Who's Watching You? Samsung Smart TV Security Hole Opens Millions to Attack
Britain's hunger for internet-connected smart televisions is growing at an unprecedented rate, with 15 percent of Britons owning one, but a security hole discovered in Samsung's Smart TVs leaves them wide open to attack.
Cybercriminals could potentially take over webcams integrated or connected to your TV, as well as gaining access to any device connected to the television.
According to Ofcom, almost one-in-seven Britons own an internet-connected smart television, letting them surf the web, play media from connected USB drives, and make video calls with friends and family, but a security consultancy has found that all of these smart features can be taken over and controlled by hackers.
Malta-based researcher ReVuln has uploaded a video demonstrating how it has been able to hack into a Samsung Smart 3D TV over its internet connection and gain complete root access to the TV and any connected USB drives. Samsung is the market leader in connected smart TVs in the UK.
The vulnerability can allow criminals to search USB drives connected to your TV for sensitive financial information, usernames and passwords; install malicious software, access the TV's SecureStorage accounts, and even watch and listen to viewers using built-in webcams and microphones.
ReVuln co-founder Luigi Auriemma told IDG News Service: "If the attacker has full control of the TV, then he can do everything - like stealing accounts to the worst scenario of using the integrated webcam and microphone to 'watch' the victim.
"The vulnerability affects multiple models and generations of the devices produced by this vendor, so not just a specific model as tested in our lab at ReVuln."
This isn't the first time Auriemma has found major security flaws with televisions. Back in April he came across a vulnerability in all current versions of Samsung TVs and Blu-ray players that would allow attackers to gain remote access. He added that the flaw could be found in all Samsung devices that use remote controllers.
'Televisions are just the beginning'
Auriemma added: "We have tested different Samsung televisions of the latest generations running the latest version of their firmware. Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability."
Samsung is the smart TV market leader and sold two million units in the first three months of being on sale last year, and this is why ReVuln says it chose the Korean company's products to investigate.
"We plan to invest more time and effort on the home devices security in the near future testing the products of many other vendors and moreover finding new types of attacks and ways to use such vulnerabilities. The televisions are just the beginning."
ReVuln told IBTimes UK that it does not plan to tell Samsung about the exploit, so a possible fix may be some time off.
IBTimes UK has contacted Samsung for a comment but at the time of publication we haven't received a reply.
© Copyright IBTimes 2024. All rights reserved.