Samsung televisions and Blu-Ray players can be spun into continuous restart loops by deviants taking advantage of a remote control feature.
The devices could be made to restart every five seconds by setting fields such as MAC addresses to long strings.
This would trigger the crashing loop, which occurred too rapidly for hapless victims to intervene using their remote controllers.
“This is not a simple temporary denial of service,” security researcher Luigi Auriemma wrote on a public disclosure. “The TV is just impossible to be used and reset.”
It was unclear if the attack, tested over a local network, was possible via the internet but Auriemma notes that more than 40 TCP ports were opened on the Samsung D6000 TV.
He told SC Magazine that realistic scenario would consist of an attacker accessing poorly protected WiFi networks where "from that moment you can reach the TV directly".
Users wishing to return to normal viewing would need to manually intervene with the failing units and activate a service function, a feat possible within the five second boot loop.
Attackers would need only hope that victims would accept a prompt to allow a newly detected remote device.
The vulnerable remote controller feature worked by default on enabled Samsung entertainment devices.
It allowed the units to be controlled by iPads and Android devices using the Samsung Remote application available on iTunes and Google's Play stores.
Auriemma tested the attack on a fully patched Samsung D6000 TV but he said other units supported by the Samsung app may be vulnerable.
He suspected a buffer-overflow vulnerability was present in the devices but he was not prepared to debug the devices and risk “killing [his] poor TV”.
The proof of concept code for the attack was available on his website.
It was not the first attack on internet-enabled TVs. Researchers from security firm Mocana published a report (pdf) claiming it was possible to push fake credit card forms to TVs, redirect internet traffic to phish users and steal manufacturer keys, and tap backend services.
Earlier this month, a simple denial of service attack was found in a Sony Bravia TV. Gabriel Menezes Nune, a security expert with the Brazilian Navy, attacked her own TV -- a Latin American model -- using the Hping tool. That crashed the unit, preventing access to all functions until it turned off.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.