Security → Re: Samsung TV vulnerability could let a hacker change the ch.

The details of the vulnerability have not been described/released, so I'm not sure how you came to that conclusion.

It is possible to gain access to a computer by dropping a piece of malware onto it, by having the user visit an infected web page. This type of attack can potentially give the attacker full control, and does not require the device to have a public IP or to be wide open to the internet. Most consumer firewalls and routers are effective at stopping things from getting in, but quite poor at stopping things from getting out. The same method of attack might be possible on "smart" devices.

Anyways, the exact method in which this Smart TV attack works is all speculation at this point in time, so we can't be 99.999999% sure of anything.

Most TVs, including Samsung, don't have a web browser. Just vendor-supplied apps. So no infected page can be visited, the user can only access a handful of vendor-approved services. That leaves only one access avenue, and that is direct access.

But this TV has a web browser and this vulnerability is in that web browser.

ReVuln have released enough information to come to that conclusion, even if they haven't given out the whole details.

said by revuln on youtube :

---

In this video we demonstrate one of our 0-day vulnerabilities affecting Smart TV, in this case a Samsung TV LED 3D. Smart TV can be used to browse the internet, use social networks, purchase movies and do many other things. This demo shows how a vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device itself remotely.

Watch the video. The exploit is targeting the IP of the TV. That pretty much confirms what I said.

For starters, I would NEVER hook a TV up to the internet period....its stupid to do so...Why even bother with a Smart Tv anyways...if you want that kinda functionality, then just By an Xbox 360 or something (that also doubles as a set top box), has a web browser, is updated frequently, and will do pretty much what you want...

hooking a TV up to the internet is bad news...even if it is behind a router...TV that have cameras and microphones attached to them and being hooked up to the net still send packets out and talk to god knows who....the apps you could install may be spying on your TV watching habits and sending that data back somewhere....not to mention Samsung (or some app) could get access to the TV cam and mic and watch and listen to whats going on in your home...no thanks...

My sis just got a smart TV with all that crap in it...the 1st thing i told her was NEVER give it Internet Access period...Smart TV has the ability to spy on their users and the only way to stop it is to keep it disconnected from the Net.....so far she has heeded my advice...

I like the ability to use the DLNA capabilities to stream HD videos from my PC to the TV wirelessly.

My recently-purchased LG has DLNA, but oddly enough, no web browser or other "smart" apps. I had it connected for a while, since my NAS box has a DLNA server, but since I have an Asus OPlay the DLNA is largely redundant. It couldn't play as much as the OPlay could anyway.

Not all Samsung Smart TVs have a mike or camera. Mine doesn't. It does have a web browser that is very difficult to use without a Samsung keyboard remote. So, I don't use the web browser. I have the TV on the network though. Why would I purchase a Smart TV unless I intended to give it internet access? It would be a complete waste of money. I did waste $100 on the web browser but then Smart TVs were brand new in 2011 and I was curious. Only the lowest in the series came without the web browser anyway and then most were that horrible 3D crap...so there wasn't too much to choose from.