Feeds

back to article Samsung: Smart TV security hole is so minor we'll fix it immediately

Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January. Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, …

COMMENTS

This topic is closed for new posts.
Joke

Samsung modus operandi

They seem to be in the business of cutting corners.

(My Galaxy S phone with Cyanogenmod 9 experiences exactly the same apparently kernel memory leaks as the stock Gingerbread firmware. The gaping hole in the S2, S3, Note where RAM is opened to everyone without restriction. The above article. Just to mention a few non-hardware corners they've cut).

2
2
Anonymous Coward

Cheap TVs

For the masses, bit like own brand beans, they are OK but not great..

0
3
Coffee/keyboard

Re: Cheap TVs

Dunno about cheap. I've been shopping for a telly recently and a lot of these Samsung smart models are in the eye-wateringly expensive (for a normal person) price bracket. Even the comparatively cheap smart models are around the £4-500 mark. If you think that's a cheap TV for the masses then you're a lucky man.

1
0

Insecure Wireless on 2011 Samsung Smart TV's

I actually emailed the register early this year regarding my 2011 UE40D7000 which for some reason presents an encrypted access point whenever the features that allow you to access your tv over the network are enabled. It is important to note that this occurs despite the fact that my tv is hardwired to my network. After several very unproductive emails to samsung I finally managed to get them to admit that if anybody connected to this access point, they would also have access to my network. Now the access point it presents is encrypted, however should the key that samsung use or the way they generate the key was every released, anybody could connect to my network via the access point the tv presented, bypassing my own access point. Couple this with the vulnerability this article and you have the potential for an attacker to access your entire network, not just the tv's settings etc. Its worth noting that 2012 tv's have a separate option in the menu that allows you to turn off this access point. Clearly samsung are aware that their are other vulnerabilities in 2011 tv's however they will not be willing to fix these unless it makes the news.

0
0
Silver badge

Re: Insecure Wireless on 2011 Samsung Smart TV's

Where in the mess that is the menu system does it contain the option to turn this off?

" but it looks like UPnP or DLNA [Digital Living Network Alliance] issue to us"

More like a back-door wi-fi issue to me. If they can't access your network how can they slurp the data off an attached USB (unless this is a web page based malware attack?). After all, everyone NAT's to a private local network these days don't they? The only way* to connect to a device on your network is either to connect to the network itself, or hijack an outbound connection (from the TV in this instance).

*I'm assuming no-one has put any holes in their FW to allow inbound connections to the telly.

0
0
Anonymous Coward

@Sir Runcible Spoon - Re: Insecure Wireless on 2011 Samsung Smart TV's

But you will not be doing NAT anymore in IPv6 because it is not good for you :)

0
0

Re: Insecure Wireless on 2011 Samsung Smart TV's

The option i think is in the system menu, however it simply disables the ability to access the tv over a network via the samsung remote tv app. The access point is present even when the tv is hardwired, it is like the tv requires the android app to connect to the tv over some sort of adhock wireless connection directly to the tv.

0
0

Re: Insecure Wireless on 2011 Samsung Smart TV's

Oh and irrespective of poking holes in my firewall, should you be within the range of the build in ap within the tv, have the key that samsung use, or the method in which they generate that key, you can connect to the tv directly without need to go through your internet connection or access point. A pretty large fail in security in my opinion, however samsung wouldnt take the issue seriously, and publications such as the register didnt even seem to think it deemed any research.

0
0
Bronze badge
Alert

"And, let's face it, if it's electronic, someone will find a way to compromise it. ®"

They hacked me toothbrush, they did.

0
0
Anonymous Coward

Toothbrush! My doorbell was hacked and it doesn't have any batteries in it!

0
0
Joke

Pah, Toothbrushes, Doorbells, thats nothing.

Someone hacked my toaster to make it talk, and now it never shuts up asking if I want toast.

6
0
Go

Wasn't by any chance made by Crapola inc. of Taiwan was it?

0
0

It's no joke

I actually have a talking Breville Toastie Maker someone bought me as a wedding present; it does lame celebrity impressions ("Huw Edwards" making a snack-based pun anyone?) whilst it makes your toastie. Even as I type this I know it sounds like I'm taking the piss, but I assure you I'm not. And we even asked for no wedding presents as well...

