Researcher Causes Endless Restart Loop on Samsung TVs

Italian security researcher Luigi Auriemma was trying to play a trick on his brother when he accidentally discovered two vulnerabilities in all current versions of Samsung TVs and Blu-Ray systems that could allow an attacker to gain remote access to those devices.

Italian security researcher Luigi Auriemma was trying to play a trick on his brother when he accidentally discovered two vulnerabilities in all current versions of Samsung TVs and Blu-Ray systems that could allow an attacker to gain remote access to those devices.

Auriemma claims that the vulnerabilities will affect all Samsung devices with support for remote controllers, and that the vulnerable protocol is on both TVs and Blu-Ray enabled devices.

One of the bugs leads to a loop of endless restarts while the other could cause a potential buffer overflow.

Auriemma discovered the issues accidentally. He told Threatpost via email that he was trying to play a trick on his brother. He only wanted to send a remote controller request with a funny message, but he ended up nearly destroying the TV.

To exploit Auriemma’s vulnerabilities requires only that the devices are connected to a wi-fi network.

As background, Auriemma explains that when the device receives a controller packet it displays message informing users that a new ‘remote’ has been detected, and prompts the user to ‘allow’ or ‘deny’ access. Included with this remote packet is a string field used for the name of device. Auriemma found that if he altered the name string to contain line feed and other invalid characters, the device would enter an endless loop.

Auriemma claims that nothing really happens for the first five seconds, but then he lost control of the TV, both manually on the control panel and with the remote. Then after another five seconds, he claims, the TV automaticall restarts. Then the process repeats itself forever, even after unplugging the TV. Eventually, Auriemma managed to reset the TV in service mode. He writes that users can avoid the situation altogether by hitting ‘exit’ when prompted to ‘allow’ or ‘deny’ the new remote device.

As for the buffer overflow, Auriemma determined that he could crash devices by setting the MAC address to a long string. He is only guessing that this is a buffer overflow vulnerability, and he told Threatpost via email that the vulnerability would be much more “attractive” if it was in fact a buffer overflow vulnerability.

“The bugs have been tested on a d6000 and d6050 TV, but it’s highly possible that many of the Samsung devices supporting this protocol are vulnerable because d6xxx is a recent TV and usually these ‘core’ components are like libraries shared with other devices that make use of the same protocol,” he said via email.

Auriemma claims there is no fix for these bugs because he was unable to report the bugs to Samsung. He has also received no word from Samsung. He claims that Samsung doesn’t even have a channel through which to report these types of bugs.

Suggested articles

Discussion

  • Bruce H McIntosh on

    All of a sudden replacing my old-faithful Sony rear-projector with one of those spiffy new Samsung panels doens't look like such a good idea.

  • Anonymous on

    I'm not surprise - Samsung has no real software test group to test out their software release.

  • Anonymous on

    I've been emailing and calling samsung regularly for 3 years trying to get an audio-related firmware bug fix (one that can destroy audio equipment when you turn the tv on if not careful!).  So far, nothing.  No response at all, ever.  When I call the Samsung rep swears they will investigate and get back to me, they never do.  Bottom line: Samsung have the worst customer service around, to the point of being 100% non-existant.  Avoid them at all costs if you care about such things.  I sure won't ever buy another Samsung tv.

  • Cyclone on

    Ugh,  I read this knowing that I picked up a Samsung TV and BR disk player late last year.  Both are working great and I'm very satisfied with their performance.

    I do have both connected to my home network.  The BR player has Netflix and some other cool 'Smart Hub' apps, so that works pretty good.  I opted for the cheaper TV that does not include 'Smart Hub' (why bother when the BR player has it built in?).   But I actually have zero fear of being struck down by anyone exploiting this bug.

    First they would have to actually gain access to my network.  So they'd have to get past my firewall.  Then they would have to actually detect my Samsung equipment.  Finally, they'd have to go through the effort of writing exploit tools just for the shear sake of making my TV and BRD player act up.   I would like to think that they would at some point think to themselves, Hey lets go mess around with his infinitely more interesting PCs rather than put his TV into foobar mode. 

     

  • Anonymous on

    And Samsung's Android 10.5 device also had a fundemental flaw after a recent firmware upgrade...throwing the entire unit into an endless loop...which could only be repaired by returning the pad to Samsung. No other fix available. Astonishing way to run a business.  Astonishing way to build a product... where it can't be reset out of the endless software reboot loop. They need serious grownups testing their products...

  • Hate Samsung Galaxy W on

    And add to that:

    My Samsung Galaxy W smart phone was doing the basically the same thing.

    It was restarting every hour or so. I got that replaced with another brand new one.

    That one the soft keys failed.

    Now I'm on the 3rd Galaxy W unit Let hope it doesnt do anything stupid.

    BTW I'm with VodaFail.

     

  • Anonymous on

    This happened to my tv, some months ago. I still have the tv. so will try to fix it, thanks so much.

  • Anonymous on

    hmm, conversation doesn't appear to be threaded - my explanation is in response to Cyclone's post.

  • Anonymous on

    Aounds like its time Samsung its swan song.

  • Anonymous on

    Would this also apply to wifi sets Samsung makes for other brands...

  • Anonymous on

    Samsung are too busy trying to out-do Apple with their new products to be interested in their old products.

  • Anonymous on

    Yeah, americans discover this, they doscover that, they find this fault, that fault, an endless loop of idiots who dont have anything better to do in their life rather than waste it scooping for mistakes on products.... how about you schmucks there try spending your time doing something constructive, like get an education, or plant a tree, or even dig a cave and then go and live in it.... morons...!!! This reminds me of why the Columbia and Challenger didnt fail....Billions of dollars wasted on something that blew up and killed so many people... at least a tv doesnt cost much and it dont kill anyone... if NASA couldnt get it right on a multi billion dollar product, why do u expect a few hundred dollars worth of a tv to be perfect ??? get a life people...
  • Anonymous on

    Glad i read this, was working on the packet the other day trying to control my tv

  • Anonymous on

    The information is very interesting with great pleasure i read your blog.Its really nice and interesting.I recently came across your blog and have been reading along.I think i would leave my first comment but don't know what to say except that I have enjoyed reading.And its a nice blog.I will keep visiting this blog very often.

    Samrx

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.