‘No physical access’ required for Samsung smart TV hack
samsung devices at risk

‘No physical access’ required for Samsung smart TV hack

Swiss security consultancy Oneconsult and Israeli software company Equus have demonstrated the ease with which Samsung devices can be hacked.

When it was revealed that the US Central Intelligence Agency (CIA) was able to monitor people through their smart Samsung televisions, some small sense of relief was to be found in the fact that any such operation required physical access to an older model from the South Korean manufacturer.

But two separate and more recent demonstrations from security researchers have shown that Samsung users are more vulnerable than first believed. There have now been two instances of professionals exploiting gaps in Samsung’s security. The first was demonstrated in February at the European Broadcasting Union Media Cyber Security Seminar by Oneconsult’s Rafael Scheel. The second occurred yesterday, at Kaspersky Lab’s Security Analyst Summit, with the help of Israeli researcher Amihai Neiderman.

Register for IoT & Device Security 2017

Samsung devices at risk

In February, Oneconsult’s Rafael Scheel demonstrated how terrestrial radio signals could be harnessed to hack a number of Smart TVs from Samsung. He used a cheap transmitter to embed malicious commands into a rogue TV signal, and was able to show how a hacker could gain access to several devices at the same time without needing physical access to any of them:

Scheel shows that security flaws in the web browsers on Samsung televisions leave the whole device open to attacks, and argued that there are similar browser bugs in other sets from a range of manufacturers.

In worrying news for Samsung and its customers, the most recent demonstration wasn’t exclusively targeted at the company’s televisions. Instead, the security flaw was found in the open-source Tizen software currently running on millions of Samsung devices, including cameras, printers, Blu-ray players and refrigerators. The potential risks were demonstrated by Neiderman, head of research at Equus Software.

He revealed 40 previously unknown vulnerabilities in the software, which has been pushed by Samsung as it seeks to reduce its dependency on Google and Android. These could potentially expose millions of recent Samsung televisions, watches and phones to remote attacks.

Speaking to Motherboard, Neiderman was damning in his verdict on Samsung’s security efforts to date. “It may be the worst code I’ve ever seen. Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”

“Tizen is going to be Samsung’s biggest thing. We might see the new Galaxies running Tizen, it could happen that soon. But right now Tizen is not safe enough for that.”

Read more: Businesses need more focus on smart device security, says Samsung

Litany of failures

Speaking exclusively to Internet of Business, Art Swift, president of open-source software advocate Prpl Foundation, pointed out that it was too soon to assess the severity of the discovery from Neiderman.

“However, if the industry reports are accurate,” he said, “there appear to be a litany of failures in the development process. Also, the failure of the vendor to respond forthrightly to the researcher’s findings with either a willingness to work with the researcher to find fixes, or to provide software patches directly, is quite concerning.

“In order to prevent such issues in the future, the not-for-profit prpl foundation is working with industry to develop ways to create a more secure IoT. The prpl security framework encourages peer review, properly signed software anchored in a hardware root of trust, the re-use of well-understood and widely used communications and security protocols and the use of security by separation to isolate vulnerabilities.”