The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners’ social media credentials and even to spy on those watching the TV using compatible video cameras and microphones.
In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown (“zero day”) hole affects Samsung Smart TVs running the latest version of the company’s Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.
Samsung sells a variety of so-called “Smart TVs.” The devices combine traditional high-definition televisions with tablet-like features, including web browsing and a variety of applications designed for the TV itself. Among the accessories sold for the Smart TVs is a Smart TV SKYPE Camera that adds a high-definition camera and microphone to the TV, allowing users to log into their SKYPE account and chat with other SKYPE users from their television.
ReVuln’s researchers discovered the hole as part of research on the IP-enabled Smart TVs. The company, which offers information on security holes it discovers only to subscribers, declined to provide any details about what type of vulnerability they discovered, how they discovered it. Also, ReVuln said it does not plan to disclose the hole to Samsung or work with the company to fix the hole- in keeping with company policy.
Samsung did not respond to a request from Security Ledger for comment prior to publication of this story.
Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can’t be patched without “voiding the device’s warranty and using other exploits,” ReVuln said.
The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.
ReVuln – The TV is watching you from ReVuln on Vimeo.
ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.
For would-be attackers, ReVuln said that the Samsung TVs appear alongside other devices on a home or business network, with their own IP address and are easy to locate and scan for open ports and other paths of entry.
While not common, hacking TVs and other IP-enabled consumer devices is evolving, in pace with the rapid advances in the capabilities of the platforms themselves. Already, hacks of devices running the GoogleTV OS have appeared at the DEFCON and B-Sides hacking conferences.