Samsung TVs, Blu-ray vulnerable to eternal boot loop

Powered by SC Magazine

Not your typical remote control.

Samsung televisions and Blu-Ray players can be spun into continuous restart loops by deviants taking advantage of a remote control feature.

The devices could be made to restart every five seconds by setting fields such as MAC addresses to long strings.

This would trigger the crashing loop, which occurred too rapidly for hapless victims to intervene using their remote controllers.

This is not a simple temporary denial of service,” security researcher Luigi Auriemma wrote on a public disclosure. “The TV is just impossible to be used and reset.”

It was unclear if the attack, tested over a local network, was possible via the internet but Auriemma notes that more than 40 TCP ports were opened on the Samsung D6000 TV.

He told SC Magazine that realistic scenario would consist of an attacker accessing poorly protected WiFi networks where "from that moment you can reach the TV directly".

Users wishing to return to normal viewing would need to manually intervene with the failing units and activate a service function, a feat possible within the five second boot loop.

Attackers would need only hope that victims would accept a prompt to allow a newly detected remote device.

The vulnerable remote controller feature worked by default on enabled Samsung entertainment devices.

It allowed the units to be controlled by iPads and Android devices using the Samsung Remote application available on iTunes and Google's Play stores.

Auriemma tested the attack on a fully patched Samsung D6000 TV but he said other units supported by the Samsung app may be vulnerable.

He suspected a buffer-overflow vulnerability was present in the devices but he was not prepared to debug the devices and risk “killing [his] poor TV”.

The proof of concept code for the attack was available on his website.

It was not the first attack on internet-enabled TVs. Researchers from security firm Mocana published a report (pdf) claiming it was possible to push fake credit card forms to TVs, redirect internet traffic to phish users and steal manufacturer keys, and tap backend services.

Earlier this month, a simple denial of service attack was found in a Sony Bravia TV. Gabriel Menezes Nune, a security expert with the Brazilian Navy, attacked her own TV -- a Latin American model -- using the Hping tool. That crashed the unit, preventing access to all functions until it turned off.

Copyright © SC Magazine, Australia

Samsung TVs, Blu-ray vulnerable to eternal boot loop
Top Stories
Windows 10 lands in Australia
Campaign to get business to upgrade kicks off.
NSW to build its own myGov
Service NSW digital profiles available by September.
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
Sign up to receive iTnews email bulletins
Latest Comments
Should law enforcement be able to buy and use exploits?

   |   View results
Only in special circumstances
Yes, but with more transparency