It turns out that some smart TVs are a little too smart for their own good–and the good of users. Some specific models of Samsung TVs that have Wi-Fi and other advanced capabilities have a flaw that enables an attacker to take a variety of actions on the TV, including accessing potentially sensitive data, remote files and information, the drive image and eventually gain root access to the device.

The issue affects many Samsung TVs, and the researcher who discovered the problem found that he could remotely access the remote control for the TV, retrieve files located on any USB drive attached to the TV and even install malicious software on the TV. Samsung produces a line TVs that have a variety of advanced capabilities, including the ability install apps such as Pandora, Skype and others. The TVs can be controlled by voice commands and by apps running on some Samsung phones and tablets. 

And now, they also can be controlled by attackers.

Luigi Auriemma, one of the founders of ReVuln, a security consultancy and research firm that discovers and sells zero-day vulnerabilities, found that the flaw in the Samsung smart TVs can be leveraged for a variety of different actions, most notably to gain root access to the vulnerable TV. ReVuln, as a matter of policy, doesn’t disclose vulnerabilities to vendors, but the company posted a video demonstration of the exploit for the Samsung TVs in action.

This is not the first time that Auriemma has taken aim at TVs. Earlier this year, he was looking for a way to reprogram the remote control for his brother’s Samsung TV when he stumbled upon a bug that enabled him to cause the TV to restart endlessly. That Samsung TV flaw was also present in some Blu-Ray players and Auriemma said that he was able to cause the endless restart loop in that case by altering a field in a packet sent by a remote control to the TV.

“This one is a new undisclosed one found with and for my ReVuln company that allows access to files and partitions available on the TV from remote,” Auriemma said via email.

“The video shows also a couple of scenarios in which is possible to abuse of such vulnerability for stealing sensitive information or controlling the TV (with the possibility of installing malicious software on it using some features of Smart TVs).”

In the video demonstration of the latest flaw in the smart TVs, Auriemma is able to remotely access and modify files on the TV or attached USB drives, access the drive image for the TV and even access and modify the configuration information for the TV’s remote control.

Smart TVs recently have begun showing up in large numbers in the U.S. market, as manufacturers try to bridge the gap between the Web and home entertainment one more time. They offer consumers the ability to mix Web-based content (or what’s usually thought of as Web content) such as apps and news content with normal TV programming and video streaming. This has been tried in a variety of forms over the last 10 years, and rarely with any success. But the emergence of app-focused devices such as smartphones and tablets have made the idea of accessing this kind of content on other devices such as TVs less jarring for users.

Auriemma said the best option for owners of vulnerable Samsung TVs is to disable the online functionality.

ReVuln – The TV is watching you from ReVuln on Vimeo.

Categories: Hacks, Videos, Vulnerabilities

Comments (8)

  1. Anonymous

    Not surprising.  Samsung’s software is horribly programmed and buggy.  Just today I discovered that their AllShare server software is using non-standard low-level disk I-O routines that could lead ( IMHO) to a hack.  I’m still investigating it but do not compress your disk drives/folders or AllShare won’t work at all.

  2. Doppio

    I consider this a feature, since there’s hardly any information on the TV worth stealing, and I am curious about hacking my TV and using it’s full potential. Those who aren’t interested in expanding the TV’s capabilities can continue using whatever experience is being served to them, or why not even just stick to dumb TVs.

  3. Anonymous

    This article says that the TVs accept voice commands and can be hacked remotely. Was it tested whether the remote attacker can listen in to conversations around such a TV? I wonder if such an Orwellian feature would be a goal of the design from the beginning.

  4. Impaler

       I contacted Samsung support and asked about this issue and they said that since I have a “2012” model I would not be affected by this exploit.

    This article also makes no mention as to whether or not the remote attacker would need to break past your router/firewall first.

    Im sure the exploit can be done easily if the attacker has local access…

  5. Anonymous

    You need to first get thru your firewall. If that happens then you have other issue on your own network to worry about. 

  6. Anonymous

    Breaking past the firewall is a non-issue. Samsung’s TVs all connect to a fixed list of servers on the internet. All a potential cracker needs to do is MITM one of these connections, or even just arp poison your firewall and freely pwn the tv from there.

  7. Anonymous

    This is totally not true. Nobody demonstrated such bug (even after patches) and the bug was possible “remotely” only in a “researcher” LAN. Not a real situation.

Comments are closed.