Feeds

Samsung: Smart TV security hole is so minor we'll fix it immediately

Tellies leak private info to hackers, nothing to see here

Build a business case: developing custom apps

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January.

Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, among other exploits.

ReVuln published a video clip to back up its assertions, and warned the security flaw grants hackers access to personal information and allows to them to plant malware or even change channels on vulnerable sets. Lisa Vaas of Sophos has listed all the possibilities here.

Luigi Auriemma of ReVuln told El Reg that the vulnerability "affects almost all the Samsung televisions of the latest generations", meaning that multiple models are affected.

ReVuln sold information about the flaw to its customers rather than report it to Samsung, which is consistent with its general policy of non-disclosure. Although ReVuln did not go into details about the hole, Samsung said in a statement that it has isolated the problem:

We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TV’s (sic) are safe to use.

We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.

Adam Gowdiak, a Polish researcher who uncovered a possible mechanism for infecting set-top boxes with malware earlier this year, said the vulnerability discovered by ReVuln bears the hallmarks of a Universal Plug and Play (UPnP) bug.

"We haven't looked into Samsung SmartTVs, the YouTube video gives little information, but it looks like UPnP or DLNA [Digital Living Network Alliance] issue to us," said Gowdiak, whose Security Explorations firm is one of the few consultancies probing the emerging world of TV security in any depth.

A Samsung Smart TV can be used to browse the internet, post updates to social networks, purchase movies and perform many other tasks. These next-generation tellies are commonly, but wrongly, thought to be immune from malware and hacking attacks. In reality smart TVs and set-top boxes are becoming more like PCs than the dumb devices of yesteryear, a factor that makes information security a potential concern.

And, let's face it, if it's electronic, someone will find a way to compromise it. ®

The essential guide to IT transformation

More from The Register

next story
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
End of buttons? Apple looks to patent animating iPhone sidewalls
Filing suggests handset with display strips
Samsung Gear S: Quick, LAUNCH IT – before Apple straps on iWatch
Full specs for wrist-mounted device here ... but who'll buy it?
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Now that's FIRE WIRE: HP recalls 6 MILLION burn-risk laptop cables
Right in the middle of Burning Mains Man week
Apple's iWatch? They cannae do it ... they don't have the POWER
Analyst predicts fanbois will have to wait until next year
Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
Tip: Put the shades on and you'll look less of a spanner
HUGE iPAD? Maybe. HUGE ADVERTS? That's for SURE
Noo! Hand not big enough! Don't look at meee!
AMD unveils 'single purpose' graphics card for PC gamers and NO ONE else
Chip maker claims the Radeon R9 285 is 'best in its class'
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.