Samsung TVs Can Be Hacked Into Endless Restart Loop

Gunkerty Jeb writes "Italian security researcher Luigi Auriemma was trying to play a trick on his brother when he accidentally discovered two vulnerabilities in all current versions of Samsung TVs and Blu-Ray systems that could allow an attacker to gain remote access to those devices. Auriemma claims that the vulnerabilities will affect all Samsung devices with support for remote controllers, and that the vulnerable protocol is on both TVs and Blu-Ray enabled devices. One of the bugs leads to a loop of endless restarts while the other could cause a potential buffer overflow."

Great trick

Haha! I broke your TV!

Re:Great trick

[xclr8r]

The buffer overflow is worrisome . A lot of the newer BluRay Players have additional features like netflix over wifi/homenetwork. The basic consumer may put in their credit card (or ____ forbid their debit card) info to start their netflix account.

Re:Great trick

[Jeremiah+Cornelius]

Hey! Deja Vu,

I think I've seen this movie before...

Hey! Deja Vu,

I think I've seen this movie before...

Hey! Deja Vu,

I think I've seen this movie before...

Hey!

Re:Great trick

(or ____ forbid their debit card)

And?

Unless you have a very terrible bank and/or don't bother checking your account ever, this isn't exactly a big deal. I just went through this a few weeks ago, when yonder random payment processor got owned hardcore.

Checked my account - like I do regularly, and found a weird charge. Called up my bank, said, "What is this I don't even?" Bam. Charge killed, money returned, new card in the mail, before I could even say, "Wow, you guys aren't nearly as evil as the Internet led me to believe."

Of course, I suppose the fact that I actually bother checking my account activity regularly makes me some sort of Fiscal Wizard compared to your average person. :p

Re:Great trick

But, it seems to require a remote controller. You need to be in their home or walking by with a remote controller to cause this to happen.

I didn't read if both required the remote controller but that is what the summary leads me to believe.

Re:Great trick

[UnknowingFool]

That depends on how they implement it. For my bluray player netflix setup, they put a unique ID on the screen and told me to authenticate it on my account using my computer. So the bluray player never accessed any information about my account. My bluray doesn't have a web browser built-in only Internet access.

Re:Great trick

[UnknowingFool]

Some banks have very good fraud detection systems and it is in their interest to have them. The sooner they detect it, the less headache they have to deal with. One of my banks froze my card after I made several unexpected large purchases in one day. Another one called me when they noticed suspicious charges to confirm that I did make them. Someone got my card number, but I still had my card so I would not have reported it stolen or lost.

Re:Great trick

This or this or this or this or this?

Re:Great trick

[djl4570]

It's deja vu all over again.

Re:Great trick

[jimbolauski]

What the GP is saying is that many banks will issue refunds immediately for fraudulent purchases, and will remove any overdrafts fees if any occurred. In my experience that is how banks work, legally they are not obligated to do so but do so to keep their customers happy. I don't use my debt card for purchases due to the risks but have not heard of any body getting told by the bank that it's not the banks responsibility. Further any overdrafts that occurred from the fraudulent charges will not be assessed because of how they occurred.

Re:Great trick

[ByOhTek]

Any issues I've had from debit card or credit card fraud from my bank, has had the money fixed/cleared in under 24 hours.

Some people have faster / more responsive banks. That doesn't make them clueless. You however...

Re:Great trick

[SydShamino]

You know you pay for that, right? The service charges your bank and/or credit card processor charge the vendors take into account their work to prevent fraud. I believe they pass all fraudulent charges back to the merchant who rang them, so in this case wherever the thieves used your card will lose the funds. All of that is passed back to the consumer in the form of higher prices.

So no, it's not a tragedy if a card is occasionally misplaced and misused, but it's still a leech on the system - EVERYONE's system - to allow it to happen systemically.

Re:Great trick

[msobkow]

The last banking error I had to deal with took less than 48 hours to fix.

But Canadian banks aren't allowed to delay the repair process so they can keep lending out YOUR money while they "fix" the problem as they do in the US.

The last US based bank problem I had took a month to fix; it was the same problem I had here in Canada -- an incomplete/invalid transaction that "withdrew" money from my account but didn't properly "deposit" it with the retail store, leaving insufficient funds to retry the transaction.

Re:Great trick

[Mitreya]

Unless you have a very terrible bank and/or don't bother checking your account ever, this isn't exactly a big deal. I just went through this a few weeks ago, when yonder random payment processor got owned hardcore.

Problem is they don't have to. The behavior will vary bank to bank, and running into such issue is how you learn. A bank might also say "sorry, the money is gone - transfer credentials were legitimate". And there will be nothing you can do.
Credit cards, on the other hand, provide chargeback as one of the services (often by screwing the vendor always assuming their fault, but that's another story and doesn't typically concern the buyer).

Re:Great trick

[DarkOx]

Can name one Netflix device that takes CC number? I never seen that. They all either take your Netflix username/password pair or like the Wii give you number you then enter on the website with your PC.

Not that Joe Sixpack's un-patched, allow all outbound firewall or not firewalled, Windows PC logged on as 'Administrator' is much safer to type a CC number on but still.

Re:Great trick

Of course, I suppose the fact that I actually bother checking my account activity regularly makes me some sort of Fiscal Wizard compared to your average person. :p

I checked my account and noticed strange transactions once too. After calling my bank to see if they were fraudulent, they asked if I actually wanted to cancel the card since the card thieves were actually spending LESS money than my wife. /rimshot

Re:Great trick

[interkin3tic]

Some banks are so good at fraud detection, they shut down your bank account when you make a purchase overseas even after telling them a week in advance exactly where you were going, leaving you in a foreign country with no money.

To be fair, any large organization is going to make clerical errors, and it's better that they err on that side, since it happens a lot less frequently.

