Samsung Smart TVs hit by remote camera activation flaw
Posted on 13 Dec 2012 at 09:55, by Gareth Halfacree
Samsung's latest Smart TV devices have a flaw which could lead to the TV watching you, with attackers able to activate attached cameras without a user's knowledge or consent.
A team of researchers from security firm ReVuln discovered the flaw, which allows for comprehensive access to the various features of Samsung's Smart TV products. An attacker can use the vulnerability to access username and password details for social networking sites associated with the device, copy data from storage devices attached to the TV, and even activate video cameras and microphones for sets that support video conferencing functionality.
The issue, the group claims, exists in all Samsung Smart TV sets running the latest firmware, and as yet no work-around exists for the problem. That said, protection measures commonly in place in a home - such as routers that use Network Address Translation (NAT) to prevent exposure of internal devices onto the internet - should help prevent mass exploitation of the flaw.
Samsung has yet to comment on the flaw, but its efforts to fix the problem may be hampered by ReVuln's business model: the company makes money by finding flaws in commercial products and then keeping the details to itself, demanding payment in exchange for information that would help companies to address the issues and update the software. While Samsung is likely to work towards fixing the problem itself, if it chooses not to meet ReVuln's demands it could take a significant length of time.
ReVuln's actions are in direct opposition to the commonly-accepted practice of 'responsible disclosure,' in which security researchers first release details of the problem to the company responsible for the software and allow them to develop and release a fix before going public with details that could result in attacks.
For now, those wishing to protect themselves fully should disconnect their Samsung Smart TV from the network when its internet-connected functionality is not being used.
Find a review
- No Apple television set until at least 2015, but A7-powered set-top box could arrive next year
- Pioneer TVs to return to Europe, but don't expect a new Kuro plasma
- Panasonic ceases plasma TV production
- Wuaki.tv launches on Panasonic smart TVs
- Panasonic could end plasma TV production next year
- Watch LoveFilm on a 2010 Samsung TV? Amazon might send you a free Blu-ray player
- Sony Smart Stick confirmed as Google TV-equipped Chromecast rival
- Samsung S9C 55in OLED TV review - First Look at Multi-view
- Virgin Media raises the curtain on Netflix for TiVo
- LG Gallery OLED TV review - hands on