Feeds

Samsung: Smart TV security hole is so minor we'll fix it immediately

Tellies leak private info to hackers, nothing to see here

Security for virtualized datacentres

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January.

Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, among other exploits.

ReVuln published a video clip to back up its assertions, and warned the security flaw grants hackers access to personal information and allows to them to plant malware or even change channels on vulnerable sets. Lisa Vaas of Sophos has listed all the possibilities here.

Luigi Auriemma of ReVuln told El Reg that the vulnerability "affects almost all the Samsung televisions of the latest generations", meaning that multiple models are affected.

ReVuln sold information about the flaw to its customers rather than report it to Samsung, which is consistent with its general policy of non-disclosure. Although ReVuln did not go into details about the hole, Samsung said in a statement that it has isolated the problem:

We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TV’s (sic) are safe to use.

We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.

Adam Gowdiak, a Polish researcher who uncovered a possible mechanism for infecting set-top boxes with malware earlier this year, said the vulnerability discovered by ReVuln bears the hallmarks of a Universal Plug and Play (UPnP) bug.

"We haven't looked into Samsung SmartTVs, the YouTube video gives little information, but it looks like UPnP or DLNA [Digital Living Network Alliance] issue to us," said Gowdiak, whose Security Explorations firm is one of the few consultancies probing the emerging world of TV security in any depth.

A Samsung Smart TV can be used to browse the internet, post updates to social networks, purchase movies and perform many other tasks. These next-generation tellies are commonly, but wrongly, thought to be immune from malware and hacking attacks. In reality smart TVs and set-top boxes are becoming more like PCs than the dumb devices of yesteryear, a factor that makes information security a potential concern.

And, let's face it, if it's electronic, someone will find a way to compromise it. ®

New hybrid storage solutions

More from The Register

next story
Apple iPhone 6: Missing sapphire glass screen FAIL explained
They just cannae do it in time, says analyst
Oh noes, fanbois! iPhone 6 Plus shipments 'DELAYED' in the UK
Is EMBIGGENED Apple mobile REALLY that popular?
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
The Apple Watch and CROTCH RUBBING. How are they related?
Plus: 'NostrilTime' wristjob vid action
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Half a BILLION in the making: Bungie's Destiny reviewed
It feels very familiar - but it's still good
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.