Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps

Posted by Soulskill on from the for-sufficiently-dumb-values-of-smart dept.

chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."

8 of 166 comments (clear)

  1. Smart is as smart does by djupedal · · Score: 4, Insightful

    Samsung isn't stupid....either worry about seminar hack-trolls or patent trolls. In the end, what counts is staying in the public's mind. Mission accomplished, I'd say. Wash, rinse, repeat.

    1. Re:Smart is as smart does by jedidiah · · Score: 2, Insightful

      Much like modern Windows, the problem isn't so much the kernel but the really retarded user land stuff. It doesn't matter if you are running VMS or Unix if you insist on engaging on Microsoft style stupidity with your apps.

      --
      A Pirate and a Puritan look the same on a balance sheet.
    2. Re:Smart is as smart does by icebike · · Score: 4, Insightful

      Retarded is buying a camera in your TV and only THEN worrying about privacy.

      --
      Sig Battery depleted. Reverting to safe mode.
  2. 1984 has finally arrived ... by cascadingstylesheet · · Score: 5, Insightful

    ... the telescreen watches you.

  3. Re: Yep. by OverlordQ · · Score: 4, Insightful

    Real nerds wouldn't buy a smart tv since all those apps are outdated as soon as you buy it, rarely get updated, and have limited functionality. Real nerds would build a HTPC.

    --
    Your hair look like poop, Bob! - Wanker.
  4. You all missed the point by aaronb1138 · · Score: 5, Insightful

    Thanks to bad headline choices you all missed the point. Samsung provided a ripe platform for hacking and development by making root easy (just like with their smart phones).

    Shut up and get to work porting XBMC to it already.

  5. Incredibly stupid is as stupid does by dbIII · · Score: 5, Insightful

    Samsung isn't stupid

    Since they have a range of voip phones that crash if you do a simple portscan and they still sell phone switchboard systems that by default can be accessed by telnet with no password I disagree.

    There are enough people in that place that do not care about computer security that it comes as no surprise that another wide open box has come out of there. Don't get me wrong, they do have some good stuff, but there's a lack of oversight and if the guys at the bottom of the tree don't care about something there's nobody giving them orders to care.

    1. Re:Incredibly stupid is as stupid does by Anonymous Coward · · Score: 2, Insightful

      Freemarket is perfect! /sarc

      We need some regulations about not following basic industry standards. Telnet access with no password? That's a fine and people can sue you if they get exploited from the issue.