Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps

chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."

Re:To bad cable card failed and there has been lit

[spire3661]

My Win7, 6 tuner CableCARD setup says LOL

Re:Yep.

[symbolset]

Samsung is a global conglomerate that makes 750 models of Android smartphone - and each model can have several variants. I believe they have a few feature phones too. Each is targeted at a different consumer. Some are for the most price sensitive, some the most demanding of cutting edge features, some for those who crave only the most open phone. If you want to be helpful maybe you could mention the specific model that raised your ire? And then maybe the selection criteria and buying process that led to you buying it without knowing if it would meet your needs. As far as I know they've got the variety thing well covered and I'm curious as to why you think if you bought the wrong phone for you it was their fault. Did a Samsung employee sell it to you directly or were you assisted by a retailer or carrier? Did you not consider the rich buffet of options of all brands, models, features, carriers and plan options before you and make a considered and informed choice? Whose fault is that?

Re:Smart is as smart does

[AmiMoJo]

I worry that it will become hard to buy one without a camera in a few years. Look at laptops, most have a built in webcam now. Years ago when I worked in a computer shop I saw a lot with tape over the camera, and sometimes offered to disconnect the camera and microphone internally while doing other work. Most are just USB cameras and two wire button mics that can be unplugged.

Re:Incredibly stupid is as stupid does

[i.r.id10t]

they still sell phone switchboard systems that by default can be accessed by telnet with no password I disagree.

Not sure how I feel about this. Is no password better than "admin" or "password" or "1234" for the default password? Lets face it, each device that ships is going to have a default way of accessing it for configuration.... The problem really lies with the people that *leave* it at that configuration.