Samsung has downplayed the significance of a data-leaking security bug in its Smart TVs, but promised to close the hole by January. Earlier this month Malta-based startup ReVuln said it had discovered a vulnerability that allows hackers to remotely copy data off USB drives connected to a Samsung TV LED 3D and other Smart TVs, …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 19th December 2012 17:25 GMT Uplink

Samsung modus operandi

They seem to be in the business of cutting corners.

(My Galaxy S phone with Cyanogenmod 9 experiences exactly the same apparently kernel memory leaks as the stock Gingerbread firmware. The gaping hole in the S2, S3, Note where RAM is opened to everyone without restriction. The above article. Just to mention a few non-hardware corners they've cut).

2 2
1. Wednesday 19th December 2012 18:08 GMT Anonymous Coward
  
  Cheap TVs
  
  For the masses, bit like own brand beans, they are OK but not great..
  
  0 3
  1. Wednesday 19th December 2012 22:13 GMT DF118
    
    Re: Cheap TVs
    
    Dunno about cheap. I've been shopping for a telly recently and a lot of these Samsung smart models are in the eye-wateringly expensive (for a normal person) price bracket. Even the comparatively cheap smart models are around the £4-500 mark. If you think that's a cheap TV for the masses then you're a lucky man.
    
    1 0
Wednesday 19th December 2012 17:29 GMT bouncy

Insecure Wireless on 2011 Samsung Smart TV's

I actually emailed the register early this year regarding my 2011 UE40D7000 which for some reason presents an encrypted access point whenever the features that allow you to access your tv over the network are enabled. It is important to note that this occurs despite the fact that my tv is hardwired to my network. After several very unproductive emails to samsung I finally managed to get them to admit that if anybody connected to this access point, they would also have access to my network. Now the access point it presents is encrypted, however should the key that samsung use or the way they generate the key was every released, anybody could connect to my network via the access point the tv presented, bypassing my own access point. Couple this with the vulnerability this article and you have the potential for an attacker to access your entire network, not just the tv's settings etc. Its worth noting that 2012 tv's have a separate option in the menu that allows you to turn off this access point. Clearly samsung are aware that their are other vulnerabilities in 2011 tv's however they will not be willing to fix these unless it makes the news.

0 0
1. Wednesday 19th December 2012 17:34 GMT Sir Runcible Spoon
  
  Re: Insecure Wireless on 2011 Samsung Smart TV's
  
  Where in the mess that is the menu system does it contain the option to turn this off?
  
  " but it looks like UPnP or DLNA [Digital Living Network Alliance] issue to us"
  
  More like a back-door wi-fi issue to me. If they can't access your network how can they slurp the data off an attached USB (unless this is a web page based malware attack?). After all, everyone NAT's to a private local network these days don't they? The only way* to connect to a device on your network is either to connect to the network itself, or hijack an outbound connection (from the TV in this instance).
  
  *I'm assuming no-one has put any holes in their FW to allow inbound connections to the telly.
  
  0 0
  1. Wednesday 19th December 2012 20:42 GMT Anonymous Coward
    
    @Sir Runcible Spoon - Re: Insecure Wireless on 2011 Samsung Smart TV's
    
    But you will not be doing NAT anymore in IPv6 because it is not good for you :)
    
    0 0
  2. Thursday 20th December 2012 15:56 GMT bouncy
    
    Re: Insecure Wireless on 2011 Samsung Smart TV's
    
    Oh and irrespective of poking holes in my firewall, should you be within the range of the build in ap within the tv, have the key that samsung use, or the method in which they generate that key, you can connect to the tv directly without need to go through your internet connection or access point. A pretty large fail in security in my opinion, however samsung wouldnt take the issue seriously, and publications such as the register didnt even seem to think it deemed any research.
    
    0 0
2. Thursday 20th December 2012 15:56 GMT bouncy
  
  Re: Insecure Wireless on 2011 Samsung Smart TV's
  
  The option i think is in the system menu, however it simply disables the ability to access the tv over a network via the samsung remote tv app. The access point is present even when the tv is hardwired, it is like the tv requires the android app to connect to the tv over some sort of adhock wireless connection directly to the tv.
  
  0 0
Wednesday 19th December 2012 17:43 GMT mIRCat

"And, let's face it, if it's electronic, someone will find a way to compromise it. ®"

They hacked me toothbrush, they did.

0 0
1. Wednesday 19th December 2012 18:09 GMT Anonymous Coward
  
  Toothbrush! My doorbell was hacked and it doesn't have any batteries in it!
  
  0 0
2. Wednesday 19th December 2012 18:36 GMT ElNumbre
  
  Pah, Toothbrushes, Doorbells, thats nothing.
  
  Someone hacked my toaster to make it talk, and now it never shuts up asking if I want toast.
  
  6 0
  1. Wednesday 19th December 2012 22:16 GMT DF118
    
    Wasn't by any chance made by Crapola inc. of Taiwan was it?
    
