Security Hole in Samsung Smart TVs Could Allow Remote Spying

Posted by: Paul   December 12, 2012 11:2713 comments

The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners’ social media credentials and even to spy on those watching the TV using compatible video cameras and microphones.

Samsung Smart TV

Samsung’s Smart TVs contain a critical, remotely exploitable security hole.

In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown (“zero day”) hole affects Samsung Smart TVs running the latest version of the company’s Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.

Samsung sells a variety of so-called “Smart TVs.” The devices combine traditional high-definition televisions with tablet-like features, including web browsing and a variety of applications designed for the TV itself. Among the accessories sold for the Smart TVs is a Smart TV SKYPE Camera that adds a high-definition camera and microphone to the TV, allowing users to log into their SKYPE account and chat with other SKYPE users from their television.

ReVuln’s researchers discovered the hole as part of research on the IP-enabled Smart TVs. The company, which offers information on security holes it discovers only to subscribers, declined to provide any details about what type of vulnerability they discovered, how they discovered it. Also, ReVuln said it does not plan to disclose the hole to Samsung or work with the company to fix the hole- in keeping with company policy.

Samsung did not respond to a request from Security Ledger for comment prior to publication of this story.

Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can’t be patched without “voiding the device’s warranty and using other exploits,” ReVuln said.
The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.

ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.

For would-be attackers, ReVuln said that the Samsung TVs appear alongside other devices on a home or business network, with their own IP address and are easy to locate and scan for open ports and other paths of entry.

While not common, hacking TVs and other IP-enabled consumer devices is evolving, in pace with the rapid advances in the capabilities of the platforms themselves. Already, hacks of devices running the GoogleTV OS have appeared at the DEFCON and B-Sides hacking conferences.

Tags:

13 Comments

  • “More critically: there is no software update capability, meaning that the exploitable hole can’t be patched”

    Not quite sure what this statement is implying? Samsung Smart TVs most definitely do have a software update feature.

    • Hey – Just to be clear: I meant independent update or configuration capability – ie: that owners couldn’t fix the hole on their own, barring a firmware update from Samsung, without voiding warranties. Sorry for the confusion. I’ve clarified that sentence in the article.

      • You said they can’t fix it without a firmware upgrade. Question – Is the firmware upgrade dependent upon the software on the TV to activate it, or is it burned onto the ROM of the chip where malicious software couldn’t just prevent an upgrade? (Making your TV a heap of trash barring work with a soldering iron.)
        Maybe that is the most dangerous thing of this particular vulnerability: Making people’s TVs a pile of trash (competitor or even Samsung themselves would have an interest). Or perhaps making it so only certain shows could be viewed with a TV. Or some form of public humiliation.

        • Really good question. Waiting to hear back from Samsung (and waiting…and waiting…). My sense is that this is software-activated, not hardware based, though.

    • Could be a firmware security exploit, which might be unpatchable.

  • Concerned Citizen

    Take this:
    “The company, which offers information on security holes it discovers only to subscribers, declined to provide any details about what type of vulnerability they discovered, how they discovered it”

    Paired with this:
    “ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.”

    And paired with them releasing a sensationalist piece saying your TV could be hacked Orwellian style…this looks like nothing more than a security firm extorting money out of Samsung to plug the bad press. How can a customer (or Samsung) assess how severe this risk is? For all I know, their “hole” requires you to have local network access to the TV, something a hacker wouldn’t have thanks to a basic $20 home router firewall.

    • Another Concerned Citizen

      And that same $20 dollar home router firewall also has wifi built in. If the creepy stalker guy down the hall wants to spy on you all he has to do is break your wifi password and connect to your TV.

  • A Few things, Wouldn’t a properly configured WPA2 encrypted network prevent this? This group (Revuln) isn’t providing any real details.

    • paranoid concerned citizen

      Can’t you just disable internet access on the TV? worst case, block it at the router.

  • Here are some instructions on how to do the firmware upgrade. (Skill level: Intermediate) http://www.youtube.com/watch?v=iHBFmCBR7JM

  • ” stuBID TV “

  • Adrianna Lambert

    I promise you one thing; Those hackers are going to be bored to death with whatever they get to see at my house! :)

  • boone simpson

    “While not common, hacking TVs and other IP-enabled consumer devices is evolving, in pace with the rapid advances in the capabilities of the platforms themselves. Already, hacks of devices running the GoogleTV OS have appeared at the DEFCON and B-Sides hacking conferences.”

    What you wrote there seems to imply similar security holes are in GTV devices and that is simply untrue, the GTVhacker stuff deals with rooting the devices for more user access and have nothing to do with blackhat style attacks.

%d bloggers like this: