Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps 166
chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."
Smart is as smart does (Score:5, Insightful)
1984 has finally arrived ... (Score:5, Insightful)
Re:Smart is as smart does (Score:3, Insightful)
Much like modern Windows, the problem isn't so much the kernel but the really retarded user land stuff. It doesn't matter if you are running VMS or Unix if you insist on engaging on Microsoft style stupidity with your apps.
Re: Yep. (Score:5, Insightful)
Real nerds wouldn't buy a smart tv since all those apps are outdated as soon as you buy it, rarely get updated, and have limited functionality. Real nerds would build a HTPC.
You all missed the point (Score:5, Insightful)
Shut up and get to work porting XBMC to it already.
Re:Smart is as smart does (Score:5, Insightful)
Retarded is buying a camera in your TV and only THEN worrying about privacy.
Incredibly stupid is as stupid does (Score:5, Insightful)
Since they have a range of voip phones that crash if you do a simple portscan and they still sell phone switchboard systems that by default can be accessed by telnet with no password I disagree.
There are enough people in that place that do not care about computer security that it comes as no surprise that another wide open box has come out of there. Don't get me wrong, they do have some good stuff, but there's a lack of oversight and if the guys at the bottom of the tree don't care about something there's nobody giving them orders to care.
Re:Incredibly stupid is as stupid does (Score:2, Insightful)
We need some regulations about not following basic industry standards. Telnet access with no password? That's a fine and people can sue you if they get exploited from the issue.