    0 0
  2. Thursday 20th December 2012 10:41 GMT Calum Morrison
    
    It's no joke
    
    I actually have a talking Breville Toastie Maker someone bought me as a wedding present; it does lame celebrity impressions ("Huw Edwards" making a snack-based pun anyone?) whilst it makes your toastie. Even as I type this I know it sounds like I'm taking the piss, but I assure you I'm not. And we even asked for no wedding presents as well...
    
    0 0
    1. Thursday 20th December 2012 13:16 GMT Gav
      
      Re: It's no joke
      
      That actually sounds quite fun, and just perfect for some hacking mischief . There seriously is such a kitchen device?
      
      0 0
      1. Friday 21st December 2012 22:32 GMT John Brown (no body)
        
        Re: It's no joke
        
        "There seriously is such a kitchen device?"
        
        Certainly is. IIRC it was a set of three. I bought he kettle for an in-law. Not sure what the third one was after the toaster. Probably about 5-8 years ago, Debanhams IIRC.
        
        0 0
Wednesday 19th December 2012 18:52 GMT Anonymous Coward

Can it, for example, turn on a camera

and snap you having a late-night wank to Babestation?

1 0
1. Wednesday 19th December 2012 18:58 GMT Markl2011
  
  Re: Can it, for example, turn on a camera
  
  If you're wanking to Babestation you've got bigger problems than a security hole in your Smart TV
  
  9 0
  1. Thursday 20th December 2012 10:22 GMT Great Bu
    
    Re: Can it, for example, turn on a camera
    
    Is the AC in fact Tom Brooker, as mentioned in this incisive article on Samsung smart TV's ?
    
    http://www.thedailymash.co.uk/news/society/smart-tv-disgusted-by-owner-2012121954108
    
    1 0
Wednesday 19th December 2012 19:20 GMT Stevie

No!

Not...change the channel! Have these fiends no depths to which they will not sink?

3 0
Wednesday 19th December 2012 21:27 GMT Anonymous Coward

Not a good month for Samsung security issues.

0 0
Thursday 20th December 2012 06:03 GMT Anonymous Coward

Sammy sic

"...We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TV’s (sic) are safe to use..."

Although I wouldn't ever use the "butcher's apostrophe" for a plural myself, strictly speaking it is allowable in that sentence as TV is an abbreviation.

0 0
1. Thursday 20th December 2012 09:35 GMT Anonymous Coward
  
  Re: Sammy sic
  
  "Although I wouldn't ever use the "butcher's apostrophe" for a plural myself, strictly speaking it is allowable in that sentence as TV is an abbreviation."
  
  R E A L L Y! Watch babestation much?
  
  0 1
Thursday 20th December 2012 10:46 GMT Calum Morrison

More like PCs every day?

Damn right; I've lost count of the number of times my Samsung has crashed (full hard reboot) on accessing BBC iPlayer. It's like Windows 9x all over again.

0 0
1. Thursday 20th December 2012 13:19 GMT Mark .
  
  Re: More like PCs every day?
  
  My LG smart TV has to occasionally reboot for updates[*], and I note my Android Galaxy Nexus phone now takes longer to boot than my Windows laptop. People sometimes criticise PCs saying they should be "more like electronic appliances", but the reality is that as the latter become computers, they acquire all of the annoyances of computers too.
  
  (And as much as I love Android, the crash count is still higher than with Windows 7 these days, not to mention desktop Linux; similarly with other phone OSs too, they still seem less stable.)
  
  [*] - It does let you choose when to do so.
  
  0 0
Thursday 20th December 2012 12:02 GMT dotdavid

Shame these Smart TVs' updates tend to not be issued by the manufacturers that long. One or two updates are the norm, if you're lucky, and if there's a security vulnerability after that - tough. You don't even get an Android-style enthusiast community to provide ongoing software updates because all the software is proprietary rubbish.

This problem will only get worse.

1 0
Thursday 20th December 2012 14:48 GMT David Kelly 2

Unimpressed With Samsung

Thought I was buying the best Samsung had to offer when I bought a UN46C8000 and matching BD-C6900. The TV was intermittent and required a new motherboard. The BD player quit playing BDs other than the one that came with it. Netflix on either gets confused spooling the feed and often flashes a black screen for a half second now and then. Fast forward to within a minute or two of the end and resume play will usually crash the TV.

Unimpressed. So I bought an iPhone. Can't help think if Samsung can not do better with their TV line that they are not going to do any better with their phones.

0 0
1. Thursday 20th December 2012 17:40 GMT Anonymous Coward
  
  Re: Unimpressed With Samsung
  
  I'm quite impressed with my Samsung laptop (which coincidentally has BluRay). Unfortunately two of the USB ports are now fucked (magic smoke and all) but that is due to powering an attached device with a shitty Chinese PSU. (The device, a homebrew m68k board, survived. The USB-serial adapter connecting it, the Chinese PSU, and my laptop have components that exploded.)
  
  I will, however, moan about the old A10 laptop (rebadged by RM and therefore found in schools, but possibly a rebadge in the first place). Very prone to broken power sockets.
  
  There used to be a problem with power supplies in some Samsung TVs.
  
  Does BluRay hardware need updates for new encryption keys on the latest discs? Not sure how BluRay copy protection works.
  
  0 0