Samsung Responds to Smart TV Hack, Promises January Security Patch
Samsung has talked down claims that a security hole in its Smart televisions can be exploited to give hackers access to all stored content, and even control of the integrated webcam.
The problem was discovered by Malta-based security company ReVuln, which claims it is able to take full control of a certain but unknown model in Samsung's Smart TV range, stealing all files stored internally, and those of any attached USB storage.
Samsung told IBTimes UK: "We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices.
"We assure our customers that our Smart TV's are safe to use. We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security.
"We recommend our customers to use encrypted wireless access points, when using connected devices."
IBTimes UK also contacted staff at ReVuln, who said: "We don't plan to report the issue to Samsung."
The vulnerability, shown off in a video uploaded by ReVuln (below), potentially would allow cyber-criminals to search USB drives connected to your TV for sensitive financial information, usernames and passwords; install malicious software, access the TV's SecureStorage accounts, and even watch and listen to viewers using built-in webcams and microphones.
ReVuln co-founder Luigi Auriemma told IDG News Service: "If the attacker has full control of the TV, then he can do everything - like stealing accounts to the worst scenario of using the integrated webcam and microphone to 'watch' the victim.
"The vulnerability affects multiple models and generations of the devices produced by this vendor, so not just a specific model as tested in our lab at ReVuln."
This isn't the first time Auriemma has found major security flaws with televisions. Back in April he came across a vulnerability in all current versions of Samsung TVs and Blu-ray players that would allow attackers to gain remote access. He added that the flaw could be found in all Samsung devices that use remote controllers.
Auriemma added: "We have tested different Samsung televisions of the latest generations running the latest version of their firmware. Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability."
Samsung is the smart TV market leader and sold two million units in the first three months of being on sale last year, and this is why ReVuln says it chose the Korean company's products to investigate.
"We plan to invest more time and effort on the home devices security in the near future testing the products of many other vendors and moreover finding new types of attacks and ways to use such vulnerabilities. The televisions are just the beginning."
© Copyright IBTimes 2024. All rights reserved.