Samsung Smart TVs hit by remote camera activation flaw
Posted on 13 Dec 2012 at 09:55, by Gareth Halfacree
Samsung's latest Smart TV devices have a flaw which could lead to the TV watching you, with attackers able to activate attached cameras without a user's knowledge or consent.
A team of researchers from security firm ReVuln discovered the flaw, which allows for comprehensive access to the various features of Samsung's Smart TV products. An attacker can use the vulnerability to access username and password details for social networking sites associated with the device, copy data from storage devices attached to the TV, and even activate video cameras and microphones for sets that support video conferencing functionality.
The issue, the group claims, exists in all Samsung Smart TV sets running the latest firmware, and as yet no work-around exists for the problem. That said, protection measures commonly in place in a home - such as routers that use Network Address Translation (NAT) to prevent exposure of internal devices onto the internet - should help prevent mass exploitation of the flaw.
Samsung has yet to comment on the flaw, but its efforts to fix the problem may be hampered by ReVuln's business model: the company makes money by finding flaws in commercial products and then keeping the details to itself, demanding payment in exchange for information that would help companies to address the issues and update the software. While Samsung is likely to work towards fixing the problem itself, if it chooses not to meet ReVuln's demands it could take a significant length of time.
ReVuln's actions are in direct opposition to the commonly-accepted practice of 'responsible disclosure,' in which security researchers first release details of the problem to the company responsible for the software and allow them to develop and release a fix before going public with details that could result in attacks.
For now, those wishing to protect themselves fully should disconnect their Samsung Smart TV from the network when its internet-connected functionality is not being used.
Find a review
- Panasonic demos Freetime on new 2014 TV lineup
- Amazon signs up the BBC for Doctor Who, Sherlock and more on Prime Instant Video
- Samsung HU8500 curved Ultra HD TV released in the UK next week
- Google working on Android TV - the successor to Google TV you actually want?
- Tweet while you watch – Twitter buys 'Social TV' firms to further engage viewers
- Philips announces new 6000, 5000 and 4000 series TV ranges
- Panasonic releases Viera TVs, including UHD, Freetime and the ability to stream TV over the internet
- PS4 video capture capabilities boosted in next firmware update
- LG: watching 3D films at home is growing in popularity (again)
- Ditch your set top box? Panasonic brings Freetime to TVs