 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
| Samsung TV vulnerability could let a hacker change the ch. »www.pcworld.idg.com.au/article/4···channel/ from »www.linuxsecurity.com/content/view/158435
"A vulnerability present in many Samsung TVs could also allow an attacker to turn on its webcam, researchers say..."
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
|
|
TheMGPremium
join:2007-09-04
Canada
kudos:2 | It was only a matter of time before something like this happened.
What sucks for those who have purchased such TVs, is that now their only choice to be 100% secure is to disconnect the TV from the internet entirely, until a patch is made available to fix the vulnerability. Effectively their expensive "smart" TV has just become an ordinary TV.
Personally I'd rather my TV remain a simple display device and nothing more. Besides, what happens a few years down the road when the manufacturer stops supporting your model of "smart" TV? You're SOL, it's not like a PC where you can put any OS or software that you'd like.
I expect we'll see this sort of thing happen more and more, as more devices and appliances are being given "smart" functionality. |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
 ·Frontier Communi..
| said by TheMG:It was only a matter of time before something like this happened.
...Besides, what happens a few years down the road when the manufacturer stops supporting your model of "smart" TV? You're SOL, it's not like a PC where you can put any OS or software that you'd like.
... I expect we'll see this sort of thing happen more and more, as more devices and appliances are being given "smart" functionality. It's a manufacturer's dream. A device becomes obsolete and unusable simply by its maker dropping support whenever he wants... no matter the care a customer has exercised in maintaining and repairing it over the term of his ownership. If we, as customers, keep demanding and believing we can't live without certain "features" in products that then require ongoing manufacturer "support", we will see more and more of this. The fault ultimately lies with customers for signing on for products that make us completely vulnerable to such planned obsolescence. Why are we upset that manufacturers pull the trigger after we've bought their gun, handed it to them, and pointed it at ourselves? If a product has such obsolescence vulnerabilities designed-in, simply exercise buyer restraint and do without it. Manufacturers will of necessity track the buyer's market, wherever it moves.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
·CenturyLink
| reply to antdude
Looks like Mele20  's concerns were valid.
»Re: Job seekers getting asked for Facebook passwords
--
Don't feed trolls--it only makes them grow! |
|
| Indeed.
Time was I bought appliances with more features and happily paid a premium within reason. Now things have changed to the point I look for appliances with fewer features and less potential exposure. Sheesh. |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to Blackbird
said by Blackbird:It's a manufacturer's dream. A device becomes obsolete and unusable simply by its maker dropping support whenever he wants... Exactly. And if they see, that customers're becoming stubborn and don't want to go and buy a new model from them soon, they will start making and spreading viruses for their own devices (not directly, of course, but rather by contracting other companies). Then they'll start making money form developing anti-virus software for their devices and / or offering "protection plans" for users to subscribe... You think it's a conspiracy theory? No, it's just a business plan. Business as usual... 
--
Keep it simple, it'll become complex by itself... |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to goalieskates
said by goalieskates:Now things have changed to the point I look for appliances with fewer features and less potential exposure. Yup. I have a Samsung Blu-ray player that can connect to my wi-fi. That said I've verified that, when "off", it doesn't phone home.
Recently I bought a (wi-fi only) Android tablet. I didn't trust it either. Found out that even when "off" it remained connected via wi-fi. Eventually found the setting (set to the default) to disable that. Now it only connects (verified) when I ask it to.
In short if any device can connect to the internet don't trust it until it has been suitably "conditioned".
--
Don't feed trolls--it only makes them grow! |
|
BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3 Reviews:
·Frontier Communi..
| said by StuartMW:... In short if any device can connect to the internet don't trust it until it has been suitably "conditioned". Stop right at that point. I don't trust any device connected to the Internet, period. The Internet's a worldwide, unpoliced, wide-open, public network. Whyever would I agree to connect my TV, my radio, my camera, my stereo, my refrigerator, my thermostat, my alarm system, or whatever else to such a direct networked sewer-line of potential attack? Computers at least I can attempt to keep my eye upon and keep protected with a fair amount of direct personal effort and time. I don't need to face the same tasks with everything else I use. Any appliance features achievable only in an Internet-connected manner are features I can live quite nicely without. The older I get, the more I marvel at this lemming-like penchant in modern society for chasing after the latest, hyped features-d'jour that correspondingly open gaping doorways to all manner of hacking attacks, unwanted external manipulation, and manufacturing strategems for planned obsolescence. The day is fast approaching when the popular cry will be raised: "what were we thinking?!"
