Samsung Smart TV pwnable over Wi-Fi Direct, pentester says
Sammy says trust-known-MACs code is a feature not a bug
A security researcher is complaining that Samsung isn't making a serious response to a vulnerability in its Smart TVs.
The bug, discovered by pen-test outfit Neseso, concerns the televisions' implementation of Wi-Fi Direct authentication. An attacker only needs to sniff out the MAC address of a trusted device to connect to the TV. From there they potentially enjoy a jump-off point to a target's network.
Neseso says it's published its discovery at Full Disclosure because Samsung doesn't consider it a security risk.
The Smart TVs have a convenience feature so users don't have to authenticate every time they turn the TV on: trusted devices are instead whitelisted by MAC address. “The user will get notified about the whitelisted device connecting to the Smart TV, but no authentication [is] required”, the post states.
Since MAC addresses are easily sniffed over Wi-Fi and can also be spoofed, an attacker can impersonate the trusted device, get full access to the TV's features (including screen mirroring and remote control), and potentially access the network to which the TV is connected.
In the disclosure, Neseso says Wi-Fi Direct is enabled by default on the TVs, and switched on each time the TV is powered up – meaning a user would have to turn it off after each power-up.
Neseso says it first contacted Samsung in March, and was told early this month that the company “concluded that this is not a security threat”. ®