Re:Great trick

[Pf0tzenpfritz]

Of course, I suppose the fact that I actually bother checking my account activity regularly makes me some sort of Fiscal Wizard compared to your average person. :p

Not bad. Now proceed to that hole in the ground for proctology class.

Re:Great trick

Maybe you should stop being oversensitive. Any one thing being wrong in the US isn't a personal insult on you.

One thing that is common in the US (and this one is true of you) is the attitude that any suggestion that the US isn't the best in every way is equivalent to saying the US is an irredeemable piece of shit or something. The fact is, in a very high number of ways, the US is a perfectly average country, just like every other country on the planet. It's very rare that you're the absolute best; about as rare as when you're the absolute worst. And in any case where you are not the absolute best, there will be an example of some other country doing it better.

The US banking system is a particularly weird one to hold onto. It's quite below average for a wealthy country in a number of respects. Some of its quirks are infamously responsible for the latest large recession. Here we're talking about weaker consumer protection laws, which is pretty common in the US.

TV

[SJHillman]

My parents recently got a 52" Internet connected Samsung TV. Any way I could use this to replace the crap Samsung apps with something better?

Re:TV

[Cenan]

If the second bug he found really is a buffer overflow vulnerability, there could be no end to the funny shit you could do to your TV.

Re:TV

[AmberBlackCat]

I'm thinking "biggest Android tablet ever". With a Kinect instead of a touchscreen. Or at least a real web browser instead of only being able to look at sites of their "partners".

Re:TV

www.samygo.tv

Re:TV

[Anaerin]

Not yet, but as the TVs run Linux underneath (and have published their sourcecode, as they required to by the GPL) they're working on it: http://www.samygo.tv/

Re:TV

[drinkypoo]

My parents recently got a 52" Internet connected Samsung TV. Any way I could use this to replace the crap Samsung apps with something better?

Sure. Just give me the IP address...

Re:TV

Sure. Just give me the IP address...

207.46.19.254 :)

Re:TV

[JoeCommodore]

My parents recently got a 52" Internet connected Samsung TV. Any way I could use this to replace the crap Samsung apps with something better?

Sure. Just give me the IP address...

It's 127.0.0.1 - hack away!

Re:TV

[bastafidli]

You can look at any website, not sure what you are talking about.

Re:TV

[higuita]

hey, you already created my username and setup my personal password?! ! how did you know then!?

I will teach you a lesson, i'm doing pipe the /dev/zero to your HD right now!!

Re:TV

Hey, it's time to move to IPv6 already.

Running out of IPv4 addresses and all that...

Re:TV

[jones_supa]

I think we also slashdotted it.

Re:TV

[gstrickler]

From TFA:

To exploit Auriemma’s vulnerabilities requires only that the devices are connected to a wi-fi network.

Solution, hard wire and use a firewall. Update the firmware when Samsung fixes it.

Re:TV

[blue_teeth]

"endless restarts".....

Just look at the bright side...enhanced refresh rates and De-gauss!!

Re:TV

[Beardo+the+Bearded]

Give it two weeks and you'll have a plethora of hacks that can make your Samsung... well, yours.

Re:TV

Is http://127.0.0.1 your web site? I think it looks terrific!

But then again, I'm a bit biased since it looks a lot like mine.

Re:TV

[SydShamino]

Solution: Ask every household who bought our TV for their fancy living room setup to run a 50 foot ethernet cable along the floor and up the wall to the television, then configure something on their router they've never heard of.

Re:TV

[splatter]

Yeah, same here. The only restriction on my Samsung set is it will not authenticate. Neither through the normal browser procedure or by entering login credentials in the URL.

Re:TV

[SJHillman]

My parent's TV doesn't have any general web browser that I've been able to find on it. All you can download are various apps (some of which give you the functionality of sites like YouTube and Google Maps).

Re:TV

[jaymemaurice]

err, mine is... 0:0:0:0:0:0:0:1
I have the first IPv6 address! Bought it for lots of money.

Re:TV

[jaymemaurice]

http://2130706433/ is mine.. it looks like yours too.
My companies is also very similar... http://7f000001/

Re:TV

[zizzybaloobah]

Get them a Google TV box (it runs Android Honeycomb). You get the Chrome browser, apps, games, etc, along with a real keyboard (but the keyboard only includes a tiny touch screen area, I'm disappointed to say).

Re:TV

[bastafidli]

Then it is a possible problem of TV capabilities and not Samsung limiting what you can or cannot do. E.g. the D8000 has full featured browser available.

Re:TV

[fahrbot-bot]

I will teach you a lesson, i'm doing pipe the /dev/zero to your HD right now!!

Probably more interesting than most Prime Time shows.

Re:TV

[BobNET]

Thanks! Seems like a good resource for porn and warez, although it looks like I have most of it already.

(Anyone else remember when warez.slashdot.org resolved to 127.0.0.1?)

Re:TV

[gstrickler]

Solution: don't connect your TV to the Internet.

Re:TV

[Tarlus]

192.168.1.101

Re:TV

[sexconker]

Solution: Go out of your way to buy a dumb tv and then hook up a PC to it to do whateverthefuckyouwant.

Then still get fucked in the ass because "Smart" is the new 3D. Nobody wants it. It will be rammed down your throat regardless.

Re:TV

[AmberBlackCat]

Hmm maybe it depends on the model. Or maybe I've flipped. Either way, if the web browser works, I could do without rooting the television to make it an Android tablet... for now...

Re:TV

Holy shit! The TV is trying to hack me back!

Re:TV

Real geeks write it right, ::1

Re:TV

[bastafidli]

NP. Look at the very first icon here

http://www.samsung.com/us/2012-smart-tv/#hub

It says Web Browser.

Re:TV

err, mine is... 0:0:0:0:0:0:0:1
I have the first IPv6 address! Bought it for lots of money.

Wrong! Mine's ::1, clearly shorter and more firsty than yours.