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | Well if there's no wi-fi connection then it's not connected--unless I enable it.
--
Don't feed trolls--it only makes them grow! |
|
 JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | Then, why pay more for a useless feature? I'm with BB on this one.
--
I'm not anti-social, I just don't like stupid people. |
|
 darciliciousCyber LibrarianPremium
join:2001-01-02
Forest Grove, OR
kudos:2 | How is wifi useless for a tablet??
--
♬ Music is life ♬ |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to Juggernaut
said by Juggernaut:Then, why pay more for a useless feature? I'm with BB on this one.
Sorry but I don't get the point.
If I have a gadget that has wi-fi/internet capability but don't leave it (the wi-fi) connected 24/7/365 but only turn it on when I want to use it how is that a "useless feature"?
--
Don't feed trolls--it only makes them grow! |
|
JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | reply to darcilicious
It's not, of course. BB was talking about appliances like fridges, microwaves, etc. Those can be differentiated from a dedicated device like a tablet.
--
I'm not anti-social, I just don't like stupid people. |
|
darciliciousCyber LibrarianPremium
join:2001-01-02
Forest Grove, OR
kudos:2 Reviews:
 ·Frontier FiOS
| BB was also responding to StuartMW who mentioned having a tablet where he "didn't trust it either. Found out that even when "off" it remained connected via wi-fi. Eventually found the setting (set to the default) to disable that. Now it only connects (verified) when I ask it to."
--
♬ Music is life ♬ |
|
JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | True, sorry for the confusion. I was responding to his post about the kitchen appliances.
--
I'm not anti-social, I just don't like stupid people. |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
2 edits | reply to Juggernaut
said by Juggernaut:BB was talking about appliances like fridges, microwaves, etc.
I took it as everything non-PC.
said by Blackbird:I don't trust any device connected to the Internet, period. It's true (IMO) that a TV/Blu-ray player/etc doesn't need to be connected to the internet. However these days many like to stream movies (e.g. Netflix) and/or music (e.g. Pandora) to their TV/Home Theater/whatever. Manufacturers therefore include that capability into those products. I personally don't stream stuff so the whole argument is mostly academic to me.
As for other appliances (fridge, microwave, toaster etc) I see no useful purpose for an internet connection to those.
--
Don't feed trolls--it only makes them grow! |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8
1 edit | reply to Juggernaut
said by Juggernaut:Then, why pay more for a useless feature? That's not how it works. Rather, you select a TV based on TV quality, and then you buy it with the internet features or you don't buy it at all.
That is, my N-year-old Samsung LCD had internet nonsense, period. I couldn't say "like that but no Internets, please" regardless of whether I was willing to pay more or less money.
Likely I could have found a worse-looking TV without internet features, but since my concern was the TV, that didn't seem like a good bargain.
It's no different from my TV having onboard games, "art gallery", ability to display photos, etc. It's not an option. Oh, how I long for the days when the "pointless electronic features" consisted merely of putting an utterly unnecessary digital clock into every toaster.
Probably my next TV will be a monitor, though last time I looked, they seemed to be more expensive than TVs. Very odd. Pay more to get less. |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10 | reply to antdude
My Samsung CRT is immune.  |
|
| reply to antdude
Such a vulnerability requires a TV that is directly accessible from the internet (public IP or specifically opened ports), or the hacker to have access to the local network.
Non-issue for 99.9999% of the people. |
|
TheMGPremium
join:2007-09-04
Canada
kudos:2 | said by cowboyro:Such a vulnerability requires a TV that is directly accessible from the internet (public IP or specifically opened ports), or the hacker to have access to the local network.
Non-issue for 99.9999% of the people.
The details of the vulnerability have not been described/released, so I'm not sure how you came to that conclusion.
It is possible to gain access to a computer by dropping a piece of malware onto it, by having the user visit an infected web page. This type of attack can potentially give the attacker full control, and does not require the device to have a public IP or to be wide open to the internet. Most consumer firewalls and routers are effective at stopping things from getting in, but quite poor at stopping things from getting out. The same method of attack might be possible on "smart" devices.
Anyways, the exact method in which this Smart TV attack works is all speculation at this point in time, so we can't be 99.999999% sure of anything. |
|
