I’ve been following this story regarding the vulnerability in Samsung’s Smart TVs over the past week… Basically someone could remotely access your TV via port 80 to perform a number of nefarious activities (e.g., controlling the TV a la a virtual remote control, watching you watch TV, and accessing data on an attached USB drive). Although this is an awesome find, I tend to look at things from more of a risk perspective.
Yeah, huge hole that leads to a vulnerability… And with countless thousands of pros and kiddies alike scanning the Internet for any opportunistic targets they can find, there’s a definite threat. Impact is a bit more tricky as in most cases it wouldn’t be that big of a deal but in a few situations impact could be significant (e.g., having an intimate moment with your partner while watching a movie). So putting all this together you could say that there’s probably a medium risk associated with this whole Samsung Smart TV thing to start out with.
What can we do to mitigate this risk though? Well … almost all ISPs provide their customers some type of unified firewall/NAT/access point. By default most of these devices don’t advertise any services to the Internet. So you have a control in place that basically thwarts any threats and thus lowers the risk associated with this vulnerability to almost zero.
So in summary … yeah the vulnerability is bad and Samsung needs to fix it … but overall … “move along … nothing to see here.”
Samsung’s Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
Malta-based security start-up ReVuln claims to have discovered a zero-day vulnerability affecting Smart TV, in particularly a Samsung TV LED 3D.
Smart TV can be used to browse the internet, use social networks, purchase movies and perform many other functions. A demo video produced by ReVuln shows how a “vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device,” according to Luigi Auriemma of ReVuln. Exploits developed by ReVuln appear to allow it to access remote files and information (including viewing history) as well as the ability to siphon off data on USB drives attached to a compromised TV.
“This specific vulnerability affects almost all the Samsung televisions of the latest generations, so multiple models,” Auriemma told El Reg.
“We plan to invest more time and effort on the home devices security in the near future testing the products of many other vendors (we chose Samsung because it’s the current market leader in this sector) and moreover finding new types of attacks and ways to use such vulnerabilities. The televisions are just the beginning,” he added.
Do you think this vulnerability is worth getting all in a big fuss about? Let us know in the comments below. Today’s post pic is from BetaBeat.com. See ya!