Samsung SMART TV Zero Day Exploit
Thinking of getting someone a great new television for Christmas? You may want to reconsider. There have been many conspiracy theories surrounding the use of televisions by the government to spy on the oblivious population.
Concerns are rising again with Smart televisions that could be used to not only survey the population by the government, but by criminals for nefarious purposes. The scenario reads almost verbatim from George Orwell’s classic novel Nineteen Eighty-Four; with its ubiquitous Telescreen that monitors the private and public lives of the populace in a not-so-far-off dystopian future.
A security exploit called the “zero day” hole has been found in at least one of Samsung’s Smart TVs that if left unpatched, could allow hackers to not only glean a users social media credentials, but to steal files from connected USB devices and the ability to use attached microphones and cameras to spy on unwary individuals.
The exploit was revealed the ReVuln company who offers research on technology security issues to its subscribers, states that the hole affects the Samsung Smart TVs running the latest version of the comany’s Linux based firmware.
ReVuln posted a video showing an attack on a Samsung TV LED 3D Smart TV that shows an attacker gaining shell access, copying the contents of the hard drive to an external device and mounting them on a local drive, allowing access to photos, documents, online credentials for social networks or other online services.
Samsung sells a number of different Smart TVs that combine high definition viewing with tablet-like features and allow for web browsing (Anyone remember WebTV?). One of the accessories that is offered is the Smart TV Skype Camera which allows users to chat with other Skype users through their television. So far, Samsung has not commented on the details of the security hole, or what they are doing to correct it.
Smart TVs do not offer any native security features standard to most IP-enabled devices such as a firewall, user authentication or application white listing. Perhaps most shocking is that there is no way to independently apply a software update to correct the problem. This means that without a firmware update directly from Samsung, the security hole remains unchecked and cannot be patched without voiding the manufacturer’s warranty.
SEO news blog post by guestpost @ 11:35 am on December 17, 2012