Samsung Smart TVs hit by remote camera activation flaw
Posted on 13 Dec 2012 at 09:55, by Gareth Halfacree
Samsung's latest Smart TV devices have a flaw which could lead to the TV watching you, with attackers able to activate attached cameras without a user's knowledge or consent.
A team of researchers from security firm ReVuln discovered the flaw, which allows for comprehensive access to the various features of Samsung's Smart TV products. An attacker can use the vulnerability to access username and password details for social networking sites associated with the device, copy data from storage devices attached to the TV, and even activate video cameras and microphones for sets that support video conferencing functionality.
The issue, the group claims, exists in all Samsung Smart TV sets running the latest firmware, and as yet no work-around exists for the problem. That said, protection measures commonly in place in a home - such as routers that use Network Address Translation (NAT) to prevent exposure of internal devices onto the internet - should help prevent mass exploitation of the flaw.
Samsung has yet to comment on the flaw, but its efforts to fix the problem may be hampered by ReVuln's business model: the company makes money by finding flaws in commercial products and then keeping the details to itself, demanding payment in exchange for information that would help companies to address the issues and update the software. While Samsung is likely to work towards fixing the problem itself, if it chooses not to meet ReVuln's demands it could take a significant length of time.
ReVuln's actions are in direct opposition to the commonly-accepted practice of 'responsible disclosure,' in which security researchers first release details of the problem to the company responsible for the software and allow them to develop and release a fix before going public with details that could result in attacks.
For now, those wishing to protect themselves fully should disconnect their Samsung Smart TV from the network when its internet-connected functionality is not being used.
Find a review
- Sony announces Bravia X9 4K TV prices for the UK
- Loewe Reference ID TVs launched, custom designs coming soon
- sub-£1000 Ultra HD TV launched by Seiki
- Sony confirms 4K TV prices, introduces FMP-X1 4K media streamer
- Toshiba’s 2013 A/V line-up for 2013 revealed
- Philips Design Line TV announced
- LG OLED TV available to pre-order for £9,999, ships in July
- Philips TVs priced and dated for 2013
- Philips 4K TV reveal expected by late August
- LG buys webOS from HP for Smart TV development