Re:TV

Buy a Sharp?

Re:TV

[DinDaddy]

. . . and De-gauss!!

um . . .

Re:TV

[bryan1945]

How did you know my router's address? :D

Re:TV

[SydShamino]

I convinced my and my wife's parents to buy the best TV to display a picture they could find, then complement it with an Apple TV. I think that's a smarter choice than any smart TV. Personally I'm going to use a TV for a decade or more. We still use our 46" plasma bought in 2003. Who would want to be stuck with the "smart TV" options available in 2003? Who in 2021 would want to be stuck with the "smart TV" options available in 2012?

Get a TV that can provide a great picture. The content can be supplied by a cheap, readily-upgradable accessory device.

On The Up Side ...

[WrongSizeGlass]

On the up side you can't be inundated with endless commercials if your TV is in an endless restart loop ;-)

Re:On The Up Side ...

[pkinetics]

I'm just imagining getting stuck watching the trailer credits / ads on the blue ray discs... over and over and over again...

Re:On The Up Side ...

On the up side you can't be inundated with endless commercials if your TV is in an endless restart loop ;-)

That also take care of the reality shows.

Re:On The Up Side ...

[Lord+Juan]

What is the difference?, they are endless anyway.

Init Level 6

[jellomizer]

I remember back in the good old days when Linux wasn't configured to automatically start in X. So I did what I have done a hundred times before, edit the inittab file. However for some reason that day I was thinking that init level 6 was the init level to Start X in...
Well at least I had a bootable CD.
# mount /dev/hda1 -t ext2 /mnt
# vi /mnt/etc/inittab
(changed it to 5)
# umount /mnt
# sync; sync; sync; reboot

Re:Init Level 6

[cpu6502]

What?
Relevance to this story?

Re:Init Level 6

[Compaqt]

Hey, speaking of which, anybody know how to boot to a vterm in Ubuntu?

Used to be you could do that in Redhat by going to a different runlevel. Not sure the recommended way for that in Ubuntu and friends.

(Also, anybody remember running "win" to start Windows from DOS and getting looks from the old-timers in the office when you started that new-fangled graphical thing?)

Re:Init Level 6

[Jahava]

What? Relevance to this story?

Init level 6 is "Reboot", so the system was configured to boot up ... and then reboot ... and reboot ... and reboot... This is relevant to the story because the story is also about an "endless restart loop"!

Re:Init Level 6

[game+kid]

Runlevel 5 is the typical X level. You switch to runlevel 6 to reboot the system.

So you set inittab to default to level 6 when you want to incur general rage and butthurt with a restart loop. :D

Re:Init Level 6

[NeverVotedBush]

He's just an old 6502 cpu. Not much memory space. I can understand how the story topic would FIFO out...

Re:Init Level 6

[MagusSlurpy]

Because he set the config file to INIT 6, and the system was stuck in permanent reboot.

Re:Init Level 6

Uninstall gdm and related items, or in newer ubuntus, whatever that trash is they call a display manager. Then it will boot up that way.

Sorry it's that gross, but that's debian based OSes for you. Forget about standards, even if they are open and free.

There are other less nasty ways, but none of them involve doing it the right way, switching the runlevel.

Re:Init Level 6

[jellomizer]

You and those Moderators who modded it as off topic. Needs to turn in you geek card.

Yes, I have a great DOS on it.

[goffster]

I throw it from the top of a building.

Re:Yes, I have a great DOS on it.

Or just stand directly in front of it. Or steal the remote. Or you can DDoS, steal the remote and then play keepaway with it.

"leads to a loop of endless restarts"

[Neil_Brown]

So the hack just tunes the TV to Dave, then? :)

Re:"leads to a loop of endless restarts"

[dgatwood]

Groundhog Day marathon.

Diagnosis

Sounds like a bad case of windows update.

Re:Diagnosis

[Anaerin]

Not really, considering the TVs run Linux: http://www.samygo.tv/

Anybody pine for that golden age

[Compaqt]

Where we had dumped carburetors for computer-controlled engines, but they didn't need to get updates, and those updates weren't wirelessly and remotely pushed?

Where we had dumped cathode ray tubes for flat, liquid crystal displays, but hadn't put the tubes back into TV by stuffing the Internet (and viruses) into them?

Where we had dumped both rotary and touch tone land line phones for cellular phones that could do most anything you'd want them to, and you carry it whereever you went, but you didn't have to have an antivirus running on the phone and didn't have to worry about your contact details being sent to Nigeria?

Re:Anybody pine for that golden age

I miss the ability to buy "monitors" instead of TV's. I have never used all the features that come with TV's - tuners, speakers, etc. and I would try to buy a monitor - just a plain screen. Those are getting harder and harder to find.

Re:Anybody pine for that golden age

[cpu6502]

The larger programs become, the more likely unexpected states (bugs) will sneak in, and then later be exploited.

Life would be vastly improved if programmers wrote code as small and easy-to-understand as Kolibri OS (fits on a floppy). Or even smaller - the early Mac and AmigaOS fit inside ~64 kilobytes. It is easy to find and located bad states in such small programs.

Re:Anybody pine for that golden age

[Ksevio]

No, all those things are crap compared to the wealth of features and connectivity we have now.

A flaw in a car required a full recall to repair it.

TVs could only watch content dictated by the cable company.

Smart phones can do a crap load of handy things.

Re:Anybody pine for that golden age

[autocannon]

Sloppy coding and sloppier testing. Welcome to the new world of consumer products.

I bought a Philips HDTV a few years back. I noticed after a few months that the tv would just turn itself back on 10 minutes to a few hours after I turned it off. At first it was kinda freaky to have it flip on in the middle of the night like that! However, quickly realized that others were having the same problems. Contacted Philips and the first thing they did was send out a thumbdrive with the new firmware that "should" fix it. Wouldn't do a thing until I had done that. Of course it didn't solve the problem because it was a faulty motherboard for that series. They did send a tech out to replace it in warranty and the tv still works fine today (5 years now).

