RSS
Smart TV Exploit Means Hackers Can Watch You Watch TV
from the i-spy-with-my-little-eye dept
Remember all the hubbub (now there's a word I never thought I'd use; thanks a lot, aging process) over Comcast's kind of, maybe plan to spy on subscribers through their cable box as they watch TV, fold their laundry, or engage in coitus? There was quite an outcry at the time, even as Comcast said that the plan was only to have the cameras be able to recognize when different types or numbers of people were watching the tube. People just didn't feel comfortable with corporations being able to spy on them. As a result, Comcast backed away from the plan -- the people had defeated the corporation.
All, apparently, so that hackers could spy on them instead. At least, that's what some reports are saying about Samsung Smart TVs and an exploit that would allow hackers to snatch social media credentials, access any files or devices connected to the smart TV...oh, and to use the built in cameras to spy the hell out of people as they do whatever they do while watching television.
Even more fun, thanks to how Samsung designed the product, chances are any fix that could be produced would be difficult to implement.
All, apparently, so that hackers could spy on them instead. At least, that's what some reports are saying about Samsung Smart TVs and an exploit that would allow hackers to snatch social media credentials, access any files or devices connected to the smart TV...oh, and to use the built in cameras to spy the hell out of people as they do whatever they do while watching television.
In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ("zero day") hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.The group that reportedly discovered the vulnerability, ReVuln, proudly stated that they would not publish any information about what they'd uncovered except to paying subscribers because screw everyone else (not an actual quote). They also have a company policy, apparently, that would prevent them from working with Samsung directly on a fix or even to disclose the hole, leading me to reach the logical conclusion that Dr. Evil is apparently running that company.
Even more fun, thanks to how Samsung designed the product, chances are any fix that could be produced would be difficult to implement.
Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can't be patched without "voiding the device's warranty and using other exploits," ReVuln said.In other words, customers get to wait around until Samsung can figure this thing out on their own, since ReVuln won't help them out by company policy, or risk voiding their warranty on their smart TV that has a complete lack of security features. Nicely done, everyone involved.
The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.
I have a business...
Why and How Developers Use Mobile Payments: Infographic
The Future Of Commerce Will Combine Your Social Network And Mobile Device
I’m looking for research...
The Growing App Market
Apps, Platforms, Consumer Use
I’m looking for policy...
Jon Potter: Software Patent Trolls Can Be Stopped By U.S. Patent Office And Congress
Application Developers Alliance Applauds Schumer Plan To Introduce Patent Legislation
Reader Comments (rss)
You watch TV, but in Soviet Russia TV watches you!
(Flattened / Threaded)
And the fix:
[ reply to this | link to this | view in thread ]
Re: And the fix:
[ reply to this | link to this | view in thread ]
I can see you....
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
Re: Re: And the fix:
[ reply to this | link to this | view in thread ]
As they say in Malta, "Il-hovercraft tiegħi hu mimli sallur!"
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Who didn't see this coming?
However I do see a great creeper business opportunity here ... setup a website where you can watch a random person watching TV. The ultimate in reality television.
[ reply to this | link to this | view in thread ]
Re: Re:
That's valuable marketing information!
[ reply to this | link to this | view in thread ]
This is just one more example of why targeted ads are such a bad idea. There seems to be no bottom of the barrel too low to stoop to when it comes to money and commercials. Privacy is the first thing to fall. We've tons of examples where to ad companies targeted ars are their wet dream. They tend to act like just everyone is dying to access their latest dumb ideas.
Here's one that doesn't want ads, doesn't have to have them, can't see where anything is cheaper because of them. I recall not one single time when some company said you don't owe us this month because ads are paying for it.
Not one solitary time.
[ reply to this | link to this | view in thread ]
You watch TV, but in Soviet Russia TV watches you!
[ reply to this | link to this | view in thread ]
"Smart TV's: Not such a smart idea after all."
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
I'm sorry, what exactly is this company's business plan? Find vulns and convince others that they should become "subscribers" so they know what they are?
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
Re:
Selling to black hats in Eastern Europe, of course...
[ reply to this | link to this | view in thread ]
Re: Re: Re:
[ reply to this | link to this | view in thread ]
Intead of using government resources to stop this stuff, throught software security awareness, they'd rather install their own backdoors
Oh rejoice the voyeurs of the world
[ reply to this | link to this | view in thread ]
One, you get no choice in the matter, and the other you............oh wait......never mind
[ reply to this | link to this | view in thread ]
Silly me, im sure there is accountability for this very thing, i mean its so obvious that i should just assume that it is........oh my government, how much like a warm blanket you are before the winter hits
[ reply to this | link to this | view in thread ]
Silly me, im sure there is accountability for this very thing, i mean its so obvious that i should just assume that it is........oh my government, how much like a warm blanket you are before the winter hits
[ reply to this | link to this | view in thread ]
Silly me, im sure there is accountability for this very thing, i mean its so obvious that i should just assume that it is........oh my government, how much like a warm blanket you are before the winter hits
[ reply to this | link to this | view in thread ]
Silly me, im sure there is accountability for this very thing, i mean its so obvious that i should just assume that it is........oh my government, how much like a warm blanket you are before the winter hits
[ reply to this | link to this | view in thread ]
Silly me, im sure there is accountability for this very thing, i mean its so obvious that i should just assume that it is........oh my government, how much like a warm blanket you are before the winter hits
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re:
No way will you ever see a TV w/ Cam & Mike here...............and if the day comes when that is the only way to get a TV then I will violate the Warranty to make sure it never will work.
[ reply to this | link to this | view in thread ]
One is not like the other
[ reply to this | link to this | view in thread ]
I'm baffled some people would be so naive as to think those TVs are safe, but I guess a lot of folk just haven't received proper education about computers and the web.
[ reply to this | link to this | view in thread ]
Re:
No bluetooth, no wifi, no cables
Only worrying about the more easier to identify, human "physical" element
Who writes these damn cybersecurity bills
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
If the TV was based on true open source linux with a user friendly shell, with a usable USB port, a solution would likely be available in days for a moderately tech smart user. These are becoming more common as time goes by, as the old in mind die off!
Don't yell at me for being ageist, I am a senior.
[ reply to this | link to this | view in thread ]
The groups that fluff their chest and make a deal out of it, I don't worry about too much - it's those that don't say anything about what they are hacking into - those worry me.
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re:
AT&T was the most recent posted here on Techdirt.
What about American Express' approach to security holes?
What about students who find security holes and then charged with a crime.
There are more and more and more stories about people getting negative reactions by identifying security holes than getting good reactions from companies who wish to fix them instead of burying their collective heads in the sand. Sad but true, I would not tell them either.
[ reply to this | link to this | view in thread ]
uhh install a firewall/router??
From the video of the exploit on the linked article it looks like they need direct IP access to said tv to exploit it...
[ reply to this | link to this | view in thread ]
Re:
*waits*
[ reply to this | link to this | view in thread ]
not that exciting really
Saying that I still put some tape over my camera and make sure the xbox is switched off.especially if I am going to have sex.
[ reply to this | link to this | view in thread ]
Re: Re:
[ reply to this | link to this | view in thread ]
Re: Re:
[ reply to this | link to this | view in thread ]
agree
Only question is...... What is the text to search for on google, to access the camera on your TV ?
People should be fucking mad about this.
Really fucking mad.
Samsung should know better.
To prove a point of why Samsung should know better.
All of those searches retrieve unsecured webcams online.
I wouldn't trust their "security" anyway. Would you ?
Moral of the story.....
Don't have cameras watching you from devices that can be online, streaming everything at a click of someones button.
[ reply to this | link to this | view in thread ]
Product Return
[ reply to this | link to this | view in thread ]
Think of the children............
[ reply to this | link to this | view in thread ]
Samsung's motives are always suspect
Samsung invested in a prototype and that is all the Smart TV is. DOA
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re: Re:
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
Re: not that exciting really
That being said, the solution is simple: keep the TVs with the built-in camera/mic out of your home.
[ reply to this | link to this | view in thread ]
Re: Re:
[ reply to this | link to this | view in thread ]
Re: Re: Re: Re:
[ reply to this | link to this | view in thread ]
Re: Re: Re: And the fix:
[ reply to this | link to this | view in thread ]
https://shop.verizon.com/buy/Monitoring-Energy-Saving/Home-Control/Verizon-Home-Monitoring- and-Control/cat30006
https://shop.verizon.com/buy/Wireless-Security-Camera/Home-Control/Verizon-H ome-Monitoring-and-Control/Indoor-Outdoor-Cameras/prod20008
Buy now while it's still voluntary!
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re: And the fix:
[ reply to this | link to this | view in thread ]
Re: Re:
[ reply to this | link to this | view in thread ]
Re: not that exciting really
[ reply to this | link to this | view in thread ]
Re:
Offcourse if they were really determined to invade privacy, i guess they could r&d on methods to conceal a second camera
In that scenario, god bless the hobbiests who like tearing into their technology to document online, the individual componants used in our technology
[ reply to this | link to this | view in thread ]
Re: Re:
"Look at the spec list, there are 4 HD camera devices included in the TV design specs, but only one of them is listed as the 'Audience viewing device', the other 3 are listed as:
Corporate Information Retrieval Device (do not access or warranty void)
Government Information Retrieval Device (do not access or warranty void)
Backup Information Retrieval Device (do not access or warranty void)
I wonder where those are and what information they are retrieving and for who?"
Patenting and copyrighting this so that when it happens, I can sue and collect my payday (that's what we are all waiting for right, being able to sue our way to being one of the 'rich elite').
[ reply to this | link to this | view in thread ]
Re: Re: And the fix:
[ reply to this | link to this | view in thread ]
Re: Samsung's motives are always suspect
The best use of 3D I've seen to date has to be video games. Try out a little Assassin's Creed in 3D before you write the entire thing off. Next Gen consoles + 3D TV's... you might see them take off.
[ reply to this | link to this | view in thread ]
Who needs all these "smart" features?
[ reply to this | link to this | view in thread ]
Re:
To the average consumer, this isn't a computer, it's a TV. So how could a TV have computer vulnerabilities? Getting hacked is something that happens to computers, not TVs, right? I don't know what Samsung's excuse is; they certainly know it's a computer.
[ reply to this | link to this | view in thread ]
Re: uhh install a firewall/router??
A) Other people have pointed it out. B) What percentage of internet users in the US do you suppose have a properly configured router, or have any idea how to configure one? I would be surprised if it's half.
[ reply to this | link to this | view in thread ]
Blackmail?
[ reply to this | link to this | view in thread ]
Re: Re: Samsung's motives are always suspect
Targeted Buyer
The person who can drop 3 to 6 grand on big screens for graphics. Everything displayed via compressed cable feed is just gravy.
[ reply to this | link to this | view in thread ]
I thought people were ok with this?
How many of you have cameras on your desktop machines that you leave plugged into the computer, which runs all day long?
Cameras on your personal tracking device )otherwise known as cell phones)?
Web cams are simply an open invitation to Big Brother (and hackers). I recall my initial instinctive reaction when I first heard of them in the 1990s was one of absolute disgust and bafflement that anyone could ever want such a privacy invasive toy. I didn't expect them to last long. Boy was I wrong...
I'm still no less baffled and disgusted than I was then.
So please explain why it's suddenly not OK to have them on your TV when you have them everywhere else?
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
umm ..
[ reply to this | link to this | view in thread ]
Add Your Comment