Security Hole in Samsung Smart TVs Could Allow Remote Spying

The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners’ social media credentials and even to spy on those watching the TV using compatible video cameras and microphones.

Samsung Smart TV
Samsung’s Smart TVs contain a critical, remotely exploitable security hole.

In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown (“zero day”) hole affects Samsung Smart TVs running the latest version of the company’s Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.

Samsung sells a variety of so-called “Smart TVs.” The devices combine traditional high-definition televisions with tablet-like features, including web browsing and a variety of applications designed for the TV itself. Among the accessories sold for the Smart TVs is a Smart TV SKYPE Camera that adds a high-definition camera and microphone to the TV, allowing users to log into their SKYPE account and chat with other SKYPE users from their television.

ReVuln’s researchers discovered the hole as part of research on the IP-enabled Smart TVs. The company, which offers information on security holes it discovers only to subscribers, declined to provide any details about what type of vulnerability they discovered, how they discovered it. Also, ReVuln said it does not plan to disclose the hole to Samsung or work with the company to fix the hole- in keeping with company policy.

Samsung did not respond to a request from Security Ledger for comment prior to publication of this story.

Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can’t be patched without “voiding the device’s warranty and using other exploits,” ReVuln said.
The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.

ReVuln – The TV is watching you from ReVuln on Vimeo.

ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.

For would-be attackers, ReVuln said that the Samsung TVs appear alongside other devices on a home or business network, with their own IP address and are easy to locate and scan for open ports and other paths of entry.

While not common, hacking TVs and other IP-enabled consumer devices is evolving, in pace with the rapid advances in the capabilities of the platforms themselves. Already, hacks of devices running the GoogleTV OS have appeared at the DEFCON and B-Sides hacking conferences.

39 Comments

  1. “More critically: there is no software update capability, meaning that the exploitable hole can’t be patched”

    Not quite sure what this statement is implying? Samsung Smart TVs most definitely do have a software update feature.

    • Hey – Just to be clear: I meant independent update or configuration capability – ie: that owners couldn’t fix the hole on their own, barring a firmware update from Samsung, without voiding warranties. Sorry for the confusion. I’ve clarified that sentence in the article.

      • You said they can’t fix it without a firmware upgrade. Question – Is the firmware upgrade dependent upon the software on the TV to activate it, or is it burned onto the ROM of the chip where malicious software couldn’t just prevent an upgrade? (Making your TV a heap of trash barring work with a soldering iron.)
        Maybe that is the most dangerous thing of this particular vulnerability: Making people’s TVs a pile of trash (competitor or even Samsung themselves would have an interest). Or perhaps making it so only certain shows could be viewed with a TV. Or some form of public humiliation.

        • Really good question. Waiting to hear back from Samsung (and waiting…and waiting…). My sense is that this is software-activated, not hardware based, though.

    • Could be a firmware security exploit, which might be unpatchable.

  2. Pingback: itfreshnews.com

  3. Concerned Citizen

    Take this:
    “The company, which offers information on security holes it discovers only to subscribers, declined to provide any details about what type of vulnerability they discovered, how they discovered it”

    Paired with this:
    “ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.”

    And paired with them releasing a sensationalist piece saying your TV could be hacked Orwellian style…this looks like nothing more than a security firm extorting money out of Samsung to plug the bad press. How can a customer (or Samsung) assess how severe this risk is? For all I know, their “hole” requires you to have local network access to the TV, something a hacker wouldn’t have thanks to a basic $20 home router firewall.

    • Another Concerned Citizen

      And that same $20 dollar home router firewall also has wifi built in. If the creepy stalker guy down the hall wants to spy on you all he has to do is break your wifi password and connect to your TV.

  4. A Few things, Wouldn’t a properly configured WPA2 encrypted network prevent this? This group (Revuln) isn’t providing any real details.

    • paranoid concerned citizen

      Can’t you just disable internet access on the TV? worst case, block it at the router.

  5. Pingback: Research Firm Claims They’ve Hacked Samsung’s HDTV That Watches You | HD Guru

  6. Here are some instructions on how to do the firmware upgrade. (Skill level: Intermediate) http://www.youtube.com/watch?v=iHBFmCBR7JM

  7. Pingback: Research Firm Claims Theyve Hacked Samsungs HDTV That Watches You | 3D HDTV Reviews and Discount

  8. Pingback: Smart TV Exploit Means Hackers Can Watch You Watch TV | Exploit Archive

  9. Pingback: Security Hole Could Let Samsung TVs Watch You « Security Advancement

  10. Pingback: Research Firm Claims They’ve Hacked Samsung’s HDTV That Watches You » Flat Screen Universe

  11. Pingback: – Smart TV Exploit Means Hackers Can Watch You Watch TV

  12. Pingback: Hackers Reportedly Exploit Samsung Smart TVs, Can Spy On You | WebProNews

  13. Adrianna Lambert

    I promise you one thing; Those hackers are going to be bored to death with whatever they get to see at my house! 🙂

  14. Pingback: Security Hole in Samsung Smart TVs Could Let Hackers Spy On You | Exploit Archive

  15. Pingback: Links 14/12/2012: Linux 3.8 Previews, CrossOver 12.0.0 | Techrights

  16. Pingback: ICU? TV with cam vulnerable | Samsung News

  17. Pingback: Samsung TVs Can Be Hacked to Spy on Viewers | Dark PoliticksDark Politricks

  18. Pingback: December 14, 2012 « cybersecurity update

  19. Pingback: Samsung TVs Can Be Hacked to Spy on Viewers - Rise of the Right

  20. Pingback: Samsung TVs Can Be Hacked to Spy on Viewers | Mountain Republic

  21. “While not common, hacking TVs and other IP-enabled consumer devices is evolving, in pace with the rapid advances in the capabilities of the platforms themselves. Already, hacks of devices running the GoogleTV OS have appeared at the DEFCON and B-Sides hacking conferences.”

    What you wrote there seems to imply similar security holes are in GTV devices and that is simply untrue, the GTVhacker stuff deals with rooting the devices for more user access and have nothing to do with blackhat style attacks.

  22. Pingback: theinfowarriors | North American Union | Conspiracy | 9/11

  23. Pingback: Samsung TVs Can Be Hacked to Spy on Viewers

  24. Pingback: Samsung TVs Can Be Hacked to Spy on Viewers | Nwo Report

  25. Pingback: La SMART TV tellement intelligente qu’elle peut vous voir - Technouille

  26. Pingback: Security Hole in Samsung Smart TVs Could Allow Remote Spying | The Freedom Watch

  27. Pingback: Who's watching whom? Camera-equipped TV can be hacked, says researcher | Samsung News

  28. Pingback: Samsung TVs Can Be Hacked to Spy on Viewers « The U.S. Chronicle

  29. Pingback: Samsung TVs Can Be Hacked to Spy on You | West Coast News On First Nation Issues, Jobs, Events, And Environmental Issues On The West Coast And World Events.

  30. Pingback: Research Firm Claims Theyve Hacked Samsungs HDTV That Watches You-Updated | 3D HDTV Reviews and Discount

  31. Pingback: Agujeros de seguridad en Samsung Smart TV permiten espionaje remoto | IntelDig

  32. Pingback: Smart TV Dumb Security | Bach Seat