The ease of these updates helps to drive the push to fast, sloppy coding with minimal testing. I just don't see anything on the horizon changing that perspective. If anything, I could see tvs and other internet connected things becoming more google-ish where they just boot up from the interwebz all the time...which is even scarier.

Re:Anybody pine for that golden age

[Guppy06]

Where we had dumped cathode ray tubes for flat, liquid crystal displays

Which only work well with one particular resolution and don't handle interlaced legacy content well at all and...

wait, what?

Re:Anybody pine for that golden age

[Compaqt]

Maybe this is false remembrance, but it seems things worked better then.

A car update might have required a recall, but such problems were infrequent. Going forward, it seems they are going to be very frequent.

Reason being, the thinking will be "it's just software". Hardware gets tested till it works. Software gets tested (if at all) till it's time to ship.

Since "it's only software," it can always be updated. So there's not real discipline to get it right the first time.

Re:Anybody pine for that golden age

[oneiros27]

I just want to go back to the days of the cell phones where you'd press the power button ... and it would turn on.

Not give you a 'booting up' screen or 'loading java' image/video for 3-5 minutes.

Now, if we still had the 100+ hr standby times, I might not have to turn my cell phone off so often, but it's still pretty crappy when you turn your phone back on after the plane lands, and you're already in baggage claim before you can finally check your voicemail.

Re:Anybody pine for that golden age

[Yvan256]

They're not in the 40-60 inches range, but most decent computer monitors now have at least one HDMI input.

Re:Anybody pine for that golden age

TVs could only watch content dictated by the cable company.

Apart from the fact that a TV doesn't watch content, but only show it, you must have had a crappy TV if it only could show content from the cable company. My TV showed terrestrial and satellite content quite well (OK, for the latter it needed a separate satellite receiver), and even content played to it from my VCR. And in the early times, it even showed the output of my computer.

Re:Anybody pine for that golden age

Good luck adding unicode support in just 64KB.

Many researchers study "c. elegans" instead of more complex creatures, but it doesn't do as much.

Re:Anybody pine for that golden age

[Compaqt]

What's crazy strange is how computer makers assume all that people do all day is watch movies (widescreen at that!) all day.

Look at any laptop advertisement. They play up the movie-related features (black blacks! full HD!) On the one hand TV's are too small and yesterday for people to watch movies on, and on the other, people are going to watch on 14-15in screens?

And "full HD". Come on, you got 1080 by dropping 120 pixels off of 1200. It's not like they increased the size. It's annoying how they say "make use of your full screen size". So you've got a huge screen, but your movie takes up only a portion so you're going to lop off the part you're not using? People better hope that doesn't get applied to lone rangers driving a 5-person car. ("Use your full car capacity").

Re:Anybody pine for that golden age

Actually, all the cars I've owned with proper PCMs have had updates available. Some of them pretty major, for example, on my Jeep I can unlock a "hidden" gear ratio in the transmission with an update factory produced 2 years after they sold the vehicle. And, for the same vehicle, the idle speed is set far too low in the original firmware, making the engine be just on the edge of cutting out (feels quite terrible when stopped). Another update produced after the transmission update has the vehicle idle a smige higher so it is a bit less horrible when stopped.

Not that this is worse than the mechanical parts at all--those had their fair share of issues, and those issues were the sort of thing you had to correct over and over (bad distributor, bad spark plug wires, bad throttle, bad timing, etc. etc.)

Re:Anybody pine for that golden age

[bratloaf]

You can easily buy REALLY GOOD lcd monitors in whatever size you can imagine. I install them in office conference rooms all the time, generally large samsung in the 42-60" range. These are designed as transportation and information displays, and are very rugged and last a long time. You just won't find them in your local walmart or best buy. And they won't cost $399 on sale either...

http://www.samsung.com/us/business/commercial-display-solutions

Re:Anybody pine for that golden age

[tlhIngan]

A car update might have required a recall, but such problems were infrequent. Going forward, it seems they are going to be very frequent.

Reason being, the thinking will be "it's just software". Hardware gets tested till it works. Software gets tested (if at all) till it's time to ship.

Since "it's only software," it can always be updated. So there's not real discipline to get it right the first time.

Car updates require work on the dealer side paid for by the manufacturer, so they have a vested interest in keeping it stable (every warranty issue, including recalls, eat into the profits of the cars). So there's a vested interest in not having to do the updates. And aside from the Toyota one (which didn't really do much since it was fat-footwork to be the cause, but since the cars were going back anyways...).

Anyhow, I thought the open-source mantra was "release early, release often". We're just seeing the effects of it applied throughout since more and more stuff is software controlled.

And yes, we're better for it. Cars with electronic fuel injection are pretty much "twist and go" - you don't worry about chokes, flooding, or temperments (as long as the car is in reasonable mechanical shape). The computer does everything to ensure reliability. It doesn't matter that it's -20C or +35C. You get in, insert key, twist, engine runs and car is ready to go after a brief warmup. Doing the same in an old carburetted model tended to involve a lot more work - from choking in cold days to vapor lock on the hot.

Anyhow, the notion of having to do frequent updates is a recent one - I mean, EFI cars were standard by the 90s (20 years ago), and there were much fewer software updates required back then.

Perhaps the ease at which stuff can be updated, and the ease to which we're notified about updates is part of the cause. "Release early, release often" wouldn't work too well if one had to keep downloading over long-distance phones or floppy disks/CDs in the mail (by the time you got it, you were 3 releases out of date...).

Re:Anybody pine for that golden age

Yea I hate that too, thats why I ditched my droid 2 for an iphone. The iphone boots faster than any of my "dumb phones" turned on and had a signal (including analog era)

Re:Anybody pine for that golden age

[xonen]

after the plane lands, and you're already in baggage claim before you can finally check your voicemail.

