Slashdot Mirror
Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps
chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."
Samsung isn't stupid....either worry about seminar hack-trolls or patent trolls. In the end, what counts is staying in the public's mind. Mission accomplished, I'd say. Wash, rinse, repeat.
... the telescreen watches you.
I have two Sam'sDung SmartTVs. Yes, all these TVs are glorified Linux boxes running a badly collected series of apps. There is little to integration. Some won't accept keyboard input while other do. You either watch TV or run an App. Most apps are poor. The browser won't run most web pages and crashes. Yes, crashes. In this day in age it is hard to believe in your browser crashing nearly every time you try to use it.
As for security, I no longer use any of the apps as none are worth anything. Netflix is okay but not great but since I've gone back to DVDs from streaming I am blocking the ports (6000 mainly and I forget if another is in use) to stop the TV from phoning home every time it is turned on.
I blocked the ports because my firewall was showing connections to my LAN from very strange locations; Brazil, Japan, Russia. The problem is that Samsung's 'partners' are unknown to me and I'm sure it is these apps that doing the calling out. Who knows who wrote them, what is in them, and what they can really do.
The TV isn't bad when hooked up to my modified version of the PS3 media server project.
Thanks to bad headline choices you all missed the point. Samsung provided a ripe platform for hacking and development by making root easy (just like with their smart phones).
Shut up and get to work porting XBMC to it already.
Since they have a range of voip phones that crash if you do a simple portscan and they still sell phone switchboard systems that by default can be accessed by telnet with no password I disagree.
There are enough people in that place that do not care about computer security that it comes as no surprise that another wide open box has come out of there. Don't get me wrong, they do have some good stuff, but there's a lack of oversight and if the guys at the bottom of the tree don't care about something there's nobody giving them orders to care.