Original URL: https://www.theregister.co.uk/2012/12/12/smart_tv_pwned/
Samsung's smart TVs 'wide open' to exploits
The downside to being 'more like a PC'
Samsung's Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
Malta-based security start-up ReVuln claims to have discovered a zero-day vulnerability affecting Smart TV, in particularly a Samsung TV LED 3D.
Smart TV can be used to browse the internet, use social networks, purchase movies and perform many other functions. A demo video produced by ReVuln shows how a "vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device," according to Luigi Auriemma of ReVuln. Exploits developed by ReVuln appear to allow it to access remote files and information (including viewing history) as well as the ability to siphon off data on USB drives attached to a compromised TV.
"This specific vulnerability affects almost all the Samsung televisions of the latest generations, so multiple models," Auriemma told El Reg.
"We plan to invest more time and effort on the home devices security in the near future testing the products of many other vendors (we chose Samsung because it's the current market leader in this sector) and moreover finding new types of attacks and ways to use such vulnerabilities. The televisions are just the beginning," he added.
ReVuln says it plans to sell information on the vulnerabilities, rather than report them to equipment manufacturers, in order to "speed up" the development of a fix. Consistent with this general policy, ReVuln is not going into details about the flaws it claims to have discovered.
Security flaws in advanced television sets, which are becoming more like computers, and set-top boxes, has elicited the interest of other security researchers over recent months.
For example, Adam Gowdiak of Security Explorations discovered a possible mechanism for infecting set-top boxes with malware back in January. The attack created the means to either steal or share a satellite signal from a pay-TV subscriber. Proof-of-concept malware developed by Gowdiak offered a means to defeat the Conax conditional access system, the cryptographic technology designed to prevent this type of set-top-box hijacking and unauthorised sharing of satellite programming. The same trick might also be used to capture HD content for later distribution over the internet.
Security Explorations said all four satellite receivers (ITI5800S, ITI5800SX, ITI2850ST, ITI2849ST) tested in its lab, each manufactured by Advanced Digital Broadcast for ITI Neovision, are allegedly vulnerable. Each implements Conax conditional access using an additional security feature called chipset pairing. Flaws in chipset pairing lay at the heart of the multiple vulnerabilities uncovered by Security Explorations.
Unlike ReVuln, the Polish security research start-up notified firms that either supplied or used the affected technology.
Gowdiak presented details of the security vulnerabilities at the at Hack In The Box Security Conference in Amsterdam in May.
Set-top boxes and smart TVs are commonly (but wrongly) thought to be immune from malware and hacking attacks. In reality television systems are becoming more like PCs than the dumb devices of yesteryear, a factor that opens them up to potential security exploits. ®