{"id":22295,"date":"2012-12-29T18:25:32","date_gmt":"2012-12-29T23:25:32","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-07-29T12:45:30","modified_gmt":"2021-07-29T16:45:30","slug":"smart-tvs-dumb-security","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/smart-tvs-dumb-security\/","title":{"rendered":"Smart TVs Dumb Security"},"content":{"rendered":"

\"SmartWhen a device gets connected to the web without any security it leaves the users vulnerable<\/strong>. This is a trend as the Internet of Things<\/strong><\/a> evolves. In this case, Samsung Smart TVs seem to have no security, a dumb TV. <\/em>Dailywireless.org<\/a><\/i> reports<\/a> that 40% of Americans have connected their TV to the Internet.<\/p>\n

\"Samsung<\/a>At the same time, The Security Ledger<\/i><\/a> is reporting that a “Security Hole in Samsung Smart TVs Could Allow Remote Spying<\/a>.” The Malta-based firm ReVuln<\/a>, says it has uncovered a remotely exploitable security hole<\/strong> in Samsung Smart TVs<\/strong>. If left unpatched, the vulnerability could allow hackers to make off with owners\u2019 social media credentials. <\/strong>Attackers could also spy on those watching the TV using compatible video cameras and microphones.<\/p>\n

ReVuln is a security research firm that offers information on security holes it discovers only to subscribers. However, it did confirm the previously unknown (\u201czero-day<\/strong>\u201d) hole with Security Ledger. <\/i>The zero-day affects\u00a0Samsung Electronics Co.<\/a> (005930<\/a>) Smart TVs <\/a>running the latest version of the company\u2019s Linux-based<\/strong> firmware. It could give an attacker the ability to get access to any file<\/strong> on the remote device, As vulnerable are external devices<\/strong> (such as USB drives) connected to the TV.<\/p>\n

In an Orwellian twist, the hole could be used to use cameras and microphones attached<\/strong> to the Smart TVs. Granting remote attackers the ability to spy on those viewing a compromised set. Luigi Auriemma of ReVuln told<\/a> ComputerWorld<\/i><\/a> via email, “If the attacker has full control of the TV … then he can do everything like stealing accounts to the worst scenario of using the integrated webcam and microphone to ‘watch’ the victim.<\/em>”<\/p>\n

\"Dumb<\/a>Security Ledger <\/i>says that the Smart TVs offer no native security features<\/strong>, such as a firewall, user authentication, or application whitelisting. More critically: there is no independent\u00a0<\/strong>software update capability, Which means that, barring a firmware update from Samsung<\/strong>, the exploitable hole can\u2019t be patched without \u201cvoiding the device\u2019s warranty and using other exploits,<\/em>\u201d ReVuln said.<\/p>\n

The company posted a video<\/a> of an attack on a Samsung TV LED 3D\u00a0Smart TV<\/a> online. It shows an attacker gaining shell access to the TV. Copying the contents of its hard drive to an external device and mounting them on a local drive. This gave them access to photos, documents, and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.<\/p>\n

rb-<\/em><\/strong><\/p>\n

\"DIY<\/a>There is no patch for people. Until there is, Smart TV users will have to wait for Samsung to fix this huge security hole or fix it for themselves and risk voiding their warranty. Smart TV with a complete lack of security features, Smart TV Dumb Security.<\/em><\/p>\n

Related articles<\/h6>\n