Samsung’s Smart TV : hackers claim they can access its hard drive and seize control of built-in cameras
Samsung’s Smart TV could used by hackers to watch everything that happens in your living room by gaining access to the device’s built-in camera and microphones, it has been claimed.
Malta-based security firm ReVuln posted a video showing how its researchers had learned to crack the television to access its settings – including any personal information stored on it.
‘We can install malicious software to gain complete root access to the TV,’ they claim in the video. With such malware installed, hackers could use the Smart TV’s built-in microphones and camera to hear and see everything in front of it.
Samsung’s Smart TV can be used to browse the internet, use social networks, watch net-based commercial film streaming services and play online games, among other things, from the comfort of your sofa.
The devices can also be controlled by voice commands and gestures, using their microphones and cameras to detect what is happening in front of them. However, while the Smart TV’s are connected to the internet they are vulnerable to hackers who can access the device and access files stored on them. Luigi Auriemma, co-founder of ReVuln, says he has found a way to track down the IP address of the device and gain access to seize control and scour any drives connected to it. The video appears to show he is able to access remote files and information like the viewing history, as well as siphon data from USB drives attached to a compromised set. Mr Auriemma told Ars Technica: ‘At this point the attacker has complete control over the device. ‘So we are talking about applying custom firmwares, spying on the victim if camera and microphone are available, stealing any credential and account stored… on the device, using his own certificates when accessing https websites, and tracking any activity of the victim (movies, photos, music, and websites seen) and so on.
‘You become the TV.’ The research raises the possibility that owners of consumer devices connected to the Internet are exposing themselves to similar kinds of security threats that faced by users of personal computers, Ars Technica notes.
Devices from lighting systems to air conditioners to computer games consoles now rely on online functionality, but their operating systems often do not have the same kinds of security measures now commonly deployed on Microsoft and Apple powered devices. At the moment, ReVuln’s exploit only works once hackers have managed to breach the network which the television is connected to. As such, Mr Auriemma told NBC News, he expects the main danger is of hackers targeting specific companies or individuals. ‘In our opinion, it’s more interesting and realistic to think about attacks [against] specific targets reached via open/weak/hacked Wi-Fi or compromised computers of a network, instead of mass-exploiting via the Internet,’ he said. ‘That’s interesting due to the effects of the vulnerability (retrieving information and the possibility of monitoring) which are perfect for targeted attacks, from a specific person with a TV at home to a company with TVs in its offices.’ Revuln plans to sell information on the vulnerabilities to the highest bidder, the Register reported, claiming this will ‘speed up’ fixes faster than merely reporting them to the manufacturer. The company would not go into details about the flaws it has discovered.
The possibilities of such vulnerabilities are worrying with increasing numbers of consumer electronics devices being equipped with sensors, cameras and microphones to detect what is happening around them. Earlier this month it emerged that U.S. cable provider Verizon has applied to patent a set-top box technology that can observe what’s going on in the room and show viewers adverts based on what it detects. In U.S. Patent Application 20120304206 the company suggests it could detect when people are ‘cuddling’ then show ‘a commercial for a romantic getaway vacation, a commercial for a contraceptive, a commercial for flowers […] etc.’. Nick Pickles, director of privacy campaign group Big Brother Watch, said of that device: ‘Smart TVs with in-built cameras and microphones are a privacy nightmare waiting around the corner. ‘It is only a matter of time before technology using facial recognition, audio analysis and monitoring what you watch is common place. ‘What is essential is that consumers know exactly what they are buying and where the data is going.’ A spokesman for Samsung said: ‘We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TV’s released in 2011 and other connected devices. We assure our customers that our Smart TVs are safe to use. ‘We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.’