Feeds

Samsung: Smart TV security hole is so minor we'll fix it immediately

Tellies leak private info to hackers, nothing to see here

SANS - Survey on application security programs

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January.

Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, among other exploits.

ReVuln published a video clip to back up its assertions, and warned the security flaw grants hackers access to personal information and allows to them to plant malware or even change channels on vulnerable sets. Lisa Vaas of Sophos has listed all the possibilities here.

Luigi Auriemma of ReVuln told El Reg that the vulnerability "affects almost all the Samsung televisions of the latest generations", meaning that multiple models are affected.

ReVuln sold information about the flaw to its customers rather than report it to Samsung, which is consistent with its general policy of non-disclosure. Although ReVuln did not go into details about the hole, Samsung said in a statement that it has isolated the problem:

We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TV’s (sic) are safe to use.

We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.

Adam Gowdiak, a Polish researcher who uncovered a possible mechanism for infecting set-top boxes with malware earlier this year, said the vulnerability discovered by ReVuln bears the hallmarks of a Universal Plug and Play (UPnP) bug.

"We haven't looked into Samsung SmartTVs, the YouTube video gives little information, but it looks like UPnP or DLNA [Digital Living Network Alliance] issue to us," said Gowdiak, whose Security Explorations firm is one of the few consultancies probing the emerging world of TV security in any depth.

A Samsung Smart TV can be used to browse the internet, post updates to social networks, purchase movies and perform many other tasks. These next-generation tellies are commonly, but wrongly, thought to be immune from malware and hacking attacks. In reality smart TVs and set-top boxes are becoming more like PCs than the dumb devices of yesteryear, a factor that makes information security a potential concern.

And, let's face it, if it's electronic, someone will find a way to compromise it. ®

SANS - Survey on application security programs

More from The Register

next story
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.