality smart TVs and set-top boxes are becoming more like PCs than the dumb devices of yesteryear, a factor that makes information security a potential concern.

And, let's face it, if it's electronic, someone will find a way to compromise it. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Tim Cook: The classic iPod HAD to DIE, and this is WHY
Apple, er, couldn’t get the parts for HDD models
Apple spent just ONE DOLLAR beefing up the latest iPad Air 2
New iPads look a lot like the old one. There's a reason for that
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Caterham Seven 160 review: The Raspberry Pi of motoring
Back to driving's basics with a joyously legal high
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.