Forgot your password?
typodupeerror
Google Privacy Security Television Your Rights Online

Zero Day Hole In Samsung Smart TVs Could Have TV Watching You 249

Posted by Unknown Lamer
from the put-some-pants-on-man dept.
chicksdaddy writes with news of a remote exploit in Samsung Smart TVs, and a warning for those who got one with a built-in camera. From the article: "The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners' social media credentials and even to spy on those watching the TV using built-in video cameras and microphones. In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ('zero day') hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set."
This discussion has been archived. No new comments can be posted.

Zero Day Hole In Samsung Smart TVs Could Have TV Watching You

Comments Filter:
  • by tepples (727027) <tepples AT gmail DOT com> on Wednesday December 12, 2012 @12:47PM (#42261811) Homepage Journal
    Unfortunately for people trying to make a "TV watches YOU!" joke, the firm disclosing this vulnerability is based in Malta, not ex-Soviet Russia.
  • Call me dumb but (Score:2, Interesting)

    by fnj (64210)

    Why in the name of god would any TV have a camera and/or a microphone?

  • by Anonymous Coward

    Samdung has intentionally put this "feature" into the idiot boxes commonly known as TVs. They want to track the sheeple to sell to advertisers so they can eventually receive a larger profit. Capitalism is all about maximizing profit at the expense of the weak. The solution to all of this is simple, communism. Since there is no profit involved in communism there is no motive for spyware to be added to anything.

  • by nimbius (983462) on Wednesday December 12, 2012 @01:04PM (#42262135) Homepage
    this morning for the bug experienced by Samsung smart tv users.

    it requires some [intertapepolymer.com] DiY work so if you are inexperienced, consider getting a friend to help. to my knowledge it does not void the warranty.
  • Is this a feature brought to us by the wonderful engineers at the NSA?

  • by Bongo (13261) on Wednesday December 12, 2012 @01:11PM (#42262241)

    Adama snarls "There will be no networked computers on this ship while I'm still in command" or words to that effect

  • by big_e_1977 (2012512) on Wednesday December 12, 2012 @01:21PM (#42262399)
    Once next years model comes out, firmware updates slow down and eventually cease. Then your smart TV will no longer receive any bug fixes, security updates or enhancements. Compare that to an external device like a Roku that is typically supported for years at a time. When it becomes hopelessly obsolete, you swap the out the box for less than a hundred dollars and have the latest and greatest again. In the future and we will have the same situation as the rootable Samsung printers. Someone will discover a serious exploit that won't be patched because all those products are at EOL.
  • by macromorgan (2020426) on Wednesday December 12, 2012 @01:23PM (#42262431)
    Just give me a basic 42-50 inch monitor with speakers, a few HDMI ports and an ATSC tuner. If I want internet functionality, video conferencing or other features, I'll get my own add-on box. And when the software is no longer supported (what makes you think these TV manufacturers want to support this stuff for long), I can dump the box and get a newer one for much less than the cost of a brand new "smart" TV. To me, the only truly smart TV is one that divorces the advanced functionality from the TV.
    • Just give me a basic 42-50 inch monitor with speakers, a few HDMI ports and an ATSC tuner.

      This, this, this.

      Hell, you can even keep the crappy speakers, I have surround sound.

      • And you can keep the ATSC tuner, as well. I just want what amounts to a gigantic computer monitor.

    • by gstoddart (321705)

      Just give me a basic 42-50 inch monitor with speakers, a few HDMI ports and an ATSC tuner

      Completely agreed. For the last 10 years or so, my 'TV' is basically functioning as a dumb monitor.

      The speakers are permanently muted, and it's just displaying whatever my amplifier is telling it to. It doesn't change channels, it just displays an image as sent to it via a single HDMI cable.

      It's not downloading from netflix, it's not getting me weather updates, and I'm not surfing the web with it. I simply don't see

    • by sootman (158191)

      To this I would add: act as a pure computer monitor. When I hook up a computer to a TV via a DVI-to-HDMI cable and it looks like crap because of overscan [dreamwidth.org] I get all stabby.

      But other than that, yeah, make it as dumb as possible. My parents' TVs lasted DECADES. I don't want to have to get a new one every five years because DivX/Zune Store/PlaysForSure*/Hulu/Netflix is gone.

      * best. name. ever.

    • by Hatta (162192)

      Skip the speakers and the tuner. I can put a tuner in my PC, and I can hook my HiFi up to my sound card with SPDIF. Hell, you can skip the HDMI and just use DVI for all I care.

    • by sdnoob (917382)

      i miss the days when a TV was just a TV, and phones were just phones (and cars were just cars..... etc etc etc)

    • by Solandri (704621)
      The problem is the remote. Setting up an add-on HTPC, adding a USB IR remote receiver, then programming a universal remote to operate both it and the TV (and your blu-ray player and cable box) is no problem for tech people like you and me. But the preceding sentence is utter gibberish to the vast majority of people. So a Smart TV which combines the TV with networked HTPC out of the box is attractive to those folks.

      In a way, it makes sense. If you take apart a rear projection or LCD HDTV, you'll find
    • by tatman (1076111)
      make that two.
    • I don't remember seeing your earlier post the first time around, but coincidentally I was in the electronics store just yesterday, and I saw one of these Samsung TVs with the marketing junk covered with stuff about the integrated camera/mic. I actually joked with the guy from the store that Samsung had imported someone from north of the border who still thought 1984 was a reference manual. And then today I log onto Slashdot and find this...

  • by gstoddart (321705) on Wednesday December 12, 2012 @01:32PM (#42262599) Homepage

    I've always been leery about everything wanting to have internet access.

    Partly because I don't see any benefit from the features of having my TV connect to the internet, and partly because I don't trust that vendors have any clue about security.

    If you're going to run things like this, you should definitely have a firewall to keep the outside world at bay. The fact that Samsung has no fix for this tells me there's probably loads of devices like this which will prove to be insecure.

    I've never even plugged my Blu Ray player into the network, and I'm getting close to the point of disconnecting my XBox from the network because I don't use any of the on-line features and the ads which have started showing up in games is annoying.

    If you need an internet connection for me to play a game on a console ... well, I simply won't buy your product. And I didn't buy the box to be marketed to.

    • by Sun.Jedi (1280674)
      I want for mod points.
    • by dkleinsc (563838)

      To give an idea of how ridiculous this is, there are currently web-enabled toasters that allow you to take an image off the Internet and burn it into a piece of toast. I'm glad that I'm not the only one thinking "Why would you ever remotely want to do that?" rather than "Cool, I can put pictures on toast!"

      • by gstoddart (321705)

        LOL, but if you burn an image of Jesus or The Virgin Mary [bbc.co.uk] onto toast you can sell it for a fortune, right?

        But, yes, a web-enabled toaster sounds monumentally pointless. As would a fridge, a toilet, a chair, or my stove.

        At a certain point, this is just adding internet support for the sake of saying you have it. I'm sure someone out there is going "ZOMG, but it's an internet enabled toaster", and they can spend their money on it -- I on the other hand will stick with the boring old toaster I have now, it ev

  • Seriously, how long will it be before we hear of lawsuit that someone's activities on a couch were recorded and posted on internet through this security hole in the TV?
  • Do NOT buy so-called "Smart" TVs. Do you really think this is a "security flaw"? It's a FEATURE, designed to be used by corporations and governments. It just so happened that someone stumbled on it, so they're calling it a "bug".

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...