0
0
Gav
Happy

Re: It's no joke

That actually sounds quite fun, and just perfect for some hacking mischief . There seriously is such a kitchen device?

0
0
Silver badge
Alert

Re: It's no joke

"There seriously is such a kitchen device?"

Certainly is. IIRC it was a set of three. I bought he kettle for an in-law. Not sure what the third one was after the toaster. Probably about 5-8 years ago, Debanhams IIRC.

0
0
Anonymous Coward

Can it, for example, turn on a camera

and snap you having a late-night wank to Babestation?

1
0
Joke

Re: Can it, for example, turn on a camera

If you're wanking to Babestation you've got bigger problems than a security hole in your Smart TV

9
0
Bronze badge

Re: Can it, for example, turn on a camera

Is the AC in fact Tom Brooker, as mentioned in this incisive article on Samsung smart TV's ?

http://www.thedailymash.co.uk/news/society/smart-tv-disgusted-by-owner-2012121954108

1
0
Silver badge

No!

Not...change the channel! Have these fiends no depths to which they will not sink?

3
0
Anonymous Coward

Not a good month for Samsung security issues.

0
0
Anonymous Coward

Sammy sic

"...We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TV’s (sic) are safe to use..."

Although I wouldn't ever use the "butcher's apostrophe" for a plural myself, strictly speaking it is allowable in that sentence as TV is an abbreviation.

0
0
Anonymous Coward

Re: Sammy sic

"Although I wouldn't ever use the "butcher's apostrophe" for a plural myself, strictly speaking it is allowable in that sentence as TV is an abbreviation."

R E A L L Y! Watch babestation much?

0
1
Devil

More like PCs every day?

Damn right; I've lost count of the number of times my Samsung has crashed (full hard reboot) on accessing BBC iPlayer. It's like Windows 9x all over again.

0
0
Silver badge

Re: More like PCs every day?

My LG smart TV has to occasionally reboot for updates[*], and I note my Android Galaxy Nexus phone now takes longer to boot than my Windows laptop. People sometimes criticise PCs saying they should be "more like electronic appliances", but the reality is that as the latter become computers, they acquire all of the annoyances of computers too.

(And as much as I love Android, the crash count is still higher than with Windows 7 these days, not to mention desktop Linux; similarly with other phone OSs too, they still seem less stable.)

[*] - It does let you choose when to do so.

0
0
Silver badge
FAIL

Shame these Smart TVs' updates tend to not be issued by the manufacturers that long. One or two updates are the norm, if you're lucky, and if there's a security vulnerability after that - tough. You don't even get an Android-style enthusiast community to provide ongoing software updates because all the software is proprietary rubbish.

This problem will only get worse.

1
0

Unimpressed With Samsung

Thought I was buying the best Samsung had to offer when I bought a UN46C8000 and matching BD-C6900. The TV was intermittent and required a new motherboard. The BD player quit playing BDs other than the one that came with it. Netflix on either gets confused spooling the feed and often flashes a black screen for a half second now and then. Fast forward to within a minute or two of the end and resume play will usually crash the TV.

Unimpressed. So I bought an iPhone. Can't help think if Samsung can not do better with their TV line that they are not going to do any better with their phones.

0
0
Anonymous Coward

Re: Unimpressed With Samsung

I'm quite impressed with my Samsung laptop (which coincidentally has BluRay). Unfortunately two of the USB ports are now fucked (magic smoke and all) but that is due to powering an attached device with a shitty Chinese PSU. (The device, a homebrew m68k board, survived. The USB-serial adapter connecting it, the Chinese PSU, and my laptop have components that exploded.)

I will, however, moan about the old A10 laptop (rebadged by RM and therefore found in schools, but possibly a rebadge in the first place). Very prone to broken power sockets.

There used to be a problem with power supplies in some Samsung TVs.

Does BluRay hardware need updates for new encryption keys on the latest discs? Not sure how BluRay copy protection works.

0
0
This topic is closed for new posts.