- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CSO - A smart TV is only as smart as the person controlling it. So if the person in control is a hacker, the owner could have a problem. Researchers at security consultancy ReVuln say some smart TVs are vulnerable to hacking.
It is another example of what experts say is the ever-expanding attack surface of devices that traditionally never faced the Internet, but are now "smart."
The researchers at the Malta-based company said they found a vulnerability in a number of smart TVs made by Samsung Electronics that gave them root access to the TV and any attached USB drives.
They posted a video titled "The TV is Watching You," which appears on a number of security vendor websites, including Kasperky Lab's Threatpost. While there is no voiceover, the video shows the researchers accessing the TV settings and channel lists, SecureStorage accounts, widgets and their configurations, the history of USB movies, the ID, firmware, whole partitions and any attached USB drives.
They were also able to retrieve the drive image, mount it locally and check for information like usernames, passwords, financial documents, or any other type of material on USB drives.
Luigi Auriemma of ReVuln told the IDG News Service that hackers could even use the integrated webcam and microphone to watch the victim. And he said the vulnerability is not confined to the single model that ReVuln tested.
"The vulnerability affects multiple models and generations of the devices produced by this vendor, so not just a specific model as tested in our lab at ReVuln," the report said.
Samsung did not respond to a request for comment, but ReVuln emailed a statement saying there is no firmware update yet, "as the details regarding this vulnerability have not been shared with the vendor."
The statement added that ReVuln has only tested Samsung, but said: "We think that other brands of TV may be affected by similar issues."
James Arlen, senior security consultant with Leviathan Security Group and a hacking expert, said the TV is just one example of the "Internet of Things" and other non-computer resources in homes that amount to "a huge new attack surface."
"I recently counted the number of IP addresses in my house and came up with all kinds of new things that require Internet access - not just the computers, game systems, tablets and music players, but also the bathroom scale, the thermostat and more," he said. "Televisions are one of many, but also the most likely to have lots of interconnection possibilities."
He said the problem is not new, noting that, "printers got smarter and became a threat," and that the number of smart devices continues to expand.
Dan Frye, general manager of services at MAD Security, agrees. "A common way to get into enterprise networks is through printers attached to the corporate network. A TV on the corporate net is really the same thing," he said. "In essence, you've got a computer inside some device, whether it be a printer, a TV, a toaster, the Coke machine, etc., and that computer is just as vulnerable to attacks as a normal computer would be."