Related Links

  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Wii U gets Homebrew hack
    Ninetendo is betting big for the holidays with the new Wii U gaming console, a connected living room hub affair that, like the Xbox 360, aims to stake out a place in the home that goes far beyond simple gaming, by offering various online video options, video chat service and more. Now, hackers have retrofitted the Wii Homebrew Channel with an update allowing it to function on the Wii U—with potential consequences for piracy.
  • Critical infrastructure at risk from SCADA vulnerabilities
    SCADA software, used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and the like, is increasingly a target for hackers looking to exploit what appear to be growing numbers of vulnerabilities – giving rise to fears that critical infrastructure may be at risk.
  • Sony takes legal action against PlayStation 3 hackers
    Sony is taking legal action against a group of hackers that has uncovered the security codes for the PlayStation 3 gaming console.
  • Lawyers take lion’s share of students’ webcam spying lawsuit money
    The Lower Merion School District in suburban Philadelphia has settled two lawsuits brought by students who charged that they were victims of webcam spying by the district. The school district agreed to pay $610 000, mostly to the lawyers of the two students.
  • Lower Merion School District in voyeur scrape over webcam
    Administrators at Pennsylvania-based Harriton High School downloaded over 400 screenshots and webcam pictures of student Blake Robbins rather than the one or two previously estimated, according to a new motion filed in the court case between Robbins' family and the lower Merion School District. They also downloaded many images of other students, the District has admitted.

Top 5 Stories


Samsung Smart TV vulnerability gives hackers eyes and ears in the living room

14 December 2012

Watching TV is a great American pastime…but did you know that Samsung Smart TVs may actually be watching you back?

Researchers at the controversial Malta-based security consultant and exploit-seller ReVun have identified a vulnerability in the Linux-based Samsung LED 3D TVs that would allow hackers to hijack the boob tube and retrieve sensitive information, and monitor and root the device itself.

"If the attacker has full control of the TV...then he can do everything like stealing accounts to the worst scenario of using the integrated webcam and microphone to 'watch' the victim," Luigi Auriemma of ReVuln told the IDG News Service.

Smart TVs are of course connected to the Internet and offer users the ability to tap into Web-based apps like Facebook, Netflix, Hulu, YouTube, gaming and so on. Some of those apps require credit card entries, which are then available to the controlling hacker. Essentially, someone bent on invading the living room via the vulnerability can gain access to all the TV’s settings and channel lists, SecureStorage accounts, widgets and their configurations, ID and credentials, any USB drives attached to the TV and even the remote control—so hackers could change channels and adjust the volume from afar.

ReVuln is a recent entrant into the market for buying and selling bug and vulnerability information and mostly focuses on vulnerabilities in SCADA and ICS software that run utilities, industrial systems and the like.

"The vulnerability affects multiple models and generations of the devices produced by this vendor, so not just a specific model as tested in our lab at ReVuln," Auriemma said.

Samsung could tap ReVuln for the information in order to create a firmware upgrade to fix the hole, but there’s no guarantee that ReVuln will help without being paid to do so. Its business is finding vulnerabilities and zero-days and then selling the details to concerned (and it insists legitimate) companies.

ReVuln has been in the news lately after uncovering 20+ vulnerabilities in SCADA systems last month but refusing to report them to the companies affected. SCADA software is used for industrial control mechanisms in utilities, airports, nuclear facilities, manufacturing plants and critical infrastructure, and the situation sparked a discussion on disclosure vs. nondisclosure of exploitable security holes.

In this case, ReVuln said that it hasn’t notified Samsung of the issue.

This article is featured in:
Industry News  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×