That was a good laugh for me.. It's only 10 years ago that you'd had to find a phonecell to call. If you had small change. Which was in europe even more fun - exchange notes, get small change, and only then call. Makes me smile that you find a phone in your pocket taking 3 minutes to get you connected to 3G (and only because you installed too many apps on it) is a serious concern...

Re:Anybody pine for that golden age

Since "it's only software," it can always be updated. So there's not real discipline to get it right the first time.

Oh hell, you went and did it. You insulted the "discipline" of "software engineering". Now you'll be eternally hunted down on this site and all of your comments will be modded into oblivion. These code monkeys are probably already hooting like rabid baboons and reading all of your old posts.
Of course, I'm posting AC to protect my precious karma.

Re:Anybody pine for that golden age

Not particularly. I like that my remote control can be updated with new features after its initial release. The only problem here is Samsung's lack of competency (which, given the number of broken firmware updates my Galaxy S has received, seems to be a company-wide issue).

Re:Anybody pine for that golden age

[Howitzer86]

If you're broke like me, you're still living in the golden age.

Re:Anybody pine for that golden age

[sjames]

Because a flaw in a car required a full recall on the auto maker's dime, they made damned sure they got it right the first time. Now that they can just pester the end user with the updates they're approaching the old "OMG It compiled, SHIP IT!!!!!"

Re:Anybody pine for that golden age

Except that HDMI input has no bearing on whether it is a TV or a monitor. The difference between a TV and a monitor is the presence of a tuner, televisions have one, monitors don't. It's still plenty easy to get a monitor.

Re:Anybody pine for that golden age

[Yvan256]

The parent was asking for a "monitor" instead of a TV and said he never used TV features such as tuners and speakers.

I was pointing out that there is monitors with HDMI inputs, which means they can be used by non-computers devices.

Re:Anybody pine for that golden age

[21mhz]

This. Both my Samsung TV and the IPTV set-top box sent by my ADSL provider seem to have been coded by the cheapest monkeys taken off the street, and the development took just enough time to pass a very minimal set of tests. All internal errors are swept under the rug by some very deeply rooted fault handlers, with the result that the menu interface simply freezes for a time whenever it hits an error. Switching the menu language to a less usual choice for the target market leads to a litany of such freezes and other funky effects: apparently, allocation of dynamic buffers (or even sufficiently sized fixed arrays) for l10n strings was beyond their ability.

So this story surprises me, in a way: what, only two vulnerabilities? There must be hundreds of them. I only have faith left in the internet companies who know a thing or two about programming: Apple, Google, Hulu, Netflix, etc.

Re:Anybody pine for that golden age

[jedidiah]

For the n00b user, BluRay playback is perhaps the final frontier of doing something with your PC that actually requires a decent CPU or video card.

Re:Anybody pine for that golden age

[jedidiah]

Are you sure it's actually "booting" or was it just in deep sleep and you got snookered by what was displayed on screen?

Kind of like "instant on" TVs.

Re:Anybody pine for that golden age

[mcgrew]

A flaw in a car required a full recall to repair it.

It still does -- most automotive flaws are hardware, not software.

TVs could only watch content dictated by the cable company.

That is, after cable came into being (everyone used to use antennas) and before the VCR was introduced. I have an analog TV I use as a monitor, plugged into the PC with an S-Video cable.

There's no more sane reason to put a computer inside a TV than there is to put a VCR or DVD built into one. Computers have moving parts, things with moving parts break. TVs have no moving parts and can last for decades. Computers not only have mechanical breakdowns, they can be hacked. The only way to hack a TV is with a screwdriver and a soldering iron.

Re:Anybody pine for that golden age

[Ksevio]

I've seen plenty of TVs with VCR/DVDs in them. There's no reason a computer need moving parts - typically just optical drives and fans need to move. Solid state disks and the Internet replace drives, and low power CPUs mean that fans aren't needed either.

Re:Anybody pine for that golden age

[Vancorps]

Guess that depends on your definition of decent. Current AMD APUs do this without a problem. I built an HTPC almost a year ago which decodes Bluray. The hardest part was getting playback working under Linux. On Windows it was a snap because it's an allowed platform.

Re:Anybody pine for that golden age

Things did work better back then, because they weren't all general purpose devices, they had a specific function they did and they did it well. CRT's are still superior in terms of brightness and longevity and making blocky images look not so blocky. The first smartphones were so bad its kinda funny how everyone jumped right on that bandwagon... I remember people getting iphones just to check e-mail while they're out when my buddy with his Nokia had been doing that for the previous 5 years and it wasn't a smart phone, it had great call quality(iphones still sound like shit)

Re:Anybody pine for that golden age

[colinnwn]

There aren't any "hidden" gear ratios in transmissions. I'm guessing it must be that originally the car only engaged overdrive in 3rd or 4th gear (whichever is the highest normal gear) meaning it was called a 4 or 5 gear transmission.) Shifting sequence would go 1,2,3,4,4od. The firmware update probably enabled overdrive engagement in the 2nd to lowest gear as well, so you could call it a 5 or 6 gear transmission. The shifting sequence would be 1,2,3,3od,4,4od.

Re:Anybody pine for that golden age

Meh that's why I got a cheap cell phone. I can leave the thing on for 3 weeks (since I almost never use it) before it starts bitching about its battery and it's 2 years old and still 3 weeks before I have to charge.
Now if I use the phone, that's a different story...every hour of talking takes 1/4th of the battery :(

Re:Anybody pine for that golden age

And I'm pointing out that there is verbs that agree with the plurality of your countable noun.

Re:Anybody pine for that golden age

after the plane lands, and you're already in baggage claim before you can finally check your voicemail.

