A video released by Malta-based security firm ReVuln exposes potential vulnerabilities in an unspecified Samsung Smart TV.
Entitled “The TV is Watching You,” the clip demonstrates researchers manipulating TV settings, channel lists, firmware and connected USB drives to gain root access — effectively full control of the device.
Alarmingly, the team also showed they could exploit the remote-control pathway: by interfering with the remote or the TV’s configuration they were able to change channels and operate the set remotely.
ReVuln reported it was straightforward to install malicious software on the system and to alter camera and microphone settings (when those peripherals are present), enabling possible covert surveillance of users.
ReVuln’s business focuses on discovering software bugs and security gaps to sell to the affected companies or to other buyers, often working in areas such as SCADA (supervisory control and data acquisition).
During their investigation, the researchers demonstrated they could mount a compromised USB drive locally and search for sensitive files, including documents containing usernames and passwords.
Earlier this month Michael Lantz, CEO of Accedo, wrote for TelecomsTech about Smart TV trends in 2013, arguing that while mass-market Smart TVs first appeared in 2010, only recently has the technology matured enough to offer a compelling customer experience and the security and streaming quality needed for full pay-TV services.
This new ReVuln research raises questions about that claim. Samsung has issued a statement reassuring customers that their Smart TVs remain safe to use, as reported by NBC, but the findings suggest consumers and the industry should remain vigilant.
The ReVuln video below illustrates the techniques and potential impacts demonstrated by the researchers: