Techdirt. Stories filed under "exploit"

Techdirt. Stories filed under "exploit" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "exploit"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Wed, 12 Dec 2012 15:02:00 PST Smart TV Exploit Means Hackers Can Watch You Watch TV Timothy Geigner http://www.techdirt.com/articles/20121212/10482321363/smart-tv-exploit-means-hackers-can-watch-you-watch-tv.shtml http://www.techdirt.com/articles/20121212/10482321363/smart-tv-exploit-means-hackers-can-watch-you-watch-tv.shtml spy on subscribers through their cable box as they watch TV, fold their laundry, or engage in coitus? There was quite an outcry at the time, even as Comcast said that the plan was only to have the cameras be able to recognize when different types or numbers of people were watching the tube. People just didn't feel comfortable with corporations being able to spy on them. As a result, Comcast backed away from the plan -- the people had defeated the corporation.

All, apparently, so that hackers could spy on them instead. At least, that's what some reports are saying about Samsung Smart TVs and an exploit that would allow hackers to snatch social media credentials, access any files or devices connected to the smart TV...oh, and to use the built in cameras to spy the hell out of people as they do whatever they do while watching television.

In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ("zero day") hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.

The group that reportedly discovered the vulnerability, ReVuln, proudly stated that they would not publish any information about what they'd uncovered except to paying subscribers because screw everyone else (not an actual quote). They also have a company policy, apparently, that would prevent them from working with Samsung directly on a fix or even to disclose the hole, leading me to reach the logical conclusion that Dr. Evil is apparently running that company.

Even more fun, thanks to how Samsung designed the product, chances are any fix that could be produced would be difficult to implement.

Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can't be patched without "voiding the device's warranty and using other exploits," ReVuln said.

The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.

In other words, customers get to wait around until Samsung can figure this thing out on their own, since ReVuln won't help them out by company policy, or risk voiding their warranty on their smart TV that has a complete lack of security features. Nicely done, everyone involved.

Permalink | Comments | Email This Story
]]> i-spy-with-my-little-eye http://www.techdirt.com/comment_rss.php?sid=20121212/10482321363 Fri, 1 Apr 2011 16:20:00 PDT Exploit On Hadopi Site Turns It Into Pirate Bay Supporter Mike Masnick http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml set up a page where Hadopi was promoting the Pirate Bay with an integrated search.

Of course, lots of sites end up with XSS vulnerabilities. It's often tough to avoid them (and yes, we've been caught with them a few at times). But, the reason why this is especially ironic is that part of Hadopi's position is that if you fail to secure your internet access point, you're still liable for the actions of users on that access point. Thus, it's not a stretch to argue that Hadopi is, by its own rules, liable for any infringement that may have occurred via its own site, right? Perhaps Hadopi should kick itself off the internet.

Permalink | Comments | Email This Story
]]> guilty-until-proven-innocent http://www.techdirt.com/comment_rss.php?sid=20110401/13241213732 Fri, 4 Dec 2009 14:07:51 PST Does It Make Sense To Ban Players From Xbox Live Just For Using A Glitch? Mike Masnick http://www.techdirt.com/articles/20091204/1138477208.shtml http://www.techdirt.com/articles/20091204/1138477208.shtml cutting off hundreds of thousands of Xbox Live players for using modded Xboxes -- even if there was no evidence they were used for cheating. This is already leading to talk of a class action lawsuit against Microsoft. Even so, Microsoft is now going even further, issuing temporary bans for all of Xbox Live for anyone using a certain "exploit" in Modern Warfare 2 that lets a player set off a grenade after they die in the game. It makes sense for Infinity Ward to create a fix for their own programming mistake, but it seems rather ridiculous for Microsoft to kick people out of the game for doing what the game actually allows. Why blame players for merely doing what is allowed by the game itself?

Permalink | Comments | Email This Story
]]> seems-a-bit-extreme http://www.techdirt.com/comment_rss.php?sid=20091204/1138477208 Fri, 10 Apr 2009 12:58:00 PDT Songwriter Claims He Was Exploited By Google... But A Few Seconds Of Logical Thinking Disproves That Mike Masnick http://www.techdirt.com/articles/20090410/1151284463.shtml http://www.techdirt.com/articles/20090410/1151284463.shtml Never Gonna Give You Up has come out saying that Google "exploited" him, because he earned a grand total of £11 last year, even while the video was a hit on YouTube.

There are probably more details here, because no one actually says how much Google paid overall. For example, part of the problem may simply be the deal that Waterman himself signed concerning his royalties. But, more to the point, it's not Google that's doing any exploiting at all. Here's the simple logic process to run through (which Waterman and all the folks supporting this PR stunt failed to do):

How much attention did Waterman's song get last year thanks to YouTube?
Fine, take away YouTube. How much attention would Waterman and his song have received last year

Yup. No one would be talking about Waterman or his song at all in the absence of YouTube and the rickrolling phenomenon. The only "exploiting" being done is now, by Waterman, because he got totally lucky in that a bunch of internet jokesters happened to pick his song (mainly for how bad it is) to use as part of an internet joke. He deserves to get paid for that? It could have just as easily been any other ridiculous pop hit in the 80s. And, if it had been, then no one would be talking or caring about Waterman at all.

Furthermore, it was never YouTube making use of the music, but it was all these people on the internet, adopting the meme. YouTube was just the platform they used for it. So, no, Waterman wasn't exploited by YouTube in the slightest, though he seems to have no trouble at all trying to exploit the fact that he got lucky and whine about it -- even though it's the only reason his name is now in the news again.

Permalink | Comments | Email This Story
]]> ok,-let's-work-this-through http://www.techdirt.com/comment_rss.php?sid=20090410/1151284463