That was a good laugh for me.. It's only 10 years ago that you'd had to find a phonecell to call. If you had small change. Which was in europe even more fun - exchange notes, get small change, and only then call. Makes me smile that you find a phone in your pocket taking 3 minutes to get you connected to 3G (and only because you installed too many apps on it) is a serious concern...

10 years ago I just pulled my cellphone out, pressed power, waited 10 seconds, and made a call. 10 years ago pay phones were already removed from most locations. I haven't had a situation like you described since the mid 90's.

Re:Anybody pine for that golden age

[bhtooefr]

Actually, that's a car analogy that breaks down badly, because while lopping off 120 rows doesn't really make your laptop more efficient, lopping off 3 or 4 seats does make your car a lot more efficient, if the car's laid out right.

(Like, going from the 35-50 mpg of modern small cars to 100-200 mpg.)

Re:Anybody pine for that golden age

[mcgrew]

I've seen plenty of TVs with VCR/DVDs in them.

So have I, and it makes little sense. VCRs and DVDs don't last nearly as long as TVs.

There's no reason a computer need moving parts - typically just optical drives and fans need to move.

And when that fan stops moving, your TV is a doorstop. Low power CPUs? Why would you want a wimpy computer inside your TV when you can have a capable one plugged into it?

Re:Anybody pine for that golden age

No

That era sucked in comparison and current technology is awesome, future technology will be even better.

Re:Anybody pine for that golden age

[Ksevio]

No need to have a super computer built into my TV sucking power when all I need is one good enough to stream video.

Re:Anybody pine for that golden age

[jedidiah]

I have been doing HW accelerated BluRay playback in Linux for 3 or 4 years now. I do this on lowly Atoms because the GPU does all of the work.

"decoding" bluray is not the problem.

Decrypting bluray is the problem.

Ironically enough, if you have enough of a CPU to play back BluRay then you also have a good enough CPU to adequately deal with how terribly horribly bad Flash is at video playback.

You're late to the party.

TVs =/= PCs

[Dreth]

So now that TVs restart, I'm guessing malware isn't far behind?

After all, if you expect to turn every household device into a typical computer, you're also gonna drag the bad things computers have.

Can we 'regedit' tvs so we can use our own splash logos?

Re:TVs =/= PCs

[arth1]

So now that TVs restart, I'm guessing malware isn't far behind?

It's already there. Most TVs these days are infected with the HDCP malware.

Re:TVs =/= PCs

[gstoddart]

Can we 'regedit' tvs so we can use our own splash logos?

Oh, man, combine that with goatse and malware ... imagine the hilarity of your grandmother or someone getting that every time they turn on their TV, or if it *only* shows that. *shudders*

Unfortunately, connecting everything to the internet seems like this is kind of a logical hack to occur. Especially if companies are going to be half assed about validating inputs and the like.

Re:TVs =/= PCs

[ZeroSumHappiness]

Funnier would be if the tv had a ghost image of some shock site. "Dude, I don't see it. You must be nuts. (Or twisted...)"

Re:TVs =/= PCs

[scuzzlebutt]

Goatse is anything but half assed.

Re:TVs =/= PCs

[mcgrew]

Can we 'regedit' tvs so we can use our own splash logos?

God NO! That damned registry is one of the things I hate most about Windows. How about text-based configuration files so we can actually read the damned things, like sane OSes have? Or better yet, don't put computers in TVs? A TV should be nothing more than a tuner and monitor, with inputs for other devices -- like DVDs, BluRays, Computers...

Man, I pity people who have only experienced Windows. You don't know what you're missing.

Re:TVs =/= PCs

[Dreth]

Relax guy, I was only being ironic, considering these things run on anything but Windows. But yeah, I've not the patience or time to migrate to something other than Windows, but a TV would be the last thing I expect to have a friggin' operating system. In the computer sense.

Looking ahead..

[Severus+Snape]

TV's will eventually have cameras in the front, could be a good method of surveillance.

Re:Looking ahead..

[Tastecicles]

ISTR a slashdot article talking about this. Samsung are the bright fuckers pushing it.

Re:Looking ahead..

[gregulator]

You mean like the Kinect? Video and Audio.

Re:Looking ahead..

[Severus+Snape]

Kinect is third party and relies on the Xbox being used I would guess? Makes it a bit more annoying. Anyways, digressing, cameras in TV's must be a wet dream for certain Governments in the west. I mean, the covers are surely going to fall off our lovely democratic capitalist society revealing fascism eventually? Think of them Terorists! You all have the right to your freedom! Some of you may be right in saying I've read Nineteen Eighty-Four too many times.

Re:Looking ahead..

[Severus+Snape]

See my reply to the other guy who replied to my original comment. I'm sure other companies won't be far behind..

TV watches you

In Soviet Russia, TV watches you!

Original article and scope

[enriquevagu]

The vulnerability is originally disclosed here, not in the posted link.

This vulnerability only works from the same broadcast domain where the TV is, since the remote control protocol relies on broadcast messages to announce the service. This means that your TV cannot be cracked from the Internet. Let's hope that Samsung apply a fix soon, in any case.

Re:Original article and scope

[sjames]

So that means you have to infect their PC first and use it to route the hack to their TV.

Or jump on their WiFi.

Re:Original article and scope

A lot of hoops to jump through to find out if they even have a samsung tv

Re:Original article and scope

[sjames]

But just one more item on a checklist of fun to look for if you already exploited the PC.

Re:Original article and scope

[brunes69]

So you have infected and have full control over their PC... and decide to use this power to take over... their Blu-Ray player?

Re:Original article and scope

[sjames]

Kiddiez have used full control of someone's PC for equally silly and prankish purposes before.

