/LAS VEGAS — The next time you watch something on your Smart TV, beware, the television might be watching you too.
As in turns out, just like smartphones, Smart TVs can be hacked and compromised. On Thursday, at the Black Hat security conference, researchers Aaron Grattafiori and Josh Yavor demonstrated how they found vulnerabilities in different 2012 models of Samsung Smart TVs that allowed them to turn on the camera, take control of social media apps like Facebook orSkype, and access files and basically any app on the set.
“Because the TV only has a single user," Grattafiori explained to Mashable, "any type of compromise into an application or into Smart Hub, which is the operating system — the smarts of the TV — has the same permission as every user, which is, you can do everything and anything."
In other words, the hacker has your remote.
With Smart TVs getting more and more popular, 67 million models were sold in 2012, and that figure is expected to grow to 85 million this year, something like this can be a dangerous issue for many people and households.
The two researchers, who work for security firm iSEC Partners, started looking into these vulnerabilities in December of 2012, and reached out to Samsung in early January to alert it of the bugs. The company told CNN that it has issued patches that fix these holes, and it should now harder for hackers to compromise its Smart TVs.
Grattafiori and Yavor, however, believe that other other exploits could potentially be found to attack Samunsg as well as other vendor's Smart TVs.
The issue lies with the fact that apps on Samsung Smart TVs, like Skype or Facebook, are written in Javascript or HTML5 and vulnerable to traditional unsophisticated attacks that also take advantage of its APIs. It's using those bugs that Grattafiori and Yavor injected malicious code into chat messages or into the browser and remotely took control of the TV.
Once the TV is compromised, a hacker has full control and can spread its attack to the victim's contacts, effectively becoming a full-fledged Smart TV virus.
This is the first time that security researcher explain in detail how to compromise Smart TVs, although in December 2012, another group of researchers posted a video online showing how they got control of another model of Samsung Smart TV (these researchers didn't post the details of their exploit.)
Even if the security holes have been patched by Samsung, a consumer should still be careful, Grattafiori and Yavor said. The best way to avoid something like this is make sure to install all the updates, and avoid suspicious websites. If a consumer doesn't use any social media apps, but only uses his TV to passively consume apps like Netflix, according to Grattafiori, he or she should be relatively safe. Also, if the TV is completely unplugged from the Internet, there is no way in for an external attacker.
But sometimes, the best solution to avoid being spied on is an old-school, low-tech one.
"When in doubt," said Yavor, "there's always a piece of tape or a post it you can put on the camera."
Post a Comment