Samsung (SSNLF)’s clever merging of a tablet-like operating system with a conventional TV to create “smart TVs” seems pretty cool, but device developers may have forgotten a pretty crucial detail for a major household appliance connected to the web–security.
Malta-based security researchers ReVuln found a creepy vulnerability in Samsung Smart TVs that could lead to a particularly invasive form of hacking. They detailed for The Security Ledger just how spooky things could get if hackers take advantage of the problem:
It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.
The Security Ledger mentions Skype cameras sold as accessories for the Smart TV as an example of equipment that could be used to spy on victims as they sit placidly eating popcorn and watching Netflix. They also point out that Smart TVs don’t have security at the moment, not even a basic firewall.
Barring access to Skype cameras, a hacker could at the very least use access to a compromised Smart TV to steal data used on social networks, such as login names and more importantly, passwords.
ReVuln has created a video demonstrating the problem, which you can watch below. They didn’t hesitated to double down on the unsettling nature of the security hole, titling the video, “The TV is watching you.”
[vimeo http://vimeo.com/55174958]