Sadly, not a surprise

[dgatwood]

I own two Samsung Blu-Ray players. I'm not surprised by this in the slightest. You can usually judge the security of an app by how reliably it does its intended function, and their Blu-Ray players are anything but reliable. (Their older TVs work well, but I've never used one of their newer, networked TVs, which I'm assuming are as buggy as their Blu-Ray players.)

For example:

• After a firmware update, one player now stalls for half a second at every DVD layer skip.
• The last two Harry Potter movies have audio glitches throughout (on both players, but not on an LG player).
• After a firmware update, the other player how has sporadic problems switching between different types of media, sometimes requiring a power cycle to get it back into operational status.

And so on. In short, Samsung's software quality control appears to be utterly awful. So hearing that they have security holes is almost as surprising as hearing that Flash has security holes....

Re:Sadly, not a surprise

[21mhz]

Somewhat illustratively, one of their best cash cow platforms, Android, is the least tainted by them (still, the drivers... anyone seen the source?). I feel pity for the poor Tizen.

Did you try...

[kiehlster]

This does eliminate the age old IT question, "Did you try turning it off and on again?"

Buffer overflows? install Linux?

Since Buffer overflows and similar flaws are what allow devices like the iPad to be jailbroken...does this mean that I could install Linux on my Samsung TV potentially?

Given that the TVs are running Linux...

[Anaerin]

Why is this such big news? Did you know you can replace the entire firmware inside your TV too? There's already a group working on getting something usable onto Samsung TVs like these: http://www.samygo.tv/

Re:Given that the TVs are running Linux...

Let me scroll around a bit. Dont see the other 2. So thank you for your information...

Re:Given that the TVs are running Linux...

Look harder (hint: clicking a narcissist's name shows their recent posts).

This is the only one of his that is not a reply to someone else's comment, but just because you don't see his Re: Diagnosis or Re: TV links does not mean he hasn't triple-posted.

I see this as an advantage

If that TV is exploitable, I can finally get my neighbors to stop watching Mexican variety shows at full volume at all hours of the night.

Re:I see this as an advantage

[NeverVotedBush]

All TVs with a remote control are exploitable. ;-)

http://www.tvbgone.com/

Already ran into this

[garlicnation]

I was working for a company that was trying to develop an App for Samsung's Internet@TV. Twice we had to get the TV RMAd because we bricked it while messing around with the remote control protocol.

Oh great...

[Tablizer]

fscking reruns

We're safe

Italy is far, far away.

other unintended consequences

[nimbius]

include a reduction in empty consumerism, more time spent with families, a decrease in childhood obesity and a more rational approach to politics.

Obligatory

Get Of My Lawn!!!

Some things ....

[DaMattster]

Just shouldn't be connected to the internet. There is really no good cause to connect your TV or Blu-ray to the internet. Instead, use a purpose built device like an AppleTV. I'll admit, the remote exploit is funny

Why should a TV have a built in computer?

[DickBreath]

Either the computer part should be a replaceable module, or it should be a separate box. (eg, a Google TV box, or an Apple TV box -- not built into the set).

Consider:

• The TV will last you probably ten years
• The computer will be hacked within one year
• The computer will be obsolete within two years
• The servers it phones home to will be gone within four years (eg, Zune, Plays For Sure, etc)

Similarly, a computer monitor should not have a built in computer (or vice versa), unless the computer is a replaceable module. The TV or Monitor still have a lot of lifetime (and economic value) long after the computer is hopelessly obsolete. (Yes, I'm looking at you, iMac integrated computer and monitor. But then Apple products seem to be for people with more money then sense.)


- - - - - - -
All that is necessary for Apple to triumph is for Google men to do nothing.

Re:Why should a TV have a built in computer?

[quacking+duck]

Similarly, a computer monitor should not have a built in computer (or vice versa), unless the computer is a replaceable module. The TV or Monitor still have a lot of lifetime (and economic value) long after the computer is hopelessly obsolete. (Yes, I'm looking at you, iMac integrated computer and monitor. But then Apple products seem to be for people with more money then sense.)

I'm sorry, instead of "iMac" I think you meant to say "laptop computer", which vastly outsell traditional desktop computers these days.

Re:Why should a TV have a built in computer?

At some point the computer in the TV meets all of the necessary feature requirements beyond which there is little to be gained by improving it. We have not reached that point quite yet (mainly since the TVs do not have their own storage and cannot play all formats), but it will be reached in the not too distant future.

Once your TV can play all formats, stream all formats, connect of wifi, connect over bluetooth, take any size of pluggable USB key or hard drive, and maybe even take SD cards, then as far as the TV is concerned, there is little value in further computational power / hardware advancement (outside of display improvements and whatever wonders the future holds). The only remaining issues are compatability with 3rd party services and ease of use. Samsung's smart TVs are surprisingly close to meeting most of these requirements (but the interface leaves something to be desired and feels a bit slow).

Re:Why should a TV have a built in computer?

WTF, are you daft?
He said what he meant to say you ass.
Laptops are integrated for a reason (because it wouldn't be a laptop if you had to fucking find a monitor to plug into) iMacs are integrated for no good reason(its a god-damned desktop) other than making it hard to repair.

Re:Why should a TV have a built in computer?

[DinDaddy]

The TV will last you probably ten years

I will guess you have not bought a new TV in the last several years. The Toshiba CRT TV I bought 10 years ago died before that time had elapsed. I expect even less from the flat panels available today.

Groundhog Day

[hoggoth]

This trick will be great for watching Groundhog Day!

Samsung

[Alsee]

Samsung Means To Come
(Sound Recommended)

-

Re:Samsung

LOL I lost it at:
"Why didn't I learn in school how to come? Is that why so many Koreans study abroad."

and that was like the very beginning, the rest was hilarious too!

Gary Larson

[sycodon]

This has Gary Larson written all over it.

luigi

mario is gonna be so pissed off when he finds out

Well, at least there's an easy fix ...

[tgd]

If you wait a few months, you'll probably have a capacitor die in the power supply and it'll stop rebooting.

supply and demand

[Chirs]

Supply and demand means that TVs will be cheaper than monitors even if you don't use the extra stuff. If you want higher resolution, then you can look at big computer monitors but they're going to be more expensive than a TV of the same size.

I'd love to get a Dell U3011:

30" monitor, IPS, 2560 x 1600
2 HDMI, 2 DVI-D, 1 DisplayPort, 1 VGA, builtin 4-port USB hub and card reader.
Roughly $1000.

for non-techie people

[Chirs]

They want to be able to advertise "with builtin netflix support!". Combine that with the fact that most people can't hook up their own cable box, and you have answered your own question.

Re:for non-techie people

[MobyDisk]

Pretty soon built-in netflix support will be annoying as hell because I'll have 15 ways to watch Netflix on my monitor: built-in monitor, XBOX, PS3, PC, and phone (docked with the TV of course), So when grandma comes over to watch Netflix there will be 15 ways to get to it, all with slightly different UIs, and a different controller for each one.

Dubious at best

[CanHasDIY]

This is why you should always RTFA:

Then after another five seconds, he claims, the TV automaticall restarts. Then the process repeats itself forever, even after unplugging the TV. Eventually, Auriemma managed to reset the TV in service mode.

Boot loops even when disconnected from power?

Either Samsung has secretly perfected OTA power transmission, or this is a load of crap. Then again, the writer refers to a punk kid dicking with his brother's TV as an "Italian security researcher," so I guess I shouldn't be all that surprised.

Re:Dubious at best

[locopuyo]

They probably meant after you unplug it and plug it back in.

Re:Dubious at best

[CanHasDIY]

They probably meant after you unplug it and plug it back in.

Probably, but I'm not the idiot "journalist" who wrote it, so I have to infer what I can from what's written.

Seriously, this was one of the most poorly written pieces I've seen in some time.

And I read Yahoo News with a fair amount of regularity, so that's really saying something.


At least he spelled most of the words right...

Re:Dubious at best

[locopuyo]

Eventually you'll learn not to RTFA.

Re:Dubious at best

[CanHasDIY]

Eventually you'll learn not to RTFA.

Ah.

Mea Culpa.

Re:Dubious at best

[Eponymous+Hero]

you're the only one who misread it. whoosh, sir. whoosh to thee.

Re:Dubious at best

[CanHasDIY]

whoosh, sir. whoosh to thee.

I don't think that means what you think it means.

Also... ever heard of capitalization?

Re:Dubious at best

[Eponymous+Hero]

I don't think that means what you think it means.

yeah, i believe that. you have a track record of misunderstanding the obvious. you get the whoosh because you failed to understand what the writer of TFA meant when he said the endless loop continued after the tv was turned off. only a pure idiot would assume the tv was capable of producing anything without power. no great leap of logic to assume the obvious: the tv was turned back on to reveal the endless loop.

as for capitalization, ever heard of e. e. cummings? my lack of capitals at the start of sentences, or for arbitrary proper names/acronyms, is a stylistic choice that i consciously make, which is also obvious to most people. boy, there's a lot of stuff you just don't get, isn't there? life must be especially difficult for someone as confused as you.

Re:Dubious at best

[CanHasDIY]

Due to lack of sleep, as well as general disinterest in your narcissistic, asshole assumptions, I refer you to the response given in Arkell v Pressdram.

Re:Dubious at best

[Eponymous+Hero]

lol

Re:Dubious at best

[CanHasDIY]

Yea, I love that one. Just aching for a chance to use it IRL...

Anyway, sorry if I've been a dick, man, it's been a long day and I'm way behind on my sleep.

Re:Dubious at best

[Eponymous+Hero]

no problem, dude, i'm a total dick if i'm awake at all! :D really though, i don't even exist, which is great ... so i got that going for me.

mind if i steal that arkell vs pressdram line?

Re:Dubious at best

[CanHasDIY]

Haha, yea, I use the 'non-existent entity' angle quite a bit myself.

mind if i steal that arkell vs pressdram line?

go nuts; it's a good one!

A serious bug

[sjames]

For those who didn't RTFA, each IP based remote has a name string included in the message. If that name contains a linefeed or other invalid character, the TV will go into the endless loop.

It can be recovered by going into "service mode", but apparently Samsung doesn't consider that to be an end-user procedure sinmce incorrect settings enetred there will brick the TV.

no.

[swschrad]

the "internet enabled TV" is another case of "feature phone syndrome." there are no "features" because it's all a walled garden of the Telco's choosing, and everything is another ten bucks a month, forever.

my year-old Samsung LCD is slaved to Yahoo TV streaming. hooo-kay, and if it would have said "Won Hyuk Yuk Yuk" it would make no difference. generic Brand X, forget it.

I haven't plugged into the router because if there are no updates per the web site, and no streaming services to be using, the only thing left for the TV to become is a bot for some murderous spam king. and I want to watch TV on it.

pah. stupid marketers.

This is great news!

Now there will be something good to watch on TV.

why can't they hack cable / sat box for Free HBO?

why can't they hack cable / sat box for Free HBO now that will be fun and maybe force the cable co's to update there POS software.

+9 Standing Ovulation

If you're broke like me, you're still living in the golden age.

For the first time in close to 15 years of daily Slashdot "reading" I not only laughed out loud when I read a comment, but I applauded at the same time.

I would have given you +10 if I'd spit coffee out my nose (which would have been really weird, since I haven't had coffee for over 10 days).

FTFA : WiFi only ; S.E.P.

[RockDoctor]

FTFA :

To exploit Auriemmaâ(TM)s vulnerabilities requires only that the devices are connected to a wi-fi network.

So, it's not a little problem, and it's not a big problem ; it's that best of classes of problem, Someone Else's Problem.

Unless, of course, you've got a